public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Emit warning instead of crashing on invalid security advisory API response, fixes #11767

pull/11769/head^2
Jordi Boggiano 2024-01-12 14:20:59 +01:00
parent a29acbdd2e
commit 4e5be9ee7d
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Composer/Repository/ComposerRepository.php
View File

@ -709,8 +709,16 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito
$options['http']['content'] = http_build_query(['packages' => array_keys($packageConstraintMap)]);
$response = $this->httpDownloader->get($apiUrl, $options);
$warned = false;
/** @var string $name */
foreach ($response->decodeJson()['advisories'] as $name => $list) {
if (!isset($packageConstraintMap[$name])) {
if (!$warned) {
$this->io->writeError('<warning>'.$this->getRepoName().' returned names which were not requested in response to the security-advisories API. '.$name.' was not requested but is present in the response. Requested names were: '.implode(', ', array_keys($packageConstraintMap)).'</warning>');
$warned = true;
}
continue;
}
if (count($list) > 0) {
$advisories[$name] = array_filter(array_map(
static function ($data) use ($name, $create) {