Audit: ignores configured repository options (#11173)
* Audit: ignores configured repository options * ComposerRepository: add test case to assert that repo http options are used to make security advisory POST requestpull/11603/head
Stephan
Jordi Boggiano
parent
4137bf38ad
commit
5062338079
|
|
@ -690,14 +690,15 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($apiUrl !== null && count($packageConstraintMap) > 0) {
|
if ($apiUrl !== null && count($packageConstraintMap) > 0) {
|
||||||
$options = [
|
$options = $this->options;
|
||||||
'http' => [
|
$options['http']['method'] = 'POST';
|
||||||
'method' => 'POST',
|
if (isset($options['http']['header'])) {
|
||||||
'header' => ['Content-type: application/x-www-form-urlencoded'],
|
$options['http']['header'] = (array) $options['http']['header'];
|
||||||
'timeout' => 10,
|
}
|
||||||
'content' => http_build_query(['packages' => array_keys($packageConstraintMap)]),
|
$options['http']['header'][] = 'Content-type: application/x-www-form-urlencoded';
|
||||||
],
|
$options['http']['timeout'] = 10;
|
||||||
];
|
$options['http']['content'] = http_build_query(['packages' => array_keys($packageConstraintMap)]);
|
||||||
|
|
||||||
$response = $this->httpDownloader->get($apiUrl, $options);
|
$response = $this->httpDownloader->get($apiUrl, $options);
|
||||||
/** @var string $name */
|
/** @var string $name */
|
||||||
foreach ($response->decodeJson()['advisories'] as $name => $list) {
|
foreach ($response->decodeJson()['advisories'] as $name => $list) {
|
||||||
|
|
|
||||||
|
|
@ -112,8 +112,10 @@ class HttpDownloaderMock extends HttpDownloader
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new AssertionFailedError(
|
throw new AssertionFailedError(
|
||||||
'Received unexpected request for "'.$fileUrl.'"'.PHP_EOL.
|
'Received unexpected request for "'.$fileUrl.'" with options "'.json_encode($options).'"'.PHP_EOL.
|
||||||
(is_array($this->expectations) && count($this->expectations) > 0 ? 'Expected "'.$this->expectations[0]['url'].'" at this point.' : 'Expected no more calls at this point.').PHP_EOL.
|
(is_array($this->expectations) && count($this->expectations) > 0
|
||||||
|
? 'Expected "'.$this->expectations[0]['url'].($this->expectations[0]['options'] !== null ? '" with options "'.json_encode($this->expectations[0]['options']) : '').'" at this point.'
|
||||||
|
: 'Expected no more calls at this point.').PHP_EOL.
|
||||||
'Received calls:'.PHP_EOL.implode(PHP_EOL, array_slice($this->log, 0, -1))
|
'Received calls:'.PHP_EOL.implode(PHP_EOL, array_slice($this->log, 0, -1))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ use Composer\IO\NullIO;
|
||||||
use Composer\Json\JsonFile;
|
use Composer\Json\JsonFile;
|
||||||
use Composer\Repository\ComposerRepository;
|
use Composer\Repository\ComposerRepository;
|
||||||
use Composer\Repository\RepositoryInterface;
|
use Composer\Repository\RepositoryInterface;
|
||||||
|
use Composer\Semver\Constraint\Constraint;
|
||||||
use Composer\Test\Mock\FactoryMock;
|
use Composer\Test\Mock\FactoryMock;
|
||||||
use Composer\Test\TestCase;
|
use Composer\Test\TestCase;
|
||||||
use Composer\Package\Loader\ArrayLoader;
|
use Composer\Package\Loader\ArrayLoader;
|
||||||
|
|
@ -380,4 +381,53 @@ class ComposerRepositoryTest extends TestCase
|
||||||
|
|
||||||
$this->assertEquals(['foo/bar'], $repository->getPackageNames());
|
$this->assertEquals(['foo/bar'], $repository->getPackageNames());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testGetSecurityAdvisoriesAssertRepositoryHttpOptionsAreUsed(): void
|
||||||
|
{
|
||||||
|
$httpDownloader = $this->getHttpDownloaderMock();
|
||||||
|
$httpDownloader->expects(
|
||||||
|
[
|
||||||
|
[
|
||||||
|
'url' => 'https://example.org/packages.json',
|
||||||
|
'body' => JsonFile::encode([
|
||||||
|
'packages' => ['foo/bar' => [
|
||||||
|
'dev-branch' => ['name' => 'foo/bar'],
|
||||||
|
'v1.0.0' => ['name' => 'foo/bar'],
|
||||||
|
]],
|
||||||
|
'metadata-url' => 'https://example.org/p2/%package%.json',
|
||||||
|
'security-advisories' => [
|
||||||
|
'api-url' => 'https://example.org/security-advisories',
|
||||||
|
],
|
||||||
|
]),
|
||||||
|
'options' => ['http' => ['verify_peer' => false]],
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'url' => 'https://example.org/security-advisories',
|
||||||
|
'body' => JsonFile::encode(['advisories' => []]),
|
||||||
|
'options' => ['http' => [
|
||||||
|
'verify_peer' => false,
|
||||||
|
'method' => 'POST',
|
||||||
|
'header' => [
|
||||||
|
'Content-type: application/x-www-form-urlencoded',
|
||||||
|
],
|
||||||
|
'timeout' => 10,
|
||||||
|
'content' => http_build_query(['packages' => ['foo/bar']]),
|
||||||
|
]],
|
||||||
|
]
|
||||||
|
],
|
||||||
|
true
|
||||||
|
);
|
||||||
|
|
||||||
|
$repository = new ComposerRepository(
|
||||||
|
['url' => 'https://example.org/packages.json', 'options' => ['http' => ['verify_peer' => false]]],
|
||||||
|
new NullIO(),
|
||||||
|
FactoryMock::createConfig(),
|
||||||
|
$httpDownloader
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->assertSame([
|
||||||
|
'namesFound' => [],
|
||||||
|
'advisories' => [],
|
||||||
|
], $repository->getSecurityAdvisories(['foo/bar' => new Constraint('=', '1.0.0.0')]));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue