/** * @throws \RuntimeException in case of curl missing, file not found, server not responding etc. * @throws \InvalidArgumentException in case of wrong format parameter */ public function run() { $output = $this->getOutputStream(); $file = $this->parameters->get('file', 'composer.lock'); $format = $this->parameters->get('format', 'text'); $silent = $this->parameters->get('silent', true); $checker = new SecurityChecker(); if (!$silent) { $output->write('Checking "' . $file . '" for known security vulnerabilities...'); } try { $alerts = $checker->check($file, $format); } catch (\Exception $e) { throw new \RuntimeException('Failure while running ' . __CLASS__ . ': ' . $e->getMessage()); } if (!$silent) { $output->writeln('done.'); } if (!$silent && $checker->getLastVulnerabilityCount() > 0) { $output->writeln('Number of found known vulnerabilities: ' . $checker->getLastVulnerabilityCount()); } if ($checker->getLastVulnerabilityCount() > 0) { $this->addError('Number of found known vulnerabilities after checking "' . $file . '": ' . $checker->getLastVulnerabilityCount()); $this->addError($alerts); } else { $this->addInfo('No known vulnerabilities found after checking "' . $file . '".'); } }
/** * Execute the console command. * * @return void */ public function fire() { $lockFile = $this->argument('lock'); try { $data = $this->checker->check($this->argument('lock'), $this->option('format')); } catch (\Exception $e) { $this->error($e->getMessage()); return 1; } $this->info($data); if ($this->checker->getLastVulnerabilityCount() > 0) { return 1; } }
function it_push_error_message_and_alerts_when_vulnerability_found(SecurityChecker $securityChecker, ConsumerEvent $event, Message $message, \Pusher $pusher) { $event->getMessage()->shouldBeCalled()->willReturn($message); $message->getValue('channelName')->shouldBeCalled()->willReturn('new_channel'); $pusher->trigger('new_channel', 'consumer:new-step', array('message' => 'Checking vulnerability'))->shouldBeCalled(); $securityChecker->check(sys_get_temp_dir() . '/composer_dir/composer.lock', 'text')->shouldBeCalled()->willReturn($this->getVulnerabilityMessage()); $securityChecker->getLastVulnerabilityCount()->shouldBeCalled()->willReturn(1); $pusher->trigger('new_channel', 'consumer:step-error', array('message' => 'Vulnerability found : 1'))->shouldBeCalled(); $pusher->trigger('new_channel', 'consumer:vulnerabilities', array('message' => $this->getVulnerabilityMessage()))->shouldBeCalled(); $this->execute($event, 'composer_dir')->shouldReturn(0); }
public function main() { if (!in_array($this->format, ['text', 'json'])) { throw new BuildException(sprintf('Unsupported format "%s"', $this->format)); } if (!file_exists($this->file)) { throw new BuildException('File not found'); } try { $checker = new SecurityChecker(); $alerts = $checker->check($this->file, $this->format); } catch (\Exception $e) { throw new BuildException('Exception with SecurityChecker : ' . $e->getMessage()); } if (!$checker->getLastVulnerabilityCount()) { $this->log("Great! The checker did not detected known* vulnerabilities in your project dependencies."); return; } print $alerts; if ($this->outputProperty) { $this->project->setProperty($this->outputProperty, $alerts); } $this->logError("Caution ! The checker detected package(s) that have known* vulnerabilities in your project. We recommend you to check the related security advisories and upgrade these dependencies."); }