bug: yarn 2 lock file parsing issues snyk#56

regevbr · Apr 14, 2020 · 514ad7e · 514ad7e
1 parent 234a0d7
commit 514ad7e
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 7 deletions.
diff --git a/lib/parsers/yarn-utils.ts b/lib/parsers/yarn-utils.ts
@@ -2,13 +2,19 @@ import {YarnLockDep, YarnLockDeps} from './yarn-lock-parse-base';
 import {parseResolution} from '@yarnpkg/parsers';
 import {InvalidUserInputError} from '../errors';
 
+const PATCH_PLACEHOLDER = '@patch:';
+
 export type ParseResolution = typeof parseResolution;
 
 const lockFileKeyNormalizer = (resolutionParser: ParseResolution) => (key: string) => {
-    const normalizedKey = key
+    let normalizedKey = key
         .replace(/(#|::).*$/, '')
         .trim();
-    const fileProtocol = normalizedKey.match(/^(.+)@(file:.+)$/);
+    const patchIndex = normalizedKey.indexOf(PATCH_PLACEHOLDER);
+    if (patchIndex > -1) {
+        normalizedKey = normalizedKey.substr(patchIndex + PATCH_PLACEHOLDER.length);
+    }
+    const fileProtocol = normalizedKey.match(/^(.+)@((file|link|portal):.+)$/);
     if (fileProtocol) {
         return `${fileProtocol[1]}@${fileProtocol[2]}`;
     }
@@ -20,9 +26,13 @@ const lockFileKeyNormalizer = (resolutionParser: ParseResolution) => (key: strin
     if (httpsProtocol) {
         return key;
     }
-    const resolution = resolutionParser(normalizedKey).descriptor;
-    const name = resolution.fullName;
-    const fullVersion = resolution.description;
+    const resolution = resolutionParser(normalizedKey);
+    const descriptor = resolution.descriptor;
+    const name = descriptor.fullName;
+    if (resolution.from) {
+        return key;
+    }
+    const fullVersion = descriptor.description;
     if (!fullVersion) {
         throw new InvalidUserInputError(`Unsupported lockfile resolution ${key}`);
     }

diff --git a/test/lib/yarn-utils.test.ts b/test/lib/yarn-utils.test.ts
@@ -19,12 +19,22 @@ test('Should work for semver resolution with npm protocol and scope', async (t)
     t.deepEqual(key, [ '@types/istanbul-reports@^1.1.1'], 'Resolution is normalized');
 });
 
-test('Should work for fixed version', async (t) => {
+test('Should work for tag resolution with npm protocol', async (t) => {
+  const key = normalizer('body-parser@npm:latest');
+  t.deepEqual(key, [ 'body-parser@latest'], 'Resolution is normalized');
+});
+
+test('Should work for tag resolution with npm protocol and scope', async (t) => {
+    const key = normalizer('@types/istanbul-reports@npm:latest');
+    t.deepEqual(key, [ '@types/istanbul-reports@latest'], 'Resolution is normalized');
+});
+
+test('Should work for semver without protocol', async (t) => {
   const key = normalizer('[email protected]');
   t.deepEqual(key, [ '[email protected]'], 'Resolution is normalized');
 });
 
-test('Should work for fixed version and scope', async (t) => {
+test('Should work for semver with scope and without protocol', async (t) => {
   const key = normalizer('@types/[email protected]');
   t.deepEqual(key, [ '@types/[email protected]'], 'Resolution is normalized');
 });
@@ -39,7 +49,42 @@ test('Should work for git+ssh', async (t) => {
   t.deepEqual(key, [ 'body-parser@git+ssh://[email protected]/expressjs/body-parser.git#1.9.0"'], 'Resolution is normalized');
 });
 
+test('Should work for patch protocol', async (t) => {
+  const key = normalizer('fsevents@patch:fsevents@^1.2.7#builtin<compat/fsevents>');
+  t.deepEqual(key, [ 'fsevents@^1.2.7'], 'Resolution is normalized');
+});
+
+test('Should work for short github protocol with tag', async (t) => {
+  const key = normalizer('body-parser@expressjs/body-parser#1.9.0');
+  t.deepEqual(key, [ 'body-parser@expressjs/body-parser#1.9.0'], 'Resolution is normalized');
+});
+
+test('Should work for shor github protocol without tag', async (t) => {
+  const key = normalizer('body-parser@expressjs/body-parser');
+  t.deepEqual(key, [ 'body-parser@expressjs/body-parser'], 'Resolution is normalized');
+});
+
+test('Should work for short github protocol with tag', async (t) => {
+  const key = normalizer('body-parser@github:expressjs/body-parser#1.9.0');
+  t.deepEqual(key, [ 'body-parser@github:expressjs/body-parser#1.9.0'], 'Resolution is normalized');
+});
+
+test('Should work for shor github protocol without tag', async (t) => {
+  const key = normalizer('body-parser@github:expressjs/body-parser');
+  t.deepEqual(key, [ 'body-parser@github:expressjs/body-parser'], 'Resolution is normalized');
+});
+
 test('Should work for file protocol', async (t) => {
   const key = normalizer('shared@file:./some-file::locator=pkg-dev-deps-only%40workspace%3A.');
   t.deepEqual(key, [ 'shared@file:./some-file'], 'Resolution is normalized');
 });
+
+test('Should work for link protocol', async (t) => {
+  const key = normalizer('body-parser@link:../test2::locator=external-tarball%40workspace%3A.');
+  t.deepEqual(key, [ 'body-parser@link:../test2'], 'Resolution is normalized');
+});
+
+test('Should work for portal protocol', async (t) => {
+  const key = normalizer('body-parser@portal:../test2::locator=external-tarball%40workspace%3A.');
+  t.deepEqual(key, [ 'body-parser@portal:../test2'], 'Resolution is normalized');
+});