Merge 75b10aa into 4041e63

eiriksm · Sep 8, 2021 · b0d90b1 · b0d90b1
2 parents 4041e63 + 75b10aa
commit b0d90b1
Show file tree

Hide file tree

Showing 3 changed files with 102 additions and 0 deletions.
diff --git a/src/CosyComposer.php b/src/CosyComposer.php
@@ -1562,6 +1562,15 @@ protected function attachDrupalAdvisories(array &$alerts)
             if (empty($xml->releases->release)) {
                 return;
             }
+            $drupal_version_array = explode('.', $drupal->version);
+            $active_branch = sprintf('%s.%s', $drupal_version_array[0], $drupal_version_array[1]);
+            $supported_branches = explode(',', (string) $xml->supported_branches);
+            $is_supported = false;
+            foreach ($supported_branches as $branch) {
+                if (strpos($branch, $active_branch) === 0) {
+                    $is_supported = true;
+                }
+            }
             foreach ($xml->releases->release as $release) {
                 if (empty($release->version)) {
                     continue;
@@ -1570,6 +1579,12 @@ protected function attachDrupalAdvisories(array &$alerts)
                     continue;
                 }
                 $version = (string) $release->version;
+                // If they are not on the same branch, then let's skip it as well.
+                if ($endpoint !== '7.x') {
+                    if ($is_supported && strpos($version, $active_branch) !== 0) {
+                        continue;
+                    }
+                }
                 if (version_compare($version, $drupal->version) !== 1) {
                     continue;
                 }

diff --git a/test/fixtures/updates-09-09-2021.xml b/test/fixtures/updates-09-09-2021.xml
diff --git a/test/integration/OtherMinorBranchDrupalSecTest.php b/test/integration/OtherMinorBranchDrupalSecTest.php
@@ -0,0 +1,74 @@
+<?php
+
+namespace eiriksm\CosyComposerTest\integration;
+
+use GuzzleHttp\Psr7\Response;
+use Http\Client\HttpClient;
+
+class OtherMinorBranchDrupalSecTest extends DrupalRuntimeSecUpdateTest
+{
+
+    public function setUp()
+    {
+        // We want to switch the http client so we can return the cached XML we know from a specific date.
+        parent::setUp();
+        $mock_response = new Response(200, [], file_get_contents(__DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'fixtures' . DIRECTORY_SEPARATOR . 'updates-09-09-2021.xml'));
+        $client = $this->createMock(HttpClient::class);
+        $client->method('sendRequest')
+            ->willReturn($mock_response);
+        $this->cosy->setHttpClient($client);
+    }
+
+    public function getDrupalUpdatesAndSec()
+    {
+        return [
+            [
+                // Last current version of last minor branch.
+                '9.1.12',
+                'drupal/core',
+                false,
+            ],
+            [
+                // Last current version.
+                '9.2.5',
+                'drupal/core',
+                false,
+            ],
+            [
+                // Last current branch version which was insecure.
+                '9.2.3',
+                'drupal/core',
+                true,
+            ],
+            // Some other version that were insecure at that point in time.
+            [
+                '9.1.11',
+                'drupal/core',
+                true,
+            ],
+            [
+                '8.9.17',
+                'drupal/core',
+                true,
+            ],
+            [
+                // Last in the 9.0 series. Currently unsupported branch
+                '9.0.14',
+                'drupal/core',
+                true,
+            ],
+            [
+                // Last in the 8.9 series. Currently supported.
+                '8.9.18',
+                'drupal/core',
+                false,
+            ],
+            [
+                // Last in the 8.8 series. Currently unsupported.
+                '8.8.12',
+                'drupal/core',
+                true,
+            ],
+        ];
+    }
+}