Merge pull request #33 from szarouski/feature/improve-vulnerability-i…

…gnoring Improve vulnerability ignoring (RetireJS/retire.js#67).
RetireJS · Aug 29, 2016 · b9c115e · b9c115e
2 parents d3901b7 + 3e0ce68
commit b9c115e
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -51,7 +51,8 @@ Example configuration below shows default option values and the correct syntax t
          nodeRepository: 'https://raw.github.com/RetireJS/retire.js/master/repository/npmrepository.json',
          outputFile: './retire-output.json',
          ignore: 'documents,java',
-         ignorefile: '.retireignore' /** list of files to ignore **/
+         /** list of files to ignore **/
+         ignorefile: '.retireignore' //or '.retireignore.json'
       }
     }
 ```
@@ -106,7 +107,7 @@ Node repository loaded from: https://raw.github.com/RetireJS/retire.js/master/re
 
 
 
-## Example output when no vulnerabilities is found
+## Example output when no vulnerabilities are found
 ```
 ➜  grunt-retire git:(master) ✗ grunt retire
 Running "retire:jsPath" (retire) task

diff --git a/package.json b/package.json
@@ -22,7 +22,7 @@
   "scripts": {
   },
   "dependencies": {
-    "retire": "~1.1.x",
+    "retire": "~1.2.x",
     "async": "~1.5.x",
     "request": "~2.67.x"
   },
@@ -47,6 +47,10 @@
     {
       "name": "Erlend Oftedal",
       "email": "erlend@oftedal.no"
+    },
+    {
+      "name": "Sergey Zarouski",
+      "email": "sergey@webuniverse.io"
     }
   ]
 }
diff --git a/tasks/retire.js b/tasks/retire.js
@@ -21,7 +21,7 @@ module.exports = function (grunt) {
       var vulnsFound = false;
       var filesSrc = this.filesSrc;
       var request = req;
-      var defaultIgnoreFile = '.retireignore';
+      var defaultIgnoreFiles = ['.retireignore', '.retireignore.json'];
       var output = {};
       var scanedFile;
 
@@ -45,7 +45,7 @@ module.exports = function (grunt) {
       // Merge task-specific and/or target-specific options with these defaults.
       var options = this.options({
          verbose: true,
-         packageOnly: false, 
+         packageOnly: false,
          jsRepository: 'https://raw.github.com/RetireJS/retire.js/master/repository/jsrepository.json',
          nodeRepository: 'https://raw.github.com/RetireJS/retire.js/master/repository/npmrepository.json',
          logger: grunt.log.writeln,
@@ -58,8 +58,12 @@ module.exports = function (grunt) {
          options.cachedir = path.resolve(os.tmpdir(), '.retire-cache/');
       }
       var ignores = options.ignore ? options.ignore.split(',') : [];
-      options.ignore = [];
-      if (!options.ignorefile && grunt.file.exists(defaultIgnoreFile)) {
+      options.ignore = { paths : [], descriptors: [] };
+      var defaultIgnoreFile = defaultIgnoreFiles.find(function (x) {
+         return fs.existsSync(x);
+      });
+
+      if (!options.ignorefile && defaultIgnoreFile) {
         options.ignorefile = defaultIgnoreFile;
       }
 
@@ -68,12 +72,24 @@ module.exports = function (grunt) {
           grunt.log.error('Error: Could not read ignore file: ' + options.ignorefile);
           process.exit(1);
         }
-        var lines = fs.readFileSync(options.ignorefile).toString().split(/\r\n|\n/g).filter(function(e) { return e !== ''; });
-        var ignored = lines.map(function(e) { return e[0] === '@' ? e.slice(1) : path.resolve(e); });
-        options.ignore = options.ignore.concat(ignored);
+        var ignored;
+        if (options.ignorefile.substr(-5) === ".json") {
+           ignored = JSON.parse(fs.readFileSync(options.ignorefile).toString());
+           options.ignore.descriptors = ignored;
+           var ignoredPaths = ignored.map(function (x) {
+              return x.path;
+           }).filter(function (x) {
+              return x;
+           });
+           options.ignore.paths = options.ignore.paths.concat(ignoredPaths);
+        } else {
+           var lines = fs.readFileSync(options.ignorefile).toString().split(/\r\n|\n/g).filter(function(e) { return e !== ''; });
+           ignored = lines.map(function(e) { return e[0] === '@' ? e.slice(1) : path.resolve(e); });
+           options.ignore.paths = options.ignore.paths.concat(ignored);
+        }
       }
 
-      ignores.forEach(function(e) { options.ignore.push(e); });
+      ignores.forEach(function(e) { options.ignore.paths.push(e); });
       logger.verbose("Ignoring " + JSON.stringify(options.ignore));
 
       // log (verbose) options before hooking in the reporter