diff --git a/__snapshots__/main_test.snap b/__snapshots__/main_test.snap index ba8b6c40..9af4fbe6 100755 --- a/__snapshots__/main_test.snap +++ b/__snapshots__/main_test.snap @@ -660,6 +660,101 @@ testdata/locks-one/yarn.lock: found 1 package Using db npm (%% vulnerabilities, including withdrawn - last updated %%) +--- + +[TestRun_Lockfile_AbsolutePath/#00 - 1] +Loaded the following OSV databases: + npm (%% vulnerabilities, including withdrawn - last updated %%) + +/testdata/locks-one/yarn.lock: found 1 package + Using db npm (%% vulnerabilities, including withdrawn - last updated %%) + + no known vulnerabilities found + +--- + +[TestRun_Lockfile_AbsolutePath/#00 - 2] + +--- + +[TestRun_Lockfile_AbsolutePath/#01 - 1] +Loaded the following OSV databases: + RubyGems (%% vulnerabilities, including withdrawn - last updated %%) + Packagist (%% vulnerabilities, including withdrawn - last updated %%) + npm (%% vulnerabilities, including withdrawn - last updated %%) + +/testdata/locks-many/Gemfile.lock: found 1 package + Using db RubyGems (%% vulnerabilities, including withdrawn - last updated %%) + + no known vulnerabilities found + +/testdata/locks-many/composer.lock: found 1 package + Using db Packagist (%% vulnerabilities, including withdrawn - last updated %%) + + no known vulnerabilities found + +/testdata/locks-many/yarn.lock: found 1 package + Using db npm (%% vulnerabilities, including withdrawn - last updated %%) + + no known vulnerabilities found + +--- + +[TestRun_Lockfile_AbsolutePath/#01 - 2] + +--- + +[TestRun_Lockfile_AbsolutePath/#02 - 1] +Loaded the following OSV databases: + +/testdata/locks-empty/Gemfile.lock: found 0 packages + + no known vulnerabilities found + +/testdata/locks-empty/composer.lock: found 0 packages + + no known vulnerabilities found + +/testdata/locks-empty/yarn.lock: found 0 packages + + no known vulnerabilities found + +--- + +[TestRun_Lockfile_AbsolutePath/#02 - 2] + +--- + +[TestRun_Lockfile_AbsolutePath/#03 - 1] +Loaded the following OSV databases: + npm (%% vulnerabilities, including withdrawn - last updated %%) + +/testdata/locks-insecure/my-package-lock.json: found 1 package + Using db npm (%% vulnerabilities, including withdrawn - last updated %%) + + ansi-html@0.0.1 is affected by the following vulnerabilities: + GHSA-whgm-jr23-g3j9: Uncontrolled Resource Consumption in ansi-html (https://github.com/advisories/GHSA-whgm-jr23-g3j9) + + 1 known vulnerability found in /testdata/locks-insecure/my-package-lock.json + +--- + +[TestRun_Lockfile_AbsolutePath/#03 - 2] + +--- + +[TestRun_Lockfile_AbsolutePath/#04 - 1] +{"results":[{"filePath":"/testdata/locks-one/yarn.lock","parsedAs":"yarn.lock","packages":[{"name":"balanced-match","version":"1.0.2","ecosystem":"npm","compareAs":"npm","vulnerabilities":[],"ignored":[]}]}]} +--- + +[TestRun_Lockfile_AbsolutePath/#04 - 2] +Loaded the following OSV databases: + npm (%% vulnerabilities, including withdrawn - last updated %%) + +/testdata/locks-one/yarn.lock: found 1 package + Using db npm (%% vulnerabilities, including withdrawn - last updated %%) + + --- [TestRun_ParseAsGlobal/#00 - 1] diff --git a/main.go b/main.go index b2bdf0fd..faa1ea4e 100644 --- a/main.go +++ b/main.go @@ -6,6 +6,7 @@ import ( "io" "os" "path/filepath" + "runtime" "slices" "strings" @@ -405,6 +406,10 @@ func (files lockfileAndConfigOrErrs) adjustExtraDatabases( } func parseLockfilePathWithParseAs(lockfilePathWithParseAs string) (string, string) { + if runtime.GOOS == "windows" && filepath.IsAbs(lockfilePathWithParseAs) { + return "", lockfilePathWithParseAs + } + if !strings.Contains(lockfilePathWithParseAs, ":") { return "", lockfilePathWithParseAs } diff --git a/main_test.go b/main_test.go index 5c18196a..f1c12a50 100644 --- a/main_test.go +++ b/main_test.go @@ -231,6 +231,53 @@ func TestRun_Lockfile(t *testing.T) { } } +func TestRun_Lockfile_AbsolutePath(t *testing.T) { + t.Parallel() + + testdataDir, err := filepath.Abs("./testdata") + + if err != nil { + t.Fatal(err) + } + + tests := []cliTestCase{ + { + name: "", + args: []string{filepath.Join(testdataDir, "locks-one")}, + exit: 0, + }, + { + name: "", + args: []string{filepath.Join(testdataDir, "locks-many")}, + exit: 0, + }, + { + name: "", + args: []string{filepath.Join(testdataDir, "locks-empty")}, + exit: 0, + }, + // parse-as + known vulnerability exits with error code 1 + { + name: "", + args: []string{"--parse-as", "package-lock.json", filepath.Join(testdataDir, "locks-insecure/my-package-lock.json")}, + exit: 1, + }, + // json results in non-json output going to stderr + { + name: "", + args: []string{"--json", filepath.Join(testdataDir, "locks-one")}, + exit: 0, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + testCli(t, tt) + }) + } +} + func TestRun_DBs(t *testing.T) { t.Parallel()