public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Surface the advisory ID when CVE not present. (#11892)

pull/11795/head
Brad Jones 2024-03-19 09:24:10 -06:00 committed by GitHub
parent d36cd30d11