Convert to native security checker (#305)

eiriksm · Nov 8, 2023 · 236aca9 · 236aca9
1 parent 7d1bf3f
commit 236aca9
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 1 deletion.
diff --git a/src/NativeComposerChecker.php b/src/NativeComposerChecker.php
@@ -0,0 +1,60 @@
+<?php
+
+namespace eiriksm\CosyComposer;
+
+use Violinist\SymfonyCloudSecurityChecker\SecurityChecker;
+
+class NativeComposerChecker extends SecurityChecker
+{
+    public function checkDirectory($dir)
+    {
+        // Simply run the composer audit command in the directory in here.
+        $command = [
+            'composer',
+            '--working-dir=' . $dir,
+            'audit',
+            '--format=json',
+        ];
+        $process = $this->getProcess($command);
+        $process->run();
+        // Don't really check the exit code, since it will be non-zero when we
+        // have CVEs or whatever.
+        $string = $process->getOutput();
+        // If the process is saying we do not know the command "audit" then that
+        // means we are using composer 1, which is not great. In those cases we
+        // try to just use the "old" checker I guess.
+        if (strpos($process->getErrorOutput(), 'Command "audit" is not defined') !== false) {
+            return parent::checkDirectory($dir);
+        }
+        if (empty($string)) {
+            throw new \Exception('No output from the composer audit command. This is the stderr: ' . $process->getErrorOutput());
+        }
+        $json = @json_decode($string, true);
+        if (!is_array($json)) {
+            throw new \Exception('Invalid JSON found from parsing the security check data');
+        }
+        $bc_result = [];
+        foreach ($json as $type => $packages) {
+            foreach ($packages as $package => $items) {
+                if (empty($bc_result[$package])) {
+                    $bc_result[$package] = [];
+                }
+                if (empty($bc_result[$package][$type])) {
+                    $bc_result[$package][$type] = [];
+                }
+                foreach ($items as $item) {
+                    $bc_result[$package][$type][] = $item;
+                }
+            }
+        }
+        return $bc_result;
+    }
+
+    protected function getProcess(array $command)
+    {
+        $env = [
+            'PATH' => __DIR__ . '/../../../../vendor/bin' . ':' . getenv('PATH'),
+        ];
+        return $this->getProcessFactory()->getProcess($command, null, $env);
+    }
+}
diff --git a/src/SecurityCheckerFactory.php b/src/SecurityCheckerFactory.php
@@ -19,7 +19,7 @@ public function setChecker(SecurityChecker $checker)
     public function getChecker()
     {
         if (!$this->checker instanceof SecurityChecker) {
-            $this->checker = new SecurityChecker();
+            $this->checker = new NativeComposerChecker();
         }
         return $this->checker;
     }