(source: MarketplaceSource)
| 478 | * 2. strictKnownMarketplaces (allowlist) - if set, source must be in the list |
| 479 | */ |
| 480 | export function isSourceAllowedByPolicy(source: MarketplaceSource): boolean { |
| 481 | // Check blocklist first (takes precedence) |
| 482 | if (isSourceInBlocklist(source)) { |
| 483 | return false |
| 484 | } |
| 485 | |
| 486 | // Then check allowlist |
| 487 | const allowlist = getStrictKnownMarketplaces() |
| 488 | if (allowlist === null) { |
| 489 | return true // No restrictions |
| 490 | } |
| 491 | |
| 492 | // Check each entry in the allowlist |
| 493 | return allowlist.some(allowed => { |
| 494 | // Handle hostPattern entries - match by extracted host |
| 495 | if (allowed.source === 'hostPattern') { |
| 496 | return doesSourceMatchHostPattern(source, allowed) |
| 497 | } |
| 498 | // Handle pathPattern entries - match file/directory .path by regex |
| 499 | if (allowed.source === 'pathPattern') { |
| 500 | return doesSourceMatchPathPattern(source, allowed) |
| 501 | } |
| 502 | // Handle regular source entries - exact match |
| 503 | return areSourcesEqual(source, allowed) |
| 504 | }) |
| 505 | } |
| 506 | |
| 507 | /** |
| 508 | * Format a MarketplaceSource for display in error messages |
no test coverage detected