Skip to content

Check any Composer repository #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
thewilkybarkid wants to merge 2 commits into from
Closed

Check any Composer repository #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
be0fa9a
Check any Composer repository
thewilkybarkid Nov 30, 2015
89037a1
Allow composer-repository to be false
thewilkybarkid Jan 31, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"name": "sensiolabs/security-advisories",
"description": "Database of known security vulnerabilities in various PHP projects and libraries",
"require-dev": {
"composer/composer": "~1.0",
"symfony/console": "~3.0",
"symfony/yaml": "~3.0"
},
Expand Down
1 change: 1 addition & 0 deletions magento/magento2ce/2016-07-19.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@ branches:
time: 2014-02-13 11:12:34
versions: ['>=2.1', '<2.2']
reference: composer://magento/magento2ce
composer-repository: false
47 changes: 41 additions & 6 deletions validator.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@
}
require $autoloader;

use Composer\Config;
use Composer\IO\NullIO;
use Composer\Repository\ComposerRepository;
use Composer\Repository\RepositoryInterface;
use Symfony\Component\Console\Application;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Helper\ProgressBar;
Expand All @@ -23,12 +27,16 @@
final class Validate extends Command
{
private $parser;
private $composerRepositories = array();
private $composerConfig;

public function __construct()
{
parent::__construct('validate');

$this->parser = new Parser();
$this->composerConfig = new Config(false);
$this->composerConfig->merge(array('config' => array('cache-dir' => sys_get_temp_dir().'/php-security-advisories')));
}

protected function execute(InputInterface $input, OutputInterface $output)
Expand Down Expand Up @@ -84,7 +92,7 @@ protected function execute(InputInterface $input, OutputInterface $output)
$data = $this->parser->parse(file_get_contents($file));

// validate first level keys
if ($keys = array_diff(array_keys($data), array('reference', 'branches', 'title', 'link', 'cve'))) {
if ($keys = array_diff(array_keys($data), array('reference', 'branches', 'title', 'link', 'cve', 'composer-repository'))) {
foreach ($keys as $key) {
$messages[$path][] = sprintf('Key "%s" is not supported.', $key);
}
Expand All @@ -107,12 +115,22 @@ protected function execute(InputInterface $input, OutputInterface $output)
$messages[$path][] = 'Reference composer package must match the folder name';
}

// Temporary expception for #161 - magento/magento2ce package is not provided by packagist
if ('magento/magento2ce' != $composerPackage) {
$packagistUrl = sprintf('https://packagist.org/packages/%s.json', $composerPackage);
if (!isset($data['composer-repository'])) {
$data['composer-repository'] = 'https://packagist.org';
}

if (!empty($data['composer-repository'])) {
$composerRepository = $this->getComposerRepository($data['composer-repository']);

if (404 == explode(' ', get_headers($packagistUrl)[0], 3)[1]) {
$messages[$path][] = sprintf('Invalid composer package');
$found = false;
foreach ($composerRepository->search($composerPackage, RepositoryInterface::SEARCH_NAME) as $package) {
if ($package['name'] === $composerPackage) {
$found = true;
break;
}
}
if (!$found) {
$messages[$path][] = sprintf('Invalid composer package (not found in repository %s)', $data['composer-repository']);
}
}
}
Expand Down Expand Up @@ -229,6 +247,23 @@ protected function execute(InputInterface $input, OutputInterface $output)

return count($messages);
}

private function getComposerRepository($uri)
{
if (!isset($this->composerRepositories[$uri])) {
$repository = new ComposerRepository(
array(
'url' => $uri,
),
new NullIO(),
$this->composerConfig
);

$this->composerRepositories[$uri] = $repository;
}

return $this->composerRepositories[$uri];
}
}

final class Validator extends Application
Expand Down