bringyourownideas /
silverstripe-composer-security-checker
| Conditions | 10 |
| Paths | 18 |
| Total Lines | 78 |
| Code Lines | 41 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 75 | public function run($request) |
||
| 76 | { |
||
| 77 | // to keep the list up to date while removing resolved issues we keep all of found issues |
||
| 78 | $validEntries = array(); |
||
| 79 | |||
| 80 | // use the security checker of |
||
| 81 | $checker = $this->getSecurityChecker(); |
||
| 82 | $alerts = $checker->check(BASE_PATH . DIRECTORY_SEPARATOR . 'composer.lock'); |
||
| 83 | |||
| 84 | // go through all alerts for packages - each can contain multiple issues |
||
| 85 | foreach ($alerts as $package => $packageDetails) { |
||
| 86 | // go through each individual known security issue |
||
| 87 | foreach ($packageDetails['advisories'] as $details) { |
||
| 88 | $identifier = $this->discernIdentifier($details['cve'], $details['title']); |
||
| 89 | // check if this vulnerability is already known |
||
| 90 | $vulnerability = SecurityAlert::get()->filter(array( |
||
| 91 | 'PackageName' => $package, |
||
| 92 | 'Version' => $packageDetails['version'], |
||
| 93 | 'Identifier' => $identifier, |
||
| 94 | )); |
||
| 95 | |||
| 96 | // Is this vulnerability known? No, lets add it. |
||
| 97 | if ((int) $vulnerability->count() === 0) { |
||
| 98 | $vulnerability = SecurityAlert::create(); |
||
| 99 | $vulnerability->PackageName = $package; |
||
| 100 | $vulnerability->Version = $packageDetails['version']; |
||
| 101 | $vulnerability->Title = $details['title']; |
||
| 102 | $vulnerability->ExternalLink = $details['link']; |
||
| 103 | $vulnerability->Identifier = $identifier; |
||
| 104 | |||
| 105 | $vulnerability->write(); |
||
| 106 | |||
| 107 | // add the new entries to the list of valid entries |
||
| 108 | $validEntries[] = $vulnerability->ID; |
||
| 109 | } else { |
||
| 110 | // add existing vulnerabilities (probably just 1) to the list of valid entries |
||
| 111 | $validEntries = array_merge($validEntries, $vulnerability->column('ID')); |
||
| 112 | } |
||
| 113 | |||
| 114 | // Relate this vulnerability to an existing Package, if the |
||
| 115 | // bringyourownideas/silverstripe-maintenance module is installed |
||
| 116 | if ($vulnerability->hasExtension(SecurityAlertExtension::class) |
||
| 117 | && class_exists(Package::class) |
||
| 118 | && $vulnerability->PackageRecordID === 0 |
||
| 119 | && $packageRecord = Package::get()->find('Name', $package) |
||
| 120 | ) { |
||
| 121 | $vulnerability->PackageRecordID = $packageRecord->ID; |
||
| 122 | } |
||
| 123 | } |
||
| 124 | } |
||
| 125 | |||
| 126 | // remove all entries which are resolved (no longer $validEntries) |
||
| 127 | $tableName = DataObjectSchema::create()->tableName(SecurityAlert::class); |
||
| 128 | $removeOldSecurityAlerts = SQLDelete::create("\"$tableName\""); |
||
| 129 | if (empty($validEntries)) { |
||
| 130 | // There were no SecurityAlerts listed for our installation - so flush any old data |
||
| 131 | $removeOldSecurityAlerts->execute(); |
||
| 132 | } else { |
||
| 133 | $removable = SecurityAlert::get()->exclude(array('ID' => $validEntries)); |
||
| 134 | // Be careful not to remove all SecurityAlerts on the case that every entry is valid |
||
| 135 | if ($removable->exists()) { |
||
| 136 | // SQLConditionalExpression does not support IN() syntax via addWhere |
||
| 137 | // so we have to build this up manually |
||
| 138 | $convertIDsToQuestionMarks = function ($id) { |
||
| 139 | return '?'; |
||
| 140 | }; |
||
| 141 | $queryArgs = $removable->column('ID'); |
||
| 142 | $paramPlaceholders = implode(',', array_map($convertIDsToQuestionMarks, $queryArgs)); |
||
| 143 | |||
| 144 | $removeOldSecurityAlerts = $removeOldSecurityAlerts->addWhere([ |
||
| 145 | '"ID" IN(' . $paramPlaceholders . ')' => $queryArgs |
||
| 146 | ]); |
||
| 147 | $removeOldSecurityAlerts->execute(); |
||
| 148 | } |
||
| 149 | } |
||
| 150 | |||
| 151 | // notify that the task finished. |
||
| 152 | $this->output('The task finished running. You can find the updated information in the database now.'); |
||
| 153 | } |
||
| 165 |
Loading history...
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths