Raise errors for invalid values in the external config.

actions · Sep 21, 2022 · c4693c0 · c4693c0
1 parent eef7e39
commit c4693c0
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 11 deletions.
diff --git a/__tests__/config.test.ts b/__tests__/config.test.ts
@@ -133,3 +133,8 @@ test('it accepts an external configuration filename', async () => {
   const options = readConfig()
   expect(options.fail_on_severity).toEqual('critical')
 })
+
+test('it raises an error when given an unknown severity in an external config file', async () => {
+  setInput('config-file', './__tests__/fixtures/invalid-severity-config.yml')
+  expect(() => readConfig()).toThrow()
+})
diff --git a/__tests__/fixtures/invalid-severity-config.yml b/__tests__/fixtures/invalid-severity-config.yml
@@ -0,0 +1,3 @@
+fail-on-severity: 'so many zombies'
+deny-licenses:
+  - MIT
diff --git a/src/config.ts b/src/config.ts
@@ -3,7 +3,11 @@ import path from 'path'
 import YAML from 'yaml'
 import * as core from '@actions/core'
 import * as z from 'zod'
-import {ConfigurationOptions, SEVERITIES} from './schemas'
+import {
+  ConfigurationOptions,
+  ConfigurationOptionsSchema,
+  SeveritySchema
+} from './schemas'
 
 function getOptionalInput(name: string): string | undefined {
   const value = core.getInput(name)
@@ -22,10 +26,9 @@ export function readConfig(): ConfigurationOptions {
 }
 
 export function readInlineConfig(): ConfigurationOptions {
-  const fail_on_severity = z
-    .enum(SEVERITIES)
-    .default('low')
-    .parse(getOptionalInput('fail-on-severity'))
+  const fail_on_severity = SeveritySchema.parse(
+    getOptionalInput('fail-on-severity')
+  )
   const allow_licenses = getOptionalInput('allow-licenses')
   const deny_licenses = getOptionalInput('deny-licenses')
 
@@ -53,14 +56,15 @@ export function readConfigFile(filePath: string): ConfigurationOptions {
   } catch (error: unknown) {
     throw error
   }
-  const values = YAML.parse(data)
+  data = YAML.parse(data)
 
   // get rid of the ugly dashes from the actions conventions
-  for (const key of Object.keys(values)) {
+  for (const key of Object.keys(data)) {
     if (key.includes('-')) {
-      values[key.replace(/-/g, '_')] = values[key]
-      delete values[key]
+      data[key.replace(/-/g, '_')] = data[key]
+      delete data[key]
     }
   }
+  const values = ConfigurationOptionsSchema.parse(data)
   return values
 }
diff --git a/src/schemas.ts b/src/schemas.ts
@@ -1,6 +1,7 @@
 import * as z from 'zod'
 
 export const SEVERITIES = ['critical', 'high', 'moderate', 'low'] as const
+export const SeveritySchema = z.enum(SEVERITIES).default('low')
 
 export const ChangeSchema = z.object({
   change_type: z.enum(['added', 'removed']),
@@ -14,7 +15,7 @@ export const ChangeSchema = z.object({
   vulnerabilities: z
     .array(
       z.object({
-        severity: z.enum(['critical', 'high', 'moderate', 'low']),
+        severity: SeveritySchema,
         advisory_ghsa_id: z.string(),
         advisory_summary: z.string(),
         advisory_url: z.string()
@@ -32,7 +33,7 @@ export const PullRequestSchema = z.object({
 
 export const ConfigurationOptionsSchema = z
   .object({
-    fail_on_severity: z.enum(SEVERITIES).default('low'),
+    fail_on_severity: SeveritySchema,
     allow_licenses: z.array(z.string()).default([]),
     deny_licenses: z.array(z.string()).default([]),
     config_file: z.string().optional().default('false'),