From 7cb92a90c8ce1fc8816078bb82f9caa180d082fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dezs=C5=91=20BICZ=C3=93?= <mxr576@users.noreply.github.com>
Date: Wed, 7 Feb 2024 21:13:36 +0000
Subject: [PATCH] Introduce COMPOSER_AUDIT_ABANDONED env var (#11794)

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
---
 doc/03-cli.md                                |  5 ++++
 doc/06-config.md                             | 12 ++++++++++
 src/Composer/Advisory/Auditor.php            |  1 +
 src/Composer/Config.php                      | 14 +++++++++++
 tests/Composer/Test/Advisory/AuditorTest.php |  1 +
 tests/Composer/Test/ConfigTest.php           | 25 ++++++++++++++++++++
 6 files changed, 58 insertions(+)

diff --git a/doc/03-cli.md b/doc/03-cli.md
index f72c2ba82..b03ad1f8c 100644
--- a/doc/03-cli.md
+++ b/doc/03-cli.md
@@ -1247,6 +1247,11 @@ similar use case), and need to support proxies, please provide the `CGI_HTTP_PRO
 environment variable instead. See [httpoxy.org](https://httpoxy.org/) for further
 details.
 
+### COMPOSER_AUDIT_ABANDONED
+
+Set to `ignore`, `report` or `fail` to override the [audit.abandoned](06-config.md#abandoned)
+config option.
+
 ### COMPOSER_MAX_PARALLEL_HTTP
 
 Set to an integer to configure how many files can be downloaded in parallel. This
diff --git a/doc/06-config.md b/doc/06-config.md
index a39c2872b..c6aa47491 100644
--- a/doc/06-config.md
+++ b/doc/06-config.md
@@ -143,6 +143,18 @@ Defaults to `report` in Composer 2.6, and defaults to `fail` from Composer 2.7 o
 - `report` means abandoned packages are reported as an error but do not cause the command to exit with a non-zero code.
 - `fail` means abandoned packages will cause audits to fail with a non-zero code.
 
+```json
+{
+    "config": {
+        "audit": {
+            "abandoned": "report"
+        }
+    }
+}
+```
+
+Since Composer 2.7 the option can be overriden via the [`COMPOSER_AUDIT_ABANDONED`](03-cli.md#composer-audit-abandoned) environment variable.
+
 ## use-parent-dir
 
 When running Composer in a directory where there is no composer.json, if there
diff --git a/src/Composer/Advisory/Auditor.php b/src/Composer/Advisory/Auditor.php
index bc6520d55..f0dc76ae5 100644
--- a/src/Composer/Advisory/Auditor.php
+++ b/src/Composer/Advisory/Auditor.php
@@ -19,6 +19,7 @@ use Composer\Package\CompletePackageInterface;
 use Composer\Package\PackageInterface;
 use Composer\Repository\RepositorySet;
 use Composer\Util\PackageInfo;
+use Composer\Util\Platform;
 use InvalidArgumentException;
 use Symfony\Component\Console\Formatter\OutputFormatter;
 
diff --git a/src/Composer/Config.php b/src/Composer/Config.php
index 9296467f4..f9da7d304 100644
--- a/src/Composer/Config.php
+++ b/src/Composer/Config.php
@@ -436,6 +436,20 @@ class Config
 
                 return $this->process($this->config[$key], $flags);
 
+            case 'audit':
+                $result = $this->config[$key];
+                $abandonedEnv = $this->getComposerEnv('COMPOSER_AUDIT_ABANDONED');
+                if (false !== $abandonedEnv) {
+                    if (!in_array($abandonedEnv, $validChoices = [Auditor::ABANDONED_IGNORE, Auditor::ABANDONED_REPORT, Auditor::ABANDONED_FAIL], true)) {
+                        throw new \RuntimeException(
+                            "Invalid value for COMPOSER_AUDIT_ABANDONED: {$abandonedEnv}. Expected ".Auditor::ABANDONED_IGNORE.", ".Auditor::ABANDONED_REPORT." or ".Auditor::ABANDONED_FAIL
+                        );
+                    }
+                    $result['abandoned'] = $abandonedEnv;
+                }
+
+                return $result;
+
             default:
                 if (!isset($this->config[$key])) {
                     return null;
diff --git a/tests/Composer/Test/Advisory/AuditorTest.php b/tests/Composer/Test/Advisory/AuditorTest.php
index 2253169f4..748f6a5f8 100644
--- a/tests/Composer/Test/Advisory/AuditorTest.php
+++ b/tests/Composer/Test/Advisory/AuditorTest.php
@@ -23,6 +23,7 @@ use Composer\Repository\ComposerRepository;
 use Composer\Repository\RepositorySet;
 use Composer\Test\TestCase;
 use Composer\Advisory\Auditor;
+use Composer\Util\Platform;
 use InvalidArgumentException;
 
 class AuditorTest extends TestCase
diff --git a/tests/Composer/Test/ConfigTest.php b/tests/Composer/Test/ConfigTest.php
index 428c4f265..8a169b745 100644
--- a/tests/Composer/Test/ConfigTest.php
+++ b/tests/Composer/Test/ConfigTest.php
@@ -12,6 +12,7 @@
 
 namespace Composer\Test;
 
+use Composer\Advisory\Auditor;
 use Composer\Config;
 use Composer\IO\IOInterface;
 use Composer\Util\Platform;
@@ -382,6 +383,30 @@ class ConfigTest extends TestCase
         $this->assertEquals('COMPOSER_HTACCESS_PROTECT', $result);
     }
 
+    public function testAudit(): void
+    {
+        $config = new Config(true);
+        $result = $config->get('audit');
+        self::assertArrayHasKey('abandoned', $result);
+        self::assertArrayHasKey('ignore', $result);
+        self::assertSame(Auditor::ABANDONED_FAIL, $result['abandoned']);
+        self::assertSame([], $result['ignore']);
+
+        Platform::putEnv('COMPOSER_AUDIT_ABANDONED', Auditor::ABANDONED_IGNORE);
+        $result = $config->get('audit');
+        Platform::clearEnv('COMPOSER_AUDIT_ABANDONED');
+        self::assertArrayHasKey('abandoned', $result);
+        self::assertArrayHasKey('ignore', $result);
+        self::assertSame(Auditor::ABANDONED_IGNORE, $result['abandoned']);
+        self::assertSame([], $result['ignore']);
+
+        $config->merge(['config' => ['audit' => ['ignore' => ['A', 'B']]]]);
+        $config->merge(['config' => ['audit' => ['ignore' => ['A', 'C']]]]);
+        $result = $config->get('audit');
+        self::assertArrayHasKey('ignore', $result);
+        self::assertSame(['A', 'B', 'A', 'C'], $result['ignore']);
+    }
+
     public function testGetDefaultsToAnEmptyArray(): void
     {
         $config = new Config;