/** * @param Event $event */ public static function checkForSecurityIssues(Event $event) { $extra = $event->getComposer()->getPackage()->getExtra(); $config = isset($extra['rolebi-dependencies-security-checker']) ? $extra['rolebi-dependencies-security-checker'] : array(); if (!is_array($config)) { throw new \InvalidArgumentException('The extra.rolebi-dependencies-security-checker setting must be an array.'); } $config = ConfigHandler::processConfig($config); $io = $event->getIO(); $io->write("\n" . '<info>Checking your dependencies for known vulnerabilities using your composer.lock</info>'); $io->write('<comment>This checker can only detect vulnerabilities that are referenced in the SensioLabs ' . 'security advisories database.</comment>' . "\n"); try { $vulnerabilities = static::getVulnerabilities(static::getComposerFile(), $config['ignored-packages']); } catch (ServiceUnavailableException $exception) { if ($config['error-on-service-unavailable']) { throw $exception; } else { $io->write("\n" . ' <error>' . $exception->getMessage() . '</error>'); return; } } $errorCount = count($vulnerabilities); if ($errorCount) { $io->write("\n" . ' <error>' . $errorCount . ' vulnerability(ies) found!</error>'); static::dumpVulnerabilities($io, $vulnerabilities); if ($config['error-on-vulnerabilities']) { $exception = new UnsafeDependenciesException('At least one of your dependencies contains known vulnerability(ies)'); throw $exception->setVulnerabilities($vulnerabilities); } } }
public function testUnknowOptions() { $this->setExpectedException('InvalidArgumentException', 'The extra.rolebi-dependencies-security-checker settings does not support option(s): foo cari. ' . 'List of supported option(s): error-on-vulnerabilities, error-on-service-unavailable, ignored-packages.'); ConfigHandler::processConfig(array('foo' => 'bar', 'cari' => 'smatic')); }