1
0
Fork 0

Rename test files and standardize on allow list rather than whitelist

pull/8717/head
Nils Adermann 2020-03-27 22:15:04 +01:00
parent 01fe92905a
commit 392d0abd21
24 changed files with 47 additions and 32 deletions

View File

@ -159,7 +159,7 @@ php composer.phar update
> if the `composer.lock` has not been updated since changes were made to the > if the `composer.lock` has not been updated since changes were made to the
> `composer.json` that might affect dependency resolution. > `composer.json` that might affect dependency resolution.
If you only want to install, upgrade or remove one dependency, you can whitelist them: If you only want to install, upgrade or remove one dependency, you can explicitly list it as an argument:
```sh ```sh
php composer.phar update monolog/monolog [...] php composer.phar update monolog/monolog [...]

View File

@ -155,8 +155,8 @@ php composer.phar update "vendor/*"
* **--no-scripts:** Skips execution of scripts defined in `composer.json`. * **--no-scripts:** Skips execution of scripts defined in `composer.json`.
* **--no-progress:** Removes the progress display that can mess with some * **--no-progress:** Removes the progress display that can mess with some
terminals or scripts which don't handle backspace characters. terminals or scripts which don't handle backspace characters.
* **--with-dependencies:** Add also dependencies of whitelisted packages to the whitelist, except those that are root requirements. * **--with-dependencies:** Update also dependencies of packages in the argument list, except those which are root requirements.
* **--with-all-dependencies:** Add also all dependencies of whitelisted packages to the whitelist, including those that are root requirements. * **--with-all-dependencies:** Update also dependencies of packages in the argument list, including those which are root requirements.
* **--optimize-autoloader (-o):** Convert PSR-0/4 autoloading to classmap to get a faster * **--optimize-autoloader (-o):** Convert PSR-0/4 autoloading to classmap to get a faster
autoloader. This is recommended especially for production, but can take autoloader. This is recommended especially for production, but can take
a bit of time to run so it is currently not done by default. a bit of time to run so it is currently not done by default.

View File

@ -28,20 +28,20 @@ class Cache
private $io; private $io;
private $root; private $root;
private $enabled = true; private $enabled = true;
private $whitelist; private $allowlist;
private $filesystem; private $filesystem;
/** /**
* @param IOInterface $io * @param IOInterface $io
* @param string $cacheDir location of the cache * @param string $cacheDir location of the cache
* @param string $whitelist List of characters that are allowed in path names (used in a regex character class) * @param string $allowlist List of characters that are allowed in path names (used in a regex character class)
* @param Filesystem $filesystem optional filesystem instance * @param Filesystem $filesystem optional filesystem instance
*/ */
public function __construct(IOInterface $io, $cacheDir, $whitelist = 'a-z0-9.', Filesystem $filesystem = null) public function __construct(IOInterface $io, $cacheDir, $allowlist = 'a-z0-9.', Filesystem $filesystem = null)
{ {
$this->io = $io; $this->io = $io;
$this->root = rtrim($cacheDir, '/\\') . '/'; $this->root = rtrim($cacheDir, '/\\') . '/';
$this->whitelist = $whitelist; $this->allowlist = $allowlist;
$this->filesystem = $filesystem ?: new Filesystem(); $this->filesystem = $filesystem ?: new Filesystem();
if (!self::isUsable($cacheDir)) { if (!self::isUsable($cacheDir)) {
@ -77,7 +77,7 @@ class Cache
public function read($file) public function read($file)
{ {
if ($this->enabled) { if ($this->enabled) {
$file = preg_replace('{[^'.$this->whitelist.']}i', '-', $file); $file = preg_replace('{[^'.$this->allowlist.']}i', '-', $file);
