Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
Total | |
0.00% |
0 / 1 |
|
0.00% |
0 / 2 |
CRAP | |
0.00% |
0 / 38 |
ComposerSecurityCheck | |
0.00% |
0 / 1 |
|
0.00% |
0 / 2 |
90 | |
0.00% |
0 / 38 |
getDefaultGroupName() | |
0.00% |
0 / 1 |
6 | |
0.00% |
0 / 7 |
|||
run() | |
0.00% |
0 / 1 |
56 | |
0.00% |
0 / 31 |
<?php | |
namespace Environaut\Checks; | |
use Environaut\Checks\Check; | |
use SensioLabs\Security\SecurityChecker; | |
/** | |
* The SensioLabs Security Checker is a command line tool that checks if your application | |
* uses dependencies with known security vulnerabilities. It uses the SensioLabs Security | |
* Check Web service and the Security Advisories Database behind the scenes. | |
*/ | |
class ComposerSecurityCheck extends Check | |
{ | |
/** | |
* Returns the default group name this check uses when none is specified. | |
* | |
* @return string default group name of the check | |
*/ | |
public function getDefaultGroupName() | |
{ | |
if ($this->group !== self::DEFAULT_GROUP_NAME) { | |
return $this->group; | |
} | |
return 'Security'; | |
} | |
/** | |
* @throws \RuntimeException in case of curl missing, file not found, server not responding etc. | |
* @throws \InvalidArgumentException in case of wrong format parameter | |
*/ | |
public function run() | |
{ | |
$output = $this->getOutputStream(); | |
$file = $this->parameters->get('file', 'composer.lock'); | |
$format = $this->parameters->get('format', 'text'); | |
$silent = $this->parameters->get('silent', true); | |
$checker = new SecurityChecker(); | |
if (!$silent) { | |
$output->write('Checking "' . $file . '" for known security vulnerabilities...'); | |
} | |
try { | |
$alerts = $checker->check($file, $format); | |
} catch (\Exception $e) { | |
throw new \RuntimeException('Failure while running '. __CLASS__ . ': ' . $e->getMessage()); | |
} | |
if (!$silent) { | |
$output->writeln('done.'); | |
} | |
if (!$silent && $checker->getLastVulnerabilityCount() > 0) { | |
$output->writeln('Number of found known vulnerabilities: ' . $checker->getLastVulnerabilityCount()); | |
} | |
if ($checker->getLastVulnerabilityCount() > 0) { | |
$this->addError( | |
'Number of found known vulnerabilities after checking "' . $file . | |
'": ' . $checker->getLastVulnerabilityCount() | |
); | |
$this->addError($alerts); | |
} else { | |
$this->addInfo('No known vulnerabilities found after checking "' . $file . '".'); | |
} | |
} | |
} |