public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Add security to support options (#11271) 

This support option allows projects to specify a URL to the project's
vulnerability disclosure policy (VDP).
pull/11375/head
Ben Ramsey 2023-03-10 15:28:10 -06:00 committed by GitHub
parent d1ab1255b5
commit cd137ee29b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
composer.json
View File

@ -98,6 +98,7 @@
}, },
"support": { "support": {
"issues": "https://github.com/composer/composer/issues", "issues": "https://github.com/composer/composer/issues",
"irc": "ircs://irc.libera.chat:6697/composer" "irc": "ircs://irc.libera.chat:6697/composer",
"security": "https://github.com/composer/composer/security/policy"
} }
} }

1
doc/04-schema.md
View File

@ -250,6 +250,7 @@ Support information includes the following:
* **docs:** URL to the documentation. * **docs:** URL to the documentation.
* **rss:** URL to the RSS feed. * **rss:** URL to the RSS feed.
* **chat:** URL to the chat channel. * **chat:** URL to the chat channel.
* **security:** URL to the vulnerability disclosure policy (VDP).
An example: An example:

5
res/composer-schema.json
View File

@ -111,6 +111,11 @@
"type": "string", "type": "string",
"description": "URL to the RSS feed.", "description": "URL to the RSS feed.",
"format": "uri" "format": "uri"
},
"security": {
"type": "string",
"description": "URL to the vulnerability disclosure policy (VDP).",
"format": "uri"
} }
} }
}, },

2
src/Composer/Package/CompletePackage.php
View File

@ -33,7 +33,7 @@ class CompletePackage extends Package implements CompletePackageInterface
protected $homepage = null; protected $homepage = null;
/** @var array<string, string[]> Map of script name to array of handlers */ /** @var array<string, string[]> Map of script name to array of handlers */
protected $scripts = []; protected $scripts = [];
/** @var array{issues?: string, forum?: string, wiki?: string, source?: string, email?: string, irc?: string, docs?: string, rss?: string, chat?: string} */ /** @var array{issues?: string, forum?: string, wiki?: string, source?: string, email?: string, irc?: string, docs?: string, rss?: string, chat?: string, security?: string} */
protected $support = []; protected $support = [];
/** @var array<array{url?: string, type?: string}> */ /** @var array<array{url?: string, type?: string}> */
protected $funding = []; protected $funding = [];

4
src/Composer/Package/CompletePackageInterface.php
View File

@ -118,14 +118,14 @@ interface CompletePackageInterface extends PackageInterface
/** /**
* Returns the support information * Returns the support information
* *
* @return array{issues?: string, forum?: string, wiki?: string, source?: string, email?: string, irc?: string, docs?: string, rss?: string, chat?: string} * @return array{issues?: string, forum?: string, wiki?: string, source?: string, email?: string, irc?: string, docs?: string, rss?: string, chat?: string, security?: string}
*/ */
public function getSupport(): array; public function getSupport(): array;
/** /**
* Set the support information * Set the support information
* *
* @param array{issues?: string, forum?: string, wiki?: string, source?: string, email?: string, irc?: string, docs?: string, rss?: string, chat?: string} $support * @param array{issues?: string, forum?: string, wiki?: string, source?: string, email?: string, irc?: string, docs?: string, rss?: string, chat?: string, security?: string} $support
*/ */
public function setSupport(array $support): void; public function setSupport(array $support): void;

4
src/Composer/Package/Loader/ValidatingArrayLoader.php
View File

@ -191,7 +191,7 @@ class ValidatingArrayLoader implements LoaderInterface
} }
if ($this->validateArray('support') && !empty($this->config['support'])) { if ($this->validateArray('support') && !empty($this->config['support'])) {
foreach (['issues', 'forum', 'wiki', 'source', 'email', 'irc', 'docs', 'rss', 'chat'] as $key) { foreach (['issues', 'forum', 'wiki', 'source', 'email', 'irc', 'docs', 'rss', 'chat', 'security'] as $key) {
if (isset($this->config['support'][$key]) && !is_string($this->config['support'][$key])) { if (isset($this->config['support'][$key]) && !is_string($this->config['support'][$key])) {
$this->errors[] = 'support.'.$key.' : invalid value, must be a string'; $this->errors[] = 'support.'.$key.' : invalid value, must be a string';
unset($this->config['support'][$key]); unset($this->config['support'][$key]);
@ -208,7 +208,7 @@ class ValidatingArrayLoader implements LoaderInterface
unset($this->config['support']['irc']); unset($this->config['support']['irc']);
} }
foreach (['issues', 'forum', 'wiki', 'source', 'docs', 'chat'] as $key) { foreach (['issues', 'forum', 'wiki', 'source', 'docs', 'chat', 'security'] as $key) {
if (isset($this->config['support'][$key]) && !$this->filterUrl($this->config['support'][$key])) { if (isset($this->config['support'][$key]) && !$this->filterUrl($this->config['support'][$key])) {
$this->warnings[] = 'support.'.$key.' : invalid value ('.$this->config['support'][$key].'), must be an http/https URL'; $this->warnings[] = 'support.'.$key.' : invalid value ('.$this->config['support'][$key].'), must be an http/https URL';
unset($this->config['support'][$key]); unset($this->config['support'][$key]);

3
tests/Composer/Test/Package/Loader/ValidatingArrayLoaderTest.php
View File

@ -74,6 +74,7 @@ class ValidatingArrayLoaderTest extends TestCase
'irc' => 'irc://example.org/example', 'irc' => 'irc://example.org/example',
'rss' => 'http://example.org/rss', 'rss' => 'http://example.org/rss',
'chat' => 'http://example.org/chat', 'chat' => 'http://example.org/chat',
'security' => 'https://example.org/security',
], ],
'funding' => [ 'funding' => [
[ [
@ -449,6 +450,7 @@ class ValidatingArrayLoaderTest extends TestCase
'issues' => 'foo:bar', 'issues' => 'foo:bar',
'wiki' => 'foo:bar', 'wiki' => 'foo:bar',
'chat' => 'foo:bar', 'chat' => 'foo:bar',
'security' => 'foo:bar',
], ],
], ],
[ [
@ -457,6 +459,7 @@ class ValidatingArrayLoaderTest extends TestCase
'support.issues : invalid value (foo:bar), must be an http/https URL', 'support.issues : invalid value (foo:bar), must be an http/https URL',
'support.wiki : invalid value (foo:bar), must be an http/https URL', 'support.wiki : invalid value (foo:bar), must be an http/https URL',
'support.chat : invalid value (foo:bar), must be an http/https URL', 'support.chat : invalid value (foo:bar), must be an http/https URL',
'support.security : invalid value (foo:bar), must be an http/https URL',
], ],
], ],
[ [