bringyourownideas /
silverstripe-composer-security-checker
| Conditions | 11 |
| Paths | 18 |
| Total Lines | 82 |
| Code Lines | 44 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 75 | public function run($request) |
||
| 76 | { |
||
| 77 | // to keep the list up to date while removing resolved issues we keep all of found issues |
||
| 78 | $validEntries = array(); |
||
| 79 | |||
| 80 | // use the security checker of |
||
| 81 | $checker = $this->getSecurityChecker(); |
||
| 82 | $result = $checker->check(BASE_PATH . DIRECTORY_SEPARATOR . 'composer.lock'); |
||
| 83 | $alerts = json_decode((string) $result, true); |
||
| 84 | |||
| 85 | // go through all alerts for packages - each can contain multiple issues |
||
| 86 | foreach ($alerts as $package => $packageDetails) { |
||
| 87 | // go through each individual known security issue |
||
| 88 | foreach ($packageDetails['advisories'] as $details) { |
||
| 89 | $identifier = $this->discernIdentifier($details['cve'], $details['title']); |
||
| 90 | $vulnerability = null; |
||
| 91 | |||
| 92 | // check if this vulnerability is already known |
||
| 93 | $existingVulns = SecurityAlert::get()->filter(array( |
||
| 94 | 'PackageName' => $package, |
||
| 95 | 'Version' => $packageDetails['version'], |
||
| 96 | 'Identifier' => $identifier, |
||
| 97 | )); |
||
| 98 | |||
| 99 | // Is this vulnerability known? No, lets add it. |
||
| 100 | if (!$existingVulns->Count()) { |
||
| 101 | $vulnerability = SecurityAlert::create(); |
||
| 102 | $vulnerability->PackageName = $package; |
||
| 103 | $vulnerability->Version = $packageDetails['version']; |
||
| 104 | $vulnerability->Title = $details['title']; |
||
| 105 | $vulnerability->ExternalLink = $details['link']; |
||
| 106 | $vulnerability->Identifier = $identifier; |
||
| 107 | |||
| 108 | $vulnerability->write(); |
||
| 109 | |||
| 110 | // add the new entries to the list of valid entries |
||
| 111 | $validEntries[] = $vulnerability->ID; |
||
| 112 | } else { |
||
| 113 | // add existing vulnerabilities (probably just 1) to the list of valid entries |
||
| 114 | $validEntries = array_merge($validEntries, $existingVulns->column('ID')); |
||
| 115 | } |
||
| 116 | |||
| 117 | // Relate this vulnerability to an existing Package, if the |
||
| 118 | // bringyourownideas/silverstripe-maintenance module is installed |
||
| 119 | if ($vulnerability && $vulnerability->hasExtension(SecurityAlertExtension::class) |
||
| 120 | && class_exists(Package::class) |
||
| 121 | && !$vulnerability->PackageRecordID |
||
| 122 | && $packageRecord = Package::get()->find('Name', $package) |
||
| 123 | ) { |
||
| 124 | $vulnerability->PackageRecordID = $packageRecord->ID; |
||
| 125 | $vulnerability->write(); |
||
| 126 | } |
||
| 127 | } |
||
| 128 | } |
||
| 129 | |||
| 130 | // remove all entries which are resolved (no longer $validEntries) |
||
| 131 | $tableName = DataObjectSchema::create()->tableName(SecurityAlert::class); |
||
| 132 | $removeOldSecurityAlerts = SQLDelete::create("\"$tableName\""); |
||
| 133 | if (empty($validEntries)) { |
||
| 134 | // There were no SecurityAlerts listed for our installation - so flush any old data |
||
| 135 | $removeOldSecurityAlerts->execute(); |
||
| 136 | } else { |
||
| 137 | $removable = SecurityAlert::get()->exclude(array('ID' => $validEntries)); |
||
| 138 | // Be careful not to remove all SecurityAlerts on the case that every entry is valid |
||
| 139 | if ($removable->exists()) { |
||
| 140 | // SQLConditionalExpression does not support IN() syntax via addWhere |
||
| 141 | // so we have to build this up manually |
||
| 142 | $convertIDsToQuestionMarks = function ($id) { |
||
| 143 | return '?'; |
||
| 144 | }; |
||
| 145 | $queryArgs = $removable->column('ID'); |
||
| 146 | $paramPlaceholders = implode(',', array_map($convertIDsToQuestionMarks, $queryArgs)); |
||
| 147 | |||
| 148 | $removeOldSecurityAlerts = $removeOldSecurityAlerts->addWhere([ |
||
| 149 | '"ID" IN(' . $paramPlaceholders . ')' => $queryArgs |
||
| 150 | ]); |
||
| 151 | $removeOldSecurityAlerts->execute(); |
||
| 152 | } |
||
| 153 | } |
||
| 154 | |||
| 155 | // notify that the task finished. |
||
| 156 | $this->output('The task finished running. You can find the updated information in the database now.'); |
||
| 157 | } |
||
| 169 |
Loading history...
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths