Make sure no unknown files get excluded from the phar, fixes #9331

composer · Oct 24, 2020 · 9bfddad · 9bfddad
1 parent b1d2842
commit 9bfddad
Showing 1 changed file with 29 additions and 36 deletions.
diff --git a/src/Composer/Compiler.php b/src/Composer/Compiler.php
@@ -80,6 +80,7 @@ public function compile($pharFile = 'composer.phar')
             return strcmp(strtr($a->getRealPath(), '\\', '/'), strtr($b->getRealPath(), '\\', '/'));
         };
 
+        // Add Composer sources
         $finder = new Finder();
         $finder->files()
             ->ignoreVCS(true)
@@ -89,69 +90,61 @@ public function compile($pharFile = 'composer.phar')
             ->in(__DIR__.'/..')
             ->sort($finderSort)
         ;
-
         foreach ($finder as $file) {
             $this->addFile($phar, $file);
         }
+        // Add ClassLoader separately to make sure it retains the docblocks as it will get copied into projects
         $this->addFile($phar, new \SplFileInfo(__DIR__ . '/Autoload/ClassLoader.php'), false);
 
+        // Add Composer resources
         $finder = new Finder();
         $finder->files()
-            ->name('*.json')
             ->in(__DIR__.'/../../res')
-            ->in(SpdxLicenses::getResourcesDir())
             ->sort($finderSort)
         ;
-
         foreach ($finder as $file) {
             $this->addFile($phar, $file, false);
         }
-        $this->addFile($phar, new \SplFileInfo(__DIR__ . '/../../vendor/symfony/console/Resources/bin/hiddeninput.exe'), false);
-        $this->addFile($phar, new \SplFileInfo(__DIR__ . '/../../vendor/symfony/polyfill-mbstring/Resources/mb_convert_variables.php8'));
 
+        // Add vendor files
         $finder = new Finder();
         $finder->files()
             ->ignoreVCS(true)
-            ->name('*.php')
-            ->name('LICENSE')
+            ->notPath('/\/(composer\.(json|lock)|[A-Z]+\.md|\.gitignore|phpunit\.xml\.dist|phpstan\.neon\.dist|phpstan-config\.neon)$/')
+            ->notPath('symfony/debug/Resources/ext/')
+            ->notPath('justinrainbow/json-schema/demo/')
+            ->notPath('justinrainbow/json-schema/dist/')
+            ->notPath('composer/installed.json')
+            ->notPath('composer/LICENSE')
             ->exclude('Tests')
             ->exclude('tests')
             ->exclude('docs')
-            ->in(__DIR__.'/../../vendor/symfony/')
-            ->in(__DIR__.'/../../vendor/seld/jsonlint/')
-            ->in(__DIR__.'/../../vendor/justinrainbow/json-schema/')
-            ->in(__DIR__.'/../../vendor/composer/spdx-licenses/')
-            ->in(__DIR__.'/../../vendor/composer/semver/')
-            ->in(__DIR__.'/../../vendor/composer/ca-bundle/')
-            ->in(__DIR__.'/../../vendor/composer/xdebug-handler/')
-            ->in(__DIR__.'/../../vendor/psr/')
-            ->in(__DIR__.'/../../vendor/react/')
+            ->exclude('bin')
+            ->in(__DIR__.'/../../vendor/')
             ->sort($finderSort)
         ;
 
+        $extraFiles = array(
+            realpath(__DIR__ . '/../../vendor/composer/spdx-licenses/res/spdx-exceptions.json'),
+            realpath(__DIR__ . '/../../vendor/composer/spdx-licenses/res/spdx-licenses.json'),
+            realpath(CaBundle::getBundledCaBundlePath()),
+            realpath(__DIR__ . '/../../vendor/symfony/console/Resources/bin/hiddeninput.exe'),
+            realpath(__DIR__ . '/../../vendor/symfony/polyfill-mbstring/Resources/mb_convert_variables.php8'),
+        );
+
         foreach ($finder as $file) {
-            $this->addFile($phar, $file);
-        }
+            if (!preg_match('{(/LICENSE|\.php)$}', $file) && !in_array(realpath($file), $extraFiles, true)) {
+                throw new \RuntimeException('Unexpected file should be added to the allow or deny lists: '.$file);
+            }
 
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/autoload.php'));
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_namespaces.php'));
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_psr4.php'));
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_classmap.php'));
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_files.php'));
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_real.php'));
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_static.php'));
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/installed.php'));
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/InstalledVersions.php'));
-        if (file_exists(__DIR__.'/../../vendor/composer/platform_check.php')) {
-            $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/platform_check.php'));
-        }
-        if (file_exists(__DIR__.'/../../vendor/composer/include_paths.php')) {
-            $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/include_paths.php'));
+            if (preg_match('{\.php[\d.]*$}', $file)) {
+                $this->addFile($phar, $file);
+            } else {
+                $this->addFile($phar, $file, false);
+            }
         }
-        $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/ClassLoader.php'));
-
-        $this->addFile($phar, new \SplFileInfo(CaBundle::getBundledCaBundlePath()), false);
 
+        // Add bin/composer
         $this->addComposerBin($phar);
 
         // Stubs