1
0
Fork 0

Ensure repos declaring security-advisories have at least an API or a restricted set of packages to avoid too many wasteful requests

pull/11798/head
Jordi Boggiano 2024-01-12 13:16:53 +01:00
parent 3491986ad3
commit a29acbdd2e
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 11 additions and 5 deletions

View File

@ -109,7 +109,7 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito
private $partialPackagesByName = null; private $partialPackagesByName = null;
/** @var bool */ /** @var bool */
private $displayedWarningAboutNonMatchingPackageIndex = false; private $displayedWarningAboutNonMatchingPackageIndex = false;
/** @var array{metadata: bool, query-all: bool, api-url: string|null}|null */ /** @var array{metadata: bool, api-url: string|null}|null */
private $securityAdvisoryConfig = null; private $securityAdvisoryConfig = null;
/** /**
@ -1257,9 +1257,11 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito
if (isset($data['security-advisories']) && is_array($data['security-advisories'])) { if (isset($data['security-advisories']) && is_array($data['security-advisories'])) {
$this->securityAdvisoryConfig = [ $this->securityAdvisoryConfig = [
'metadata' => $data['security-advisories']['metadata'] ?? false, 'metadata' => $data['security-advisories']['metadata'] ?? false,
'api-url' => $data['security-advisories']['api-url'] ?? null, 'api-url' => isset($data['security-advisories']['api-url']) && is_string($data['security-advisories']['api-url']) ? $this->canonicalizeUrl($data['security-advisories']['api-url']) : null,
'query-all' => $data['security-advisories']['query-all'] ?? false,
]; ];
if ($this->securityAdvisoryConfig['api-url'] === null && !$this->hasAvailablePackageList) {
throw new \UnexpectedValueException('Invalid security advisory configuration on '.$this->getRepoName().': If the repository does not provide a security-advisories.api-url then available-packages or available-package-patterns are required to be provided for performance reason.');
}
} }
} }
@ -1289,12 +1291,16 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito
} }
/** /**
* @param non-empty-string $url * @param string $url
* @return non-empty-string * @return non-empty-string
*/ */
private function canonicalizeUrl(string $url): string private function canonicalizeUrl(string $url): string
{ {
if ('/' === $url[0]) { if (strlen($url) === 0) {
throw new \InvalidArgumentException('Expected a string with a value and not an empty string');
}
if (str_starts_with($url, '/')) {
if (Preg::isMatch('{^[^:]++://[^/]*+}', $this->url, $matches)) { if (Preg::isMatch('{^[^:]++://[^/]*+}', $this->url, $matches)) {
return $matches[0] . $url; return $matches[0] . $url;
} }