Merge pull request #280 from actions/format-bugs

Fix display issues with versions and GHSAs

__tests__/filter.test.ts

@@ -3,7 +3,7 @@ import {Change, Changes} from '../src/schemas'
 import {
   filterChangesBySeverity,
   filterChangesByScopes,
-  filterOutAllowedAdvisories
+  filterAllowedAdvisories
 } from '../src/filter'
 
 let npmChange: Change = {
@@ -90,28 +90,34 @@ test('it properly filters changes by scope', async () => {
   expect(result).toEqual([npmChange, rubyChange])
 })
 
+test('it properly handles undefined advisory IDs', async () => {
+  const changes = [npmChange, rubyChange, noVulnNpmChange]
+  let result = filterAllowedAdvisories(undefined, changes)
+  expect(result).toEqual([npmChange, rubyChange, noVulnNpmChange])
+})
+
 test('it properly filters changes with allowed vulnerabilities', async () => {
   const changes = [npmChange, rubyChange, noVulnNpmChange]
 
-  let result = filterOutAllowedAdvisories(['notrealGHSAID'], changes)
+  let result = filterAllowedAdvisories(['notrealGHSAID'], changes)
   expect(result).toEqual([npmChange, rubyChange, noVulnNpmChange])
 
-  result = filterOutAllowedAdvisories(['first-random_string'], changes)
+  result = filterAllowedAdvisories(['first-random_string'], changes)
   expect(result).toEqual([rubyChange, noVulnNpmChange])
 
-  result = filterOutAllowedAdvisories(
+  result = filterAllowedAdvisories(
     ['second-random_string', 'third-random_string'],
     changes
   )
   expect(result).toEqual([npmChange, noVulnNpmChange])
 
-  result = filterOutAllowedAdvisories(
+  result = filterAllowedAdvisories(
     ['first-random_string', 'second-random_string', 'third-random_string'],
     changes
   )
   expect(result).toEqual([noVulnNpmChange])
 
   // if we have a change with multiple vulnerabilities but only one is allowed, we still should not filter out that change
-  result = filterOutAllowedAdvisories(['second-random_string'], changes)
+  result = filterAllowedAdvisories(['second-random_string'], changes)
   expect(result).toEqual([npmChange, rubyChange, noVulnNpmChange])
 })

src/filter.ts

@@ -51,12 +51,20 @@ export function filterChangesByScopes(
   return filteredChanges
 }
 
-export function filterOutAllowedAdvisories(
+/**
+ * Filter out changes that are allowed by the allow_ghsas config
+ * option. We want to remove these changes before we do any
+ * processing.
+ * @param ghsas - list of GHSA IDs to allow
+ * @param changes - list of changes to filter
+ * @returns a list of changes with the allowed GHSAs removed
+ */
+export function filterAllowedAdvisories(
   ghsas: string[] | undefined,
   changes: Changes
 ): Changes {
   if (ghsas === undefined) {
-    return []
+    return changes
   }
 
   const filteredChanges = changes.filter(change => {

src/main.ts

@@ -8,7 +8,7 @@ import {readConfig} from '../src/config'
 import {
   filterChangesBySeverity,
   filterChangesByScopes,
-  filterOutAllowedAdvisories
+  filterAllowedAdvisories
 } from '../src/filter'
 import {getDeniedLicenseChanges} from './licenses'
 import * as summary from './summary'
@@ -30,7 +30,7 @@ async function run(): Promise<void> {
 
     const minSeverity = config.fail_on_severity as Severity
     const scopedChanges = filterChangesByScopes(config.fail_on_scopes, changes)
-    const filteredChanges = filterOutAllowedAdvisories(
+    const filteredChanges = filterAllowedAdvisories(
       config.allow_ghsas,
       scopedChanges
     )
@@ -192,7 +192,7 @@ function renderScannedDependency(change: Change): string {
     } as const
   )[changeType]
 
-  return `${styles.color[color].open}${icon} ${change.manifest}@${change.version}${styles.color[color].close}`
+  return `${styles.color[color].open}${icon} ${change.name}@${change.version}${styles.color[color].close}`
 }
 
 function printScannedDependencies(changes: Changes): void {