Skip to content

Commit

Permalink
feat: throw forbidden error when package is blocked by security policy
Browse files Browse the repository at this point in the history
  • Loading branch information
claudiahdz committed Aug 12, 2019
1 parent cf0c612 commit c88c666
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 11 deletions.
33 changes: 22 additions & 11 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ function pickManifest (packument, wanted, opts) {
const versions = Object.keys(packument.versions || {}).filter(v => {
return semver.valid(v, true)
})
const policyRestrictions = packument.policyRestrictions
const restrictedVersions = policyRestrictions
? Object.keys(packument.policyRestrictions.restrictedVersions) : []

function enjoyableBy (v) {
return !time || (
Expand All @@ -32,7 +35,7 @@ function pickManifest (packument, wanted, opts) {

let err

if (!versions.length) {
if (!versions.length && !restrictedVersions.length) {
err = new Error(`No valid versions available for ${packument.name}`)
err.code = 'ENOVERSIONS'
err.name = packument.name
Expand Down Expand Up @@ -98,16 +101,24 @@ function pickManifest (packument, wanted, opts) {
packument.versions[target]
)
if (!manifest) {
err = new Error(
`No matching version found for ${packument.name}@${wanted}${
opts.enjoyBy
? ` with an Enjoy By date of ${
new Date(opts.enjoyBy).toLocaleString()
}. Maybe try a different date?`
: ''
}`
)
err.code = 'ETARGET'
// Check if target is forbidden
const isForbidden = target && policyRestrictions && packument.policyRestrictions.restrictedVersions[target]
const pckg = `${packument.name}@${wanted}${
opts.enjoyBy
? ` with an Enjoy By date of ${
new Date(opts.enjoyBy).toLocaleString()
}. Maybe try a different date?`
: ''
}`

if (isForbidden) {
err = new Error(`Could not download ${pckg} due to policy violations.\n${packument.policyRestrictions.message}\n`)
err.code = 'E403'
} else {
err = new Error(`No matching version found for ${pckg}.`)
err.code = 'ETARGET'
}

err.name = packument.name
err.type = type
err.wanted = wanted
Expand Down
29 changes: 29 additions & 0 deletions test/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,25 @@ test('ETARGET if range does not match anything', t => {
t.done()
})

test('E403 if version is forbidden', t => {
const metadata = {
policyRestrictions: {
restrictedVersions: {
'2.1.0': { version: '2.1.0' }
}
},
versions: {
'1.0.0': { version: '1.0.0' },
'2.0.0': { version: '2.0.0' },
'2.0.5': { version: '2.0.5' }
}
}
t.throws(() => {
pickManifest(metadata, '2.1.0')
}, {code: 'E403'}, 'got correct error on match failure')
t.done()
})

test('if `defaultTag` matches a given range, use it', t => {
const metadata = {
'dist-tags': {
Expand Down Expand Up @@ -195,6 +214,16 @@ test('errors if metadata has no versions', t => {
t.done()
})

test('errors if metadata has no versions or restricted versions', t => {
t.throws(() => {
pickManifest({versions: {}, policyRestrictions: { restrictedVersions: {} }}, '^1.0.0')
}, {code: 'ENOVERSIONS'})
t.throws(() => {
pickManifest({}, '^1.0.0')
}, {code: 'ENOVERSIONS'})
t.done()
})

test('matches even if requested version has spaces', t => {
const metadata = {
versions: {
Expand Down

0 comments on commit c88c666

Please sign in to comment.