if (file_exists($this->root . $file)) { if (file_exists($this->root . $file)) {
$this->io->writeError('Reading '.$this->root . $file.' from cache', true, IOInterface::DEBUG); $this->io->writeError('Reading '.$this->root . $file.' from cache', true, IOInterface::DEBUG);
@ -91,7 +91,7 @@ class Cache
public function write($file, $contents) public function write($file, $contents)
{ {
if ($this->enabled) { if ($this->enabled) {
$file = preg_replace('{[^'.$this->whitelist.']}i', '-', $file); $file = preg_replace('{[^'.$this->allowlist.']}i', '-', $file);
$this->io->writeError('Writing '.$this->root . $file.' into cache', true, IOInterface::DEBUG); $this->io->writeError('Writing '.$this->root . $file.' into cache', true, IOInterface::DEBUG);
@ -129,7 +129,7 @@ class Cache
public function copyFrom($file, $source) public function copyFrom($file, $source)
{ {
if ($this->enabled) { if ($this->enabled) {
$file = preg_replace('{[^'.$this->whitelist.']}i', '-', $file); $file = preg_replace('{[^'.$this->allowlist.']}i', '-', $file);
$this->filesystem->ensureDirectoryExists(dirname($this->root . $file)); $this->filesystem->ensureDirectoryExists(dirname($this->root . $file));
if (!file_exists($source)) { if (!file_exists($source)) {
@ -150,7 +150,7 @@ class Cache
public function copyTo($file, $target) public function copyTo($file, $target)
{ {
if ($this->enabled) { if ($this->enabled) {
$file = preg_replace('{[^'.$this->whitelist.']}i', '-', $file); $file = preg_replace('{[^'.$this->allowlist.']}i', '-', $file);
if (file_exists($this->root . $file)) { if (file_exists($this->root . $file)) {
try { try {
touch($this->root . $file, filemtime($this->root . $file), time()); touch($this->root . $file, filemtime($this->root . $file), time());
@ -177,7 +177,7 @@ class Cache
public function remove($file) public function remove($file)
{ {
if ($this->enabled) { if ($this->enabled) {
$file = preg_replace('{[^'.$this->whitelist.']}i', '-', $file); $file = preg_replace('{[^'.$this->allowlist.']}i', '-', $file);
if (file_exists($this->root . $file)) { if (file_exists($this->root . $file)) {
return $this->filesystem->unlink($this->root . $file); return $this->filesystem->unlink($this->root . $file);
} }
@ -229,7 +229,7 @@ class Cache
public function sha1($file) public function sha1($file)
{ {
if ($this->enabled) { if ($this->enabled) {
$file = preg_replace('{[^'.$this->whitelist.']}i', '-', $file); $file = preg_replace('{[^'.$this->allowlist.']}i', '-', $file);
if (file_exists($this->root . $file)) { if (file_exists($this->root . $file)) {
return sha1_file($this->root . $file); return sha1_file($this->root . $file);
} }
@ -241,7 +241,7 @@ class Cache
public function sha256($file) public function sha256($file)
{ {
if ($this->enabled) { if ($this->enabled) {
$file = preg_replace('{[^'.$this->whitelist.']}i', '-', $file); $file = preg_replace('{[^'.$this->allowlist.']}i', '-', $file);
if (file_exists($this->root . $file)) { if (file_exists($this->root . $file)) {
return hash_file('sha256', $this->root . $file); return hash_file('sha256', $this->root . $file);
} }

View File

@ -86,8 +86,8 @@ EOT
{ {
$io = $this->getIO(); $io = $this->getIO();
$whitelist = array('name', 'description', 'author', 'type', 'homepage', 'require', 'require-dev', 'stability', 'license'); $allowlist = array('name', 'description', 'author', 'type', 'homepage', 'require', 'require-dev', 'stability', 'license');
$options = array_filter(array_intersect_key($input->getOptions(), array_flip($whitelist))); $options = array_filter(array_intersect_key($input->getOptions(), array_flip($allowlist)));
if (isset($options['author'])) { if (isset($options['author'])) {
$options['authors'] = $this->formatAuthors($options['author']); $options['authors'] = $this->formatAuthors($options['author']);

View File

@ -13,6 +13,7 @@
namespace Composer\Command; namespace Composer\Command;
use Composer\Config\JsonConfigSource; use Composer\Config\JsonConfigSource;
