From 9bfddadf3d1f4b5a3879783a7d36fc0e17d3d0d2 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Sat, 24 Oct 2020 20:41:49 +0200 Subject: [PATCH] Make sure no unknown files get excluded from the phar, fixes #9331 --- src/Composer/Compiler.php | 67 ++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 37 deletions(-) diff --git a/src/Composer/Compiler.php b/src/Composer/Compiler.php index 716a744bf..f9f98fa32 100644 --- a/src/Composer/Compiler.php +++ b/src/Composer/Compiler.php @@ -80,6 +80,7 @@ class Compiler return strcmp(strtr($a->getRealPath(), '\\', '/'), strtr($b->getRealPath(), '\\', '/')); }; + // Add Composer sources $finder = new Finder(); $finder->files() ->ignoreVCS(true) @@ -89,69 +90,61 @@ class Compiler ->in(__DIR__.'/..') ->sort($finderSort) ; - foreach ($finder as $file) { $this->addFile($phar, $file); } + // Add ClassLoader separately to make sure it retains the docblocks as it will get copied into projects $this->addFile($phar, new \SplFileInfo(__DIR__ . '/Autoload/ClassLoader.php'), false); + // Add Composer resources $finder = new Finder(); $finder->files() - ->name('*.json') ->in(__DIR__.'/../../res') - ->in(SpdxLicenses::getResourcesDir()) ->sort($finderSort) ; - foreach ($finder as $file) { $this->addFile($phar, $file, false); } - $this->addFile($phar, new \SplFileInfo(__DIR__ . '/../../vendor/symfony/console/Resources/bin/hiddeninput.exe'), false); - $this->addFile($phar, new \SplFileInfo(__DIR__ . '/../../vendor/symfony/polyfill-mbstring/Resources/mb_convert_variables.php8')); + // Add vendor files $finder = new Finder(); $finder->files() ->ignoreVCS(true) - ->name('*.php') - ->name('LICENSE') + ->notPath('/\/(composer\.(json|lock)|[A-Z]+\.md|\.gitignore|phpunit\.xml\.dist|phpstan\.neon\.dist|phpstan-config\.neon)$/') + ->notPath('symfony/debug/Resources/ext/') + ->notPath('justinrainbow/json-schema/demo/') + ->notPath('justinrainbow/json-schema/dist/') + ->notPath('composer/installed.json') + ->notPath('composer/LICENSE') ->exclude('Tests') ->exclude('tests') ->exclude('docs') - ->in(__DIR__.'/../../vendor/symfony/') - ->in(__DIR__.'/../../vendor/seld/jsonlint/') - ->in(__DIR__.'/../../vendor/justinrainbow/json-schema/') - ->in(__DIR__.'/../../vendor/composer/spdx-licenses/') - ->in(__DIR__.'/../../vendor/composer/semver/') - ->in(__DIR__.'/../../vendor/composer/ca-bundle/') - ->in(__DIR__.'/../../vendor/composer/xdebug-handler/') - ->in(__DIR__.'/../../vendor/psr/') - ->in(__DIR__.'/../../vendor/react/') + ->exclude('bin') + ->in(__DIR__.'/../../vendor/') ->sort($finderSort) ; + $extraFiles = array( + realpath(__DIR__ . '/../../vendor/composer/spdx-licenses/res/spdx-exceptions.json'), + realpath(__DIR__ . '/../../vendor/composer/spdx-licenses/res/spdx-licenses.json'), + realpath(CaBundle::getBundledCaBundlePath()), + realpath(__DIR__ . '/../../vendor/symfony/console/Resources/bin/hiddeninput.exe'), + realpath(__DIR__ . '/../../vendor/symfony/polyfill-mbstring/Resources/mb_convert_variables.php8'), + ); + foreach ($finder as $file) { - $this->addFile($phar, $file); + if (!preg_match('{(/LICENSE|\.php)$}', $file) && !in_array(realpath($file), $extraFiles, true)) { + throw new \RuntimeException('Unexpected file should be added to the allow or deny lists: '.$file); + } + + if (preg_match('{\.php[\d.]*$}', $file)) { + $this->addFile($phar, $file); + } else { + $this->addFile($phar, $file, false); + } } - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/autoload.php')); - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_namespaces.php')); - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_psr4.php')); - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_classmap.php')); - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_files.php')); - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_real.php')); - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/autoload_static.php')); - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/installed.php')); - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/InstalledVersions.php')); - if (file_exists(__DIR__.'/../../vendor/composer/platform_check.php')) { - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/platform_check.php')); - } - if (file_exists(__DIR__.'/../../vendor/composer/include_paths.php')) { - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/include_paths.php')); - } - $this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/ClassLoader.php')); - - $this->addFile($phar, new \SplFileInfo(CaBundle::getBundledCaBundlePath()), false); - + // Add bin/composer $this->addComposerBin($phar); // Stubs