From be0fa9a7d6f046f63d524e8ac36ec606cacae775 Mon Sep 17 00:00:00 2001 From: Chris Wilkinson Date: Mon, 30 Nov 2015 14:50:54 +0000 Subject: [PATCH 1/2] Check any Composer repository --- composer.json | 1 + validator.php | 44 ++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/composer.json b/composer.json index 3dca8ca65..f82bdbec9 100644 --- a/composer.json +++ b/composer.json @@ -2,6 +2,7 @@ "name": "sensiolabs/security-advisories", "description": "Database of known security vulnerabilities in various PHP projects and libraries", "require-dev": { + "composer/composer": "~1.0", "symfony/console": "~3.0", "symfony/yaml": "~3.0" }, diff --git a/validator.php b/validator.php index c76eccfd3..d63fb2a2f 100644 --- a/validator.php +++ b/validator.php @@ -8,6 +8,10 @@ } require $autoloader; +use Composer\Config; +use Composer\IO\NullIO; +use Composer\Repository\ComposerRepository; +use Composer\Repository\RepositoryInterface; use Symfony\Component\Console\Application; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Helper\ProgressBar; @@ -23,12 +27,16 @@ final class Validate extends Command { private $parser; + private $composerRepositories = array(); + private $composerConfig; public function __construct() { parent::__construct('validate'); $this->parser = new Parser(); + $this->composerConfig = new Config(false); + $this->composerConfig->merge(array('config' => array('cache-dir' => sys_get_temp_dir().'/php-security-advisories'))); } protected function execute(InputInterface $input, OutputInterface $output) @@ -84,7 +92,7 @@ protected function execute(InputInterface $input, OutputInterface $output) $data = $this->parser->parse(file_get_contents($file)); // validate first level keys - if ($keys = array_diff(array_keys($data), array('reference', 'branches', 'title', 'link', 'cve'))) { + if ($keys = array_diff(array_keys($data), array('reference', 'branches', 'title', 'link', 'cve', 'composer-repository'))) { foreach ($keys as $key) { $messages[$path][] = sprintf('Key "%s" is not supported.', $key); } @@ -109,10 +117,21 @@ protected function execute(InputInterface $input, OutputInterface $output) // Temporary expception for #161 - magento/magento2ce package is not provided by packagist if ('magento/magento2ce' != $composerPackage) { - $packagistUrl = sprintf('https://packagist.org/packages/%s.json', $composerPackage); + if (empty($data['composer-repository'])) { + $data['composer-repository'] = 'https://packagist.org'; + } + + $composerRepository = $this->getComposerRepository($data['composer-repository']); - if (404 == explode(' ', get_headers($packagistUrl)[0], 3)[1]) { - $messages[$path][] = sprintf('Invalid composer package'); + $found = false; + foreach ($composerRepository->search($composerPackage, RepositoryInterface::SEARCH_NAME) as $package) { + if ($package['name'] === $composerPackage) { + $found = true; + break; + } + } + if (!$found) { + $messages[$path][] = sprintf('Invalid composer package (not found in repository %s)', $data['composer-repository']); } } } @@ -229,6 +248,23 @@ protected function execute(InputInterface $input, OutputInterface $output) return count($messages); } + + private function getComposerRepository($uri) + { + if (!isset($this->composerRepositories[$uri])) { + $repository = new ComposerRepository( + array( + 'url' => $uri, + ), + new NullIO(), + $this->composerConfig + ); + + $this->composerRepositories[$uri] = $repository; + } + + return $this->composerRepositories[$uri]; + } } final class Validator extends Application From 89037a128668748f6e93884640ad741668d2b2d0 Mon Sep 17 00:00:00 2001 From: Chris Wilkinson Date: Tue, 31 Jan 2017 09:51:56 +0000 Subject: [PATCH 2/2] Allow composer-repository to be false --- magento/magento2ce/2016-07-19.yaml | 1 + validator.php | 9 ++++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/magento/magento2ce/2016-07-19.yaml b/magento/magento2ce/2016-07-19.yaml index ccfd5ffb9..1e36b24f2 100644 --- a/magento/magento2ce/2016-07-19.yaml +++ b/magento/magento2ce/2016-07-19.yaml @@ -9,3 +9,4 @@ branches: time: 2014-02-13 11:12:34 versions: ['>=2.1', '<2.2'] reference: composer://magento/magento2ce +composer-repository: false diff --git a/validator.php b/validator.php index d63fb2a2f..73dff643d 100644 --- a/validator.php +++ b/validator.php @@ -115,12 +115,11 @@ protected function execute(InputInterface $input, OutputInterface $output) $messages[$path][] = 'Reference composer package must match the folder name'; } - // Temporary expception for #161 - magento/magento2ce package is not provided by packagist - if ('magento/magento2ce' != $composerPackage) { - if (empty($data['composer-repository'])) { - $data['composer-repository'] = 'https://packagist.org'; - } + if (!isset($data['composer-repository'])) { + $data['composer-repository'] = 'https://packagist.org'; + } + if (!empty($data['composer-repository'])) { $composerRepository = $this->getComposerRepository($data['composer-repository']); $found = false;