SecuritySlackCommand - Code Metrics - Inspection of "Replace abandoned Sensiolabs security checker" - Jorijn/laravel-security-checker - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#34)

by Paras

created 2021-01-28 12:57 UTC

SecuritySlackCommand A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	43
Duplicated Lines	0 %

Test Coverage

Coverage

100%

Importance

Changes	2
Bugs	0	Features	1

Metric	Value
eloc	18
dl	0
loc	43
ccs	11
cts	11
cp	1
rs	10
c	2
b	0
f	1
wmc	4

1 Method

Rating	Name	Duplication	Size	Complexity
A	handle()	0	28	4

<?php

namespace Jorijn\LaravelSecurityChecker\Console;

use Enlightn\SecurityChecker\AdvisoryAnalyzer;
use Enlightn\SecurityChecker\AdvisoryFetcher;
use Enlightn\SecurityChecker\AdvisoryParser;
use Enlightn\SecurityChecker\Composer;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Notification;
use Jorijn\LaravelSecurityChecker\Notifications\SecuritySlackNotification;

class SecuritySlackCommand extends Command
{
    /**
     * @var string
     */
    protected $name = 'security-check:slack';

    /**
     * @var string
     */
    protected $description = 'Send vulnerabilities to a Slack channel.';

    /**
     * Execute the command
     */
    public function handle()
    {
        // require that the user specifies a slack channel in the .env file
        if (!config('laravel-security-checker.slack_webhook_url')) {
            Log::error('checking for vulnerabilities using slack was requested but no hook is configured');
            throw new \Exception('No Slack Webhook has been specified.');
        }

        // get the path to composer.lock
        $composerLock = base_path('composer.lock');

        // and feed it into the SecurityChecker
        Log::debug('about to check for vulnerabilities');
        $parser = new AdvisoryParser((new AdvisoryFetcher)->fetchAdvisories());
        $dependencies = (new Composer)->getDependencies($composerLock);
        $vulnerabilities = (new AdvisoryAnalyzer($parser->getAdvisories()))->analyzeDependencies($dependencies);

        // cancel execution here if user does not want to be notified when there are 0 vulns.
        $proceed = config('laravel-security-checker.notify_even_without_vulnerabilities', false);
        if (count($vulnerabilities) === 0 && $proceed !== true) {
            Log::info('no vulnerabilities were found, not sending a slack notification');

            return 0;
        }

        Log::warning('vulnerabilities were found, sending slack notification to configured hook');
        Notification::route('slack', config('laravel-security-checker.slack_webhook_url', null))
            ->notify(new SecuritySlackNotification($vulnerabilities, realpath($composerLock)));
    }
}


1		<?php
2
3		namespace Jorijn\LaravelSecurityChecker\Console;
4
5		use Enlightn\SecurityChecker\AdvisoryAnalyzer;
6		use Enlightn\SecurityChecker\AdvisoryFetcher;
7		use Enlightn\SecurityChecker\AdvisoryParser;
8		use Enlightn\SecurityChecker\Composer;
9		use Illuminate\Console\Command;
10		use Illuminate\Support\Facades\Log;
11		use Illuminate\Support\Facades\Notification;
12		use Jorijn\LaravelSecurityChecker\Notifications\SecuritySlackNotification;
13
14		class SecuritySlackCommand extends Command
15		{
16		/**
17		* @var string
18		*/
19		protected $name = 'security-check:slack';
20
21		/**
22		* @var string
23		*/
24		protected $description = 'Send vulnerabilities to a Slack channel.';
25
26		/**
27		* Execute the command
28		*/
29		public function handle()
30		{
31		// require that the user specifies a slack channel in the .env file
32		if (!config('laravel-security-checker.slack_webhook_url')) {
33	27	Log::error('checking for vulnerabilities using slack was requested but no hook is configured');
34		throw new \Exception('No Slack Webhook has been specified.');
35	27	}
36
37	27	// get the path to composer.lock
38	27	$composerLock = base_path('composer.lock');
39
40		// and feed it into the SecurityChecker
41		Log::debug('about to check for vulnerabilities');
42		$parser = new AdvisoryParser((new AdvisoryFetcher)->fetchAdvisories());
43	9	$dependencies = (new Composer)->getDependencies($composerLock);
44		$vulnerabilities = (new AdvisoryAnalyzer($parser->getAdvisories()))->analyzeDependencies($dependencies);
45
46	9	// cancel execution here if user does not want to be notified when there are 0 vulns.
47	3	$proceed = config('laravel-security-checker.notify_even_without_vulnerabilities', false);
48	3	if (count($vulnerabilities) === 0 && $proceed !== true) {
49		Log::info('no vulnerabilities were found, not sending a slack notification');
50
51		return 0;
52	6	}
53
54		Log::warning('vulnerabilities were found, sending slack notification to configured hook');
55	6	Notification::route('slack', config('laravel-security-checker.slack_webhook_url', null))
56	6	->notify(new SecuritySlackNotification($vulnerabilities, realpath($composerLock)));
57		}
58		}
59

Jorijn / laravel-security-checker

Pull Request — master (#34)

SecuritySlackCommand A

Complexity

Size/Duplication

Test Coverage

Importance

1 Method

Duplication Side-by-Side

Filter issues like