Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security-checker using Composer Audit #1122

Merged
merged 9 commits into from
Feb 5, 2024
Merged

Add security-checker using Composer Audit #1122

merged 9 commits into from
Feb 5, 2024

Conversation

joestewart
Copy link
Contributor

@joestewart joestewart commented Jan 29, 2024
edited by veewee

Q A
Branch v2.x
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Documented? yes
Fixed tickets comma-separated list of tickets fixed by the PR, if any

Add security-checker using Composer Audit

https://getcomposer.org/doc/03-cli.md#audit

New Task Checklist:

  • Are the dependencies added to the composer.json suggestions?
  • Is the doc/tasks.md file updated?
  • Are the task parameters documented?
  • Is the task registered in the tasks.yml file?
  • Does the task contains phpunit tests?
  • Is the configuration having logical allowed types?
  • Does the task run in the correct context?
  • Is the run() method readable?
  • Is the run() method using the configuration correctly?
  • Are all CI services returning green?

veewee
veewee reviewed Feb 2, 2024
View reviewed changes
Copy link
Contributor

@veewee veewee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR. Looks like a nice addition.
I've added a couple of small remarks here and there. Can you take a second look at them.

doc/tasks/securitychecker/composeraudit.md
working_dir: ./
```

**format**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add this one (with default value) to the code sample as well - for completeness.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching this.

test/Unit/Task/SecurityCheckerComposerauditTest.php
];
}

public function provideExternalTaskRuns(): iterable
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal of this test is to check what impact a change in configuraton has on the executed command.
Can you add a test for every configuration option as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! added tests for the options.

oallain
oallain reviewed Feb 2, 2024
View reviewed changes
Copy link
Contributor

@oallain oallain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great feature, 👍
Just 2 littles comments.

src/Task/SecurityCheckerComposeraudit.php Outdated Show resolved Hide resolved
test/Unit/Task/SecurityCheckerComposerauditTest.php Outdated

yield 'working-dir' => [
[
'working_dir' => './',
Copy link
Contributor

@oallain oallain Feb 2, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

./ Is the default value, can you test with src/ for example?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually might need help here. When manually testing to another path the option works. But when modifying the test to another path I wasn't able to get the test to pass yet.

Also a side note, I think it might be a good idea for this to be fully optional ( default to null) but would require more logic to check the path for a changed composer.lock file.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for bringing it up.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can probably take a look at

grumphp/src/Task/ComposerScript.php

Line 30 in 9fb0b10

$resolver->addAllowedTypes('working_directory', ['null', 'string']);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this is addressed now.

oallain
oallain approved these changes Feb 2, 2024
View reviewed changes
Copy link
Contributor

@oallain oallain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGFM 👍

@veewee veewee merged commit 92791cc into phpro:v2.x Feb 5, 2024
20 checks passed
@veewee
Copy link
Contributor

veewee commented Feb 5, 2024

Looks good, thanks!

@joestewart joestewart deleted the feature/security-checker-composeraudit branch February 5, 2024 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@veewee veewee veewee left review comments

@oallain oallain oallain approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@joestewart @veewee @oallain