use Composer\DependencyResolver\Request;
use Composer\Installer; use Composer\Installer;
use Composer\Plugin\CommandEvent; use Composer\Plugin\CommandEvent;
use Composer\Plugin\PluginEvents; use Composer\Plugin\PluginEvents;
@ -179,8 +180,8 @@ EOT
->setClassMapAuthoritative($authoritative) ->setClassMapAuthoritative($authoritative)
->setApcuAutoloader($apcu) ->setApcuAutoloader($apcu)
->setUpdate(true) ->setUpdate(true)
->setUpdateWhitelist($packages) ->setUpdateAllowList($packages)
->setWhitelistTransitiveDependencies(!$input->getOption('no-update-with-dependencies')) ->setUpdateAllowTransitiveDependencies($input->getOption('no-update-with-dependencies') ? Request::UPDATE_ONLY_LISTED : Request::UPDATE_TRANSITIVE_DEPENDENCIES)
->setIgnorePlatformRequirements($input->getOption('ignore-platform-reqs')) ->setIgnorePlatformRequirements($input->getOption('ignore-platform-reqs'))
->setRunScripts(!$input->getOption('no-scripts')) ->setRunScripts(!$input->getOption('no-scripts'))
->setDryRun($dryRun) ->setDryRun($dryRun)

View File

@ -12,6 +12,7 @@
namespace Composer\Command; namespace Composer\Command;
use Composer\DependencyResolver\Request;
use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputArgument; use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Input\InputOption;
@ -248,6 +249,13 @@ EOT
$authoritative = $input->getOption('classmap-authoritative') || $composer->getConfig()->get('classmap-authoritative'); $authoritative = $input->getOption('classmap-authoritative') || $composer->getConfig()->get('classmap-authoritative');
$apcu = $input->getOption('apcu-autoloader') || $composer->getConfig()->get('apcu-autoloader'); $apcu = $input->getOption('apcu-autoloader') || $composer->getConfig()->get('apcu-autoloader');
$updateAllowTransitiveDependencies = Request::UPDATE_ONLY_LISTED;
if ($input->getOption('update-with-all-dependencies')) {
$updateAllowTransitiveDependencies = Request::UPDATE_TRANSITIVE_ROOT_DEPENDENCIES;
} elseif ($input->getOption('update-with-dependencies')) {
$updateAllowTransitiveDependencies = Request::UPDATE_TRANSITIVE_DEPENDENCIES;
}
$commandEvent = new CommandEvent(PluginEvents::COMMAND, 'require', $input, $output); $commandEvent = new CommandEvent(PluginEvents::COMMAND, 'require', $input, $output);
$composer->getEventDispatcher()->dispatch($commandEvent->getName(), $commandEvent); $composer->getEventDispatcher()->dispatch($commandEvent->getName(), $commandEvent);
@ -264,8 +272,7 @@ EOT
->setClassMapAuthoritative($authoritative) ->setClassMapAuthoritative($authoritative)
->setApcuAutoloader($apcu) ->setApcuAutoloader($apcu)
->setUpdate(true) ->setUpdate(true)
->setWhitelistTransitiveDependencies($input->getOption('update-with-dependencies')) ->setUpdateAllowTransitiveDependencies($updateAllowTransitiveDependencies)
->setWhitelistAllDependencies($input->getOption('update-with-all-dependencies'))
->setIgnorePlatformRequirements($input->getOption('ignore-platform-reqs')) ->setIgnorePlatformRequirements($input->getOption('ignore-platform-reqs'))
->setPreferStable($input->getOption('prefer-stable')) ->setPreferStable($input->getOption('prefer-stable'))
->setPreferLowest($input->getOption('prefer-lowest')) ->setPreferLowest($input->getOption('prefer-lowest'))
@ -275,7 +282,7 @@ EOT
// if no lock is present, or the file is brand new, we do not do a // if no lock is present, or the file is brand new, we do not do a
// partial update as this is not supported by the Installer // partial update as this is not supported by the Installer
if (!$this->firstRequire && $composer->getConfig()->get('lock')) { if (!$this->firstRequire && $composer->getConfig()->get('lock')) {
$install->setUpdateWhitelist(array_keys($requirements)); $install->setUpdateAllowList(array_keys($requirements));
} }
$status = $install->run(); $status = $install->run();

View File

@ -49,8 +49,8 @@ class UpdateCommand extends BaseCommand
