feat: Add optional indent param to jsonStringify helper (#479)

* feat: Add optional indent param to jsonStringify helper * Fix vulns * Revert "Fix vulns" This reverts commit 0c78860. * Add audit exception
razee-io · Apr 5, 2023 · 169b943 · 169b943
1 parent d0ec866
commit 169b943
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 4 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -10,7 +10,7 @@ before_install:
 
 script:
   # Audit npm packages. Fail build whan a PR audit fails, otherwise report the vulnerability and proceed.
-  - if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then npx audit-ci --low; else npx audit-ci --low || true; fi
+  - if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then npx audit-ci --config audit-ci.json; else npx audit-ci --config audit-ci.json || true; fi
   - npm run lint
   - npm test
   - docker build --rm -t "quay.io/razee/mustachetemplate:${TRAVIS_COMMIT}" .

diff --git a/audit-ci.json b/audit-ci.json
@@ -0,0 +1,16 @@
+{
+  "low": true,
+  "_allowlistInfo": [
+    {
+      "advisory": "GHSA-p8p7-x288-28g6",
+      "details": "The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP)",
+      "justification1": "Request package is deprecated and unlikely to receive updates.",
+      "justification2": "Application unaffected as it only talks to kubernetes, which can be asserted as not an attacker-controlled server.",
+      "expiry": "28 April 2023 00:00"
+    }
+  ],
+  "allowlist": [
+    "GHSA-p8p7-x288-28g6"
+  ],
+  "skip-dev": true
+}
diff --git a/src/handlebar-helpers.js b/src/handlebar-helpers.js
@@ -77,8 +77,8 @@ const helpers = {
     }
     return Buffer.from(data).toString('base64');
   },
-  jsonStringify: function (data, space) {
-    return JSON.stringify(data, null, space);
+  jsonStringify: function (data, space, indent = 0) {
+    return JSON.stringify(data, null, space).replace(/\n/g, '\n'+' '.repeat(indent));
   },
   jsonDoubleStringify: function (data, space) {
     // if you want to use this, you must use our strTemplate, and you must not put quotes around your template (ie. `my-field: {{ jsonStringify my-json }}` is valid but `my-field: "{{ jsonStringify my-json }}"` is not)

diff --git a/test/handlebar-helpers.js b/test/handlebar-helpers.js
@@ -429,10 +429,14 @@ describe('handlebar-helpers', function () {
       let ret = HandlebarHelper.jsonStringify({ 'a': { 'b': 80808, 'c': true }, 'd': 'efgh' });
       assert.equal('{"a":{"b":80808,"c":true},"d":"efgh"}', ret, 'should stringify json string properly');
     });
-    it('should create stringified json data with whitespace when given json data and using space param', function () {
+    it('should create stringified json data with whitespace when given json data and using the space param', function () {
       let ret = HandlebarHelper.jsonStringify({ 'a': { 'b': 80808, 'c': true }, 'd': 'efgh' }, 2);
       assert.equal('{\n  "a": {\n    "b": 80808,\n    "c": true\n  },\n  "d": "efgh"\n}', ret, 'should stringify json string and add whitespace properly');
     });
+    it('should create indented stringified json data with whitespace when given json data and using both the space and indent params', function () {
+      let ret = HandlebarHelper.jsonStringify({ 'a': { 'b': 80808, 'c': true }, 'd': 'efgh' }, 2, 2);
+      assert.equal('{\n    "a": {\n      "b": 80808,\n      "c": true\n    },\n    "d": "efgh"\n  }', ret, 'should stringify json string and add whitespace properly');
+    });
     it('should create stringified data when given string', function () {
       let ret = HandlebarHelper.jsonStringify('hello from the "test suite"');
       assert.equal('"hello from the \\"test suite\\""', ret, 'should stringify string properly');