some minor improvements, added the option to disable email with no co…

…ntent by default
Jorijn · Jul 22, 2017 · d944f0e · d944f0e
1 parent 5ffa8d6
commit d944f0e
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -26,6 +26,8 @@ After updating composer, add the service provider to the `providers` array in `c
 Jorijn\LaravelSecurityChecker\ServiceProvider::class,
 ```
 
+_Note: On Laravel 5.5 and up, this package will use auto discovery and the above step is no longer required._
+
 ### Configuration
 If you want to have the package email the reports to you, you need to tell the package to who it should send it to. 
 
@@ -43,14 +45,18 @@ Publish the configuration file and change it there.
 php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="config"
 ```
 
-_Note: On Laravel 5.5 and up, this package will use auto discovery._
-
 If you want control on how the email is formatted you can have Laravel export the view for you using:
 
 ```bash
 php artisan vendor:publish --provider="Jorijn\LaravelSecurityChecker\ServiceProvider" --tag="views"
 ```
 
+By default, the package won't email you when there are no vulnerabilities found. You can change this setting by adding the following entry to your `.env` file.
+
+```
+LCS_EMAIL_WITHOUT_VULNERABILITIES=true
+```
+
 ### Scheduling
 The packages exposes a new command for you:
 

diff --git a/config/laravel-security-checker.php b/config/laravel-security-checker.php
@@ -4,7 +4,7 @@
 
     /*
     |--------------------------------------------------------------------------
-    | Laravel Security Checker
+    | Laravel Security Checker — Recipients
     |--------------------------------------------------------------------------
     |
     | This file will tell the package where to send it's security mails to.
@@ -13,5 +13,17 @@
 
     'recipients' => [
         env('LCS_MAIL_TO', null)
-    ]
+    ],
+
+    /*
+     |--------------------------------------------------------------------------
+     | Laravel Security Checker — Email settings
+     |--------------------------------------------------------------------------
+     |
+     | Decides wether the package should send email to you even if there aren't
+     | any vulnerabilities found.
+     |
+     */
+
+    'email_even_without_vulnerabilities' => env('LCS_EMAIL_WITHOUT_VULNERABILITIES', false),
 ];
diff --git a/resources/lang/en/messages.php b/resources/lang/en/messages.php
@@ -16,5 +16,6 @@
     'view' => 'View',
     'cve' => 'CVE',
     'information' => 'Information',
-    'no_recipients_configured' => 'No recipients has been configured yet!'
+    'no_recipients_configured' => 'No recipients has been configured yet!',
+    'body_no_vulnerabilities' => 'It seems that no packages have any known vulnerabilities. You can read more about disabling this message [here](https://github.com/jorijn/laravel-security-checker#configuration).'
 ];
diff --git a/resources/views/security-mail.blade.php b/resources/views/security-mail.blade.php
@@ -13,4 +13,8 @@
 @endcomponent
 @endforeach
 
+@if (count($packages) === 0)
+{{ trans('laravel-security-checker::messages.body_no_vulnerabilities') }}
+@endif
+
 @endcomponent
diff --git a/src/Console/SecurityCommand.php b/src/Console/SecurityCommand.php
@@ -36,7 +36,7 @@ public function __construct(SecurityChecker $checker)
     }
 
     /**
-     *
+     * Fire the command
      */
     public function fire()
     {
@@ -48,5 +48,7 @@ public function fire()
 
         // then display it using the formatter provided for Symfony
         app(SimpleFormatter::class)->displayResults($this->getOutput(), $composerLock, $checkResult);
+
+        return 0;
     }
 }
diff --git a/src/Console/SecurityMailCommand.php b/src/Console/SecurityMailCommand.php
@@ -37,7 +37,7 @@ public function __construct(SecurityChecker $checker)
     }
 
     /**
-     *
+     * Fire the command
      */
     public function fire()
     {
@@ -47,6 +47,13 @@ public function fire()
         // and feed it into the SecurityChecker
         $checkResult = $this->checker->check($composerLock);
 
+        // if the user didn't want any email if there are no results,
+        // cancel execution here.
+        $proceed = config('laravel-security-checker.email_even_without_vulnerabilities', false);
+        if (count($checkResult) === 0 && $proceed !== true) {
+            return 0;
+        }
+
         // get the recipients and filter out any configuration mistakes
         $recipients = collect(config('laravel-security-checker.recipients', [ ]))->filter(function ($recipient) {
             return !is_null($recipient) && !empty($recipient);
@@ -58,5 +65,7 @@ public function fire()
         }
 
         Mail::to($recipients->toArray())->send(new SecurityMail($checkResult));
+
+        return 0;
     }
 }