new InputOption('no-autoloader', null, InputOption::VALUE_NONE, 'Skips autoloader generation'), new InputOption('no-autoloader', null, InputOption::VALUE_NONE, 'Skips autoloader generation'),
new InputOption('no-scripts', null, InputOption::VALUE_NONE, 'Skips the execution of all scripts defined in composer.json file.'), new InputOption('no-scripts', null, InputOption::VALUE_NONE, 'Skips the execution of all scripts defined in composer.json file.'),
new InputOption('no-progress', null, InputOption::VALUE_NONE, 'Do not output download progress.'), new InputOption('no-progress', null, InputOption::VALUE_NONE, 'Do not output download progress.'),
new InputOption('with-dependencies', null, InputOption::VALUE_NONE, 'Add also dependencies of whitelisted packages to the whitelist, except those defined in root package.'), new InputOption('with-dependencies', null, InputOption::VALUE_NONE, 'Update also dependencies of packages in the argument list, except those which are root requirements.'),
new InputOption('with-all-dependencies', null, InputOption::VALUE_NONE, 'Add also all dependencies of whitelisted packages to the whitelist, including those defined in root package.'), new InputOption('with-all-dependencies', null, InputOption::VALUE_NONE, 'Update also dependencies of packages in the argument list, including those which are root requirements.'),
new InputOption('verbose', 'v|vv|vvv', InputOption::VALUE_NONE, 'Shows more details including new commits pulled in when updating packages.'), new InputOption('verbose', 'v|vv|vvv', InputOption::VALUE_NONE, 'Shows more details including new commits pulled in when updating packages.'),
new InputOption('optimize-autoloader', 'o', InputOption::VALUE_NONE, 'Optimize autoloader during autoloader dump.'), new InputOption('optimize-autoloader', 'o', InputOption::VALUE_NONE, 'Optimize autoloader during autoloader dump.'),
new InputOption('classmap-authoritative', 'a', InputOption::VALUE_NONE, 'Autoload classes from the classmap only. Implicitly enables `--optimize-autoloader`.'), new InputOption('classmap-authoritative', 'a', InputOption::VALUE_NONE, 'Autoload classes from the classmap only. Implicitly enables `--optimize-autoloader`.'),

View File

@ -300,12 +300,19 @@ class PoolBuilder
{ {
if ($this->io) { if ($this->io) {
foreach ($this->updateAllowList as $pattern => $void) { foreach ($this->updateAllowList as $pattern => $void) {
foreach ($request->getLockedRepository()->getPackages() as $package) {
$patternRegexp = BasePackage::packageNameToRegexp($pattern); $patternRegexp = BasePackage::packageNameToRegexp($pattern);
// update pattern matches a locked package? => all good
foreach ($request->getLockedRepository()->getPackages() as $package) {
if (preg_match($patternRegexp, $package->getName())) { if (preg_match($patternRegexp, $package->getName())) {
continue 2; continue 2;
} }
} }
// update pattern matches a root require? => all good, probably a new package
foreach ($request->getRequires() as $packageName => $constraint) {
if (preg_match($patternRegexp, $packageName)) {
continue 2;
}
}
if (strpos($pattern, '*') !== false) { if (strpos($pattern, '*') !== false) {
$this->io->writeError('<warning>Pattern "' . $pattern . '" listed for update does not match any locked packages.</warning>'); $this->io->writeError('<warning>Pattern "' . $pattern . '" listed for update does not match any locked packages.</warning>');
} else { } else {

View File

@ -182,7 +182,7 @@ class Problem
if ($package->getName() === $packageName) { if ($package->getName() === $packageName) {
$fixedPackage = $package; $fixedPackage = $package;
if ($pool->isUnacceptableFixedPackage($package)) { if ($pool->isUnacceptableFixedPackage($package)) {
