fix: fail-on with severity-threshold

snyk · Feb 25, 2020 · 8aea485 · 8aea485
1 parent 01e29dd
commit 8aea485
Show file tree

Hide file tree

Showing 4 changed files with 360 additions and 0 deletions.
diff --git a/test/acceptance/cli-fail-on.test.ts b/test/acceptance/cli-fail-on.test.ts
@@ -38,6 +38,11 @@ const patchableResult = getWorkspaceJSON(
   'patchable',
   'vulns-result.json',
 );
+const multiSeveritiesResult = getWorkspaceJSON(
+  'fail-on',
+  'multiple-severities',
+  'vulns-result.json',
+);
 
 // @later: remove this config stuff.
 // Was copied straight from ../src/cli-server.js
@@ -392,6 +397,22 @@ test('test project with no vulns and --fail-on=patchable --json', async (t) => {
   }
 });
 
+test('test project with multiple severities with upgrade and patch with --fail-on=patchable and --severity=high', async (t) => {
+  try {
+    server.setNextResponse(multiSeveritiesResult);
+    chdirWorkspaces('fail-on');
+    await cli.test('multiple-severities', {
+      failOn: 'upgradable',
+      severityThreshold: 'high',
+    });
+    t.fail('expected test to throw exception');
+  } catch (err) {
+    t.match(err, /Patchable issues/, 'should show patchable issues');
+    t.notMatch(err, /Issues to fix by upgrading/, 'should not show upgradable issues');
+    t.equal(err.code, 'VULNS', 'should throw exception');
+  }
+});
+
 // test invalid arg
 test('test project with --fail-on=invalid', async (t) => {
   try {

diff --git a/test/acceptance/workspaces/fail-on/multiple-severities/package-lock.json b/test/acceptance/workspaces/fail-on/multiple-severities/package-lock.json
diff --git a/test/acceptance/workspaces/fail-on/multiple-severities/package.json b/test/acceptance/workspaces/fail-on/multiple-severities/package.json
@@ -0,0 +1,10 @@
+{
+  "name": "upgradable-app",
+  "version": "1.0.0",
+  "description": "multiple severity vulns that are upgradable",
+  "dependencies": {
+    "yarn": "1.17.1",
+    "ms": "^1.0.0"
+  },
+  "devDependencies": {}
+}