diff --git a/lib/bundler/audit/configuration.rb b/lib/bundler/audit/configuration.rb index d08a1578..68cb6de3 100644 --- a/lib/bundler/audit/configuration.rb +++ b/lib/bundler/audit/configuration.rb @@ -68,15 +68,16 @@ def self.load(file_path) doc.root.children.each_slice(2) do |key,value| case key.value when 'ignore' - unless value.is_a?(YAML::Nodes::Sequence) + if value.is_a?(YAML::Nodes::Sequence) + unless value.children.all? { |node| node.is_a?(YAML::Nodes::Scalar) } + raise(InvalidConfigurationError,"'ignore' array in config file contains a non-String") + end + config[:ignore] = value.children.map(&:value) + elsif value.is_a?(YAML::Nodes::Mapping) raise(InvalidConfigurationError,"'ignore' key found in config file, but is not an Array") + else + config[:ignore] = [] end - - unless value.children.all? { |node| node.is_a?(YAML::Nodes::Scalar) } - raise(InvalidConfigurationError,"'ignore' array in config file contains a non-String") - end - - config[:ignore] = value.children.map(&:value) end end diff --git a/spec/configuration_spec.rb b/spec/configuration_spec.rb index 0923b45d..fcad5350 100644 --- a/spec/configuration_spec.rb +++ b/spec/configuration_spec.rb @@ -45,6 +45,12 @@ it { should be_a(described_class) } end + context 'when ignore contains and commented values' do + let(:path) { File.join(fixtures_dir,'ignore_contains_commented.yml') } + + it { should be_a(described_class) } + end + describe "when ignore contains non-strings" do let(:path) { File.join(fixtures_dir,'bad','ignore_contains_a_non_string.yml') } diff --git a/spec/fixtures/config/ignore_contains_commented.yml b/spec/fixtures/config/ignore_contains_commented.yml new file mode 100644 index 00000000..a58785e1 --- /dev/null +++ b/spec/fixtures/config/ignore_contains_commented.yml @@ -0,0 +1,4 @@ +--- +ignore: +# - CVE-123 +# - CVE-456 \ No newline at end of file