return array("- ", $package->getPrettyName().' is fixed to '.$package->getPrettyVersion().' (lock file version) by a partial update but that version is rejected by your minimum-stability. Make sure you whitelist it for update.'); return array("- ", $package->getPrettyName().' is fixed to '.$package->getPrettyVersion().' (lock file version) by a partial update but that version is rejected by your minimum-stability. Make sure you list it as an argument for the update command.');
} }
break; break;
} }
@ -207,7 +207,7 @@ class Problem
return $fixedConstraint->matches(new Constraint('==', $p->getVersion())); return $fixedConstraint->matches(new Constraint('==', $p->getVersion()));
}); });
if (0 === count($filtered)) { if (0 === count($filtered)) {
return array("- Root composer.json requires $packageName".self::constraintToText($constraint) . ', ', 'found '.self::getPackageList($packages).' but the package is fixed to '.$fixedPackage->getPrettyVersion().' (lock file version) by a partial update and that version does not match. Make sure you whitelist it for update.'); return array("- Root composer.json requires $packageName".self::constraintToText($constraint) . ', ', 'found '.self::getPackageList($packages).' but the package is fixed to '.$fixedPackage->getPrettyVersion().' (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.');
} }
} }

View File

@ -250,14 +250,14 @@ abstract class BasePackage implements PackageInterface
/** /**
* Build a regexp from a package name, expanding * globs as required * Build a regexp from a package name, expanding * globs as required
* *
* @param string $whiteListedPattern * @param string $allowPattern
* @param string $wrap Wrap the cleaned string by the given string * @param string $wrap Wrap the cleaned string by the given string
* @return string * @return string
*/ */
public static function packageNameToRegexp($whiteListedPattern, $wrap = '{^%s$}i') public static function packageNameToRegexp($allowPattern, $wrap = '{^%s$}i')
{ {
$cleanedWhiteListedPattern = str_replace('\\*', '.*', preg_quote($whiteListedPattern)); $cleanedAllowPattern = str_replace('\\*', '.*', preg_quote($allowPattern));
return sprintf($wrap, $cleanedWhiteListedPattern); return sprintf($wrap, $cleanedAllowPattern);
} }
} }

View File

@ -59,4 +59,4 @@ Updating dependencies
Your requirements could not be resolved to an installable set of packages. Your requirements could not be resolved to an installable set of packages.
Problem 1 Problem 1
- b/unstable is fixed to 1.1.0-alpha (lock file version) by a partial update but that version is rejected by your minimum-stability. Make sure you whitelist it for update. - b/unstable is fixed to 1.1.0-alpha (lock file version) by a partial update but that version is rejected by your minimum-stability. Make sure you list it as an argument for the update command.

View File

@ -117,7 +117,7 @@ Your requirements could not be resolved to an installable set of packages.
Problem 3 Problem 3
- Root composer.json requires non-existent/pkg, it could not be found in any version, there may be a typo in the package name. - Root composer.json requires non-existent/pkg, it could not be found in any version, there may be a typo in the package name.
Problem 4 Problem 4
- Root composer.json requires stable-requiree-excluded/pkg 1.0.1, found stable-requiree-excluded/pkg[1.0.1] but the package is fixed to 1.0.0 (lock file version) by a partial update and that version does not match. Make sure you whitelist it for update. - Root composer.json requires stable-requiree-excluded/pkg 1.0.1, found stable-requiree-excluded/pkg[1.0.1] but the package is fixed to 1.0.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
Problem 5 Problem 5
- Root composer.json requires linked library lib-xml 1002.* but it has the wrong version installed or is missing from your system, make sure to load the extension providing it. - Root composer.json requires linked library lib-xml 1002.* but it has the wrong version installed or is missing from your system, make sure to load the extension providing it.
Problem 6 Problem 6