/**
* @throws \RuntimeException in case of curl missing, file not found, server not responding etc.
* @throws \InvalidArgumentException in case of wrong format parameter
*/
public function run()
{
$output = $this->getOutputStream();
$file = $this->parameters->get('file', 'composer.lock');
$format = $this->parameters->get('format', 'text');
$silent = $this->parameters->get('silent', true);
$checker = new SecurityChecker();
if (!$silent) {
$output->write('Checking "' . $file . '" for known security vulnerabilities...');
}
try {
$alerts = $checker->check($file, $format);
} catch (\Exception $e) {
throw new \RuntimeException('Failure while running ' . __CLASS__ . ': ' . $e->getMessage());
}
if (!$silent) {
$output->writeln('done.');
}
if (!$silent && $checker->getLastVulnerabilityCount() > 0) {
$output->writeln('Number of found known vulnerabilities: ' . $checker->getLastVulnerabilityCount());
}
if ($checker->getLastVulnerabilityCount() > 0) {
$this->addError('Number of found known vulnerabilities after checking "' . $file . '": ' . $checker->getLastVulnerabilityCount());
$this->addError($alerts);
} else {
$this->addInfo('No known vulnerabilities found after checking "' . $file . '".');
}
}
/**
* Execute the console command.
*
* @return void
*/
public function fire()
{
$lockFile = $this->argument('lock');
try {
$data = $this->checker->check($this->argument('lock'), $this->option('format'));
} catch (\Exception $e) {
$this->error($e->getMessage());
return 1;
}
$this->info($data);
if ($this->checker->getLastVulnerabilityCount() > 0) {
return 1;
}
}
function it_push_error_message_and_alerts_when_vulnerability_found(SecurityChecker $securityChecker, ConsumerEvent $event, Message $message, \Pusher $pusher)
{
$event->getMessage()->shouldBeCalled()->willReturn($message);
$message->getValue('channelName')->shouldBeCalled()->willReturn('new_channel');
$pusher->trigger('new_channel', 'consumer:new-step', array('message' => 'Checking vulnerability'))->shouldBeCalled();
$securityChecker->check(sys_get_temp_dir() . '/composer_dir/composer.lock', 'text')->shouldBeCalled()->willReturn($this->getVulnerabilityMessage());
$securityChecker->getLastVulnerabilityCount()->shouldBeCalled()->willReturn(1);
$pusher->trigger('new_channel', 'consumer:step-error', array('message' => 'Vulnerability found : 1'))->shouldBeCalled();
$pusher->trigger('new_channel', 'consumer:vulnerabilities', array('message' => $this->getVulnerabilityMessage()))->shouldBeCalled();
$this->execute($event, 'composer_dir')->shouldReturn(0);
}
public function main()
{
if (!in_array($this->format, ['text', 'json'])) {
throw new BuildException(sprintf('Unsupported format "%s"', $this->format));
}
if (!file_exists($this->file)) {
throw new BuildException('File not found');
}
try {
$checker = new SecurityChecker();
$alerts = $checker->check($this->file, $this->format);
} catch (\Exception $e) {
throw new BuildException('Exception with SecurityChecker : ' . $e->getMessage());
}
if (!$checker->getLastVulnerabilityCount()) {
$this->log("Great! The checker did not detected known* vulnerabilities in your project dependencies.");
return;
}
print $alerts;
if ($this->outputProperty) {
$this->project->setProperty($this->outputProperty, $alerts);
}
$this->logError("Caution ! The checker detected package(s) that have known* vulnerabilities in your project. We recommend you to check the related security advisories and upgrade these dependencies.");
}
