Skip to content

Commit a0101a6

Browse files
aduh95aduh95
committed
Handle security changes
1 parent e912b00 commit a0101a6

File tree

1 file changed

+34
-3
lines changed

1 file changed

+34
-3
lines changed

remark-lint-nodejs-yaml-comments.js

Lines changed: 34 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ const MAX_SAFE_SEMVER_VERSION = semverParse(
2020
);
2121
const validVersionNumberRegex = /^v\d+\.\d+\.\d+$/;
2222
const prUrlRegex = new RegExp("^https://github.com/nodejs/node/pull/\\d+$");
23+
const privatePRUrl = "https://github.com/nodejs-private/node-private/pull/";
2324

2425
const kContainsIllegalKey = Symbol("illegal key");
2526
const kWrongKeyOrder = Symbol("Wrong key order");
@@ -71,6 +72,30 @@ function invalidChangesKeys(change) {
7172
if (keys[index] !== changesExpectedKeys[index]) return true;
7273
}
7374
}
75+
function validateSecurityChange(file, node, change, index) {
76+
if ("commit" in change) {
77+
if (typeof change.commit !== "string" || isNaN(`0x${change.commit}`)) {
78+
file.message(
79+
`changes[${index}]: Ill-formed security change commit ID`,
80+
node
81+
);
82+
}
83+
84+
if (Object.keys(change)[1] === "commit") {
85+
change = { ...change };
86+
delete change.commit;
87+
}
88+
}
89+
if (invalidChangesKeys(change)) {
90+
const securityChangeExpectedKeys = [...changesExpectedKeys];
91+
securityChangeExpectedKeys[0] += "[, commit]";
92+
file.message(
93+
`changes[${index}]: Invalid keys. Expected keys are: ` +
94+
securityChangeExpectedKeys.join(", "),
95+
node
96+
);
97+
}
98+
}
7499
function validateChanges(file, node, changes) {
75100
if (!Array.isArray(changes))
76101
return file.message("`changes` must be a YAML list", node);
@@ -81,8 +106,14 @@ function validateChanges(file, node, changes) {
81106

82107
const isAncient =
83108
typeof change.version === "string" && change.version.startsWith("v0.");
84-
85-
if (!isAncient && invalidChangesKeys(change)) {
109+
const isSecurityChange =
110+
!isAncient &&
111+
typeof change["pr-url"] === "string" &&
112+
change["pr-url"].startsWith(privatePRUrl);
113+
114+
if (isSecurityChange) {
115+
validateSecurityChange(file, node, change, index);
116+
} else if (!isAncient && invalidChangesKeys(change)) {
86117
file.message(
87118
`changes[${index}]: Invalid keys. Expected keys are: ` +
88119
changesExpectedKeys.join(", "),
@@ -100,7 +131,7 @@ function validateChanges(file, node, changes) {
100131
file.message(`changes[${index}]: list of versions is not in order`, node);
101132
}
102133

103-
if (!isAncient && !prUrlRegex.test(change["pr-url"])) {
134+
if (!isAncient && !isSecurityChange && !prUrlRegex.test(change["pr-url"])) {
104135
file.message(
105136
`changes[${index}]: PR-URL does not match the expected pattern`,
106137
node

0 commit comments

Comments
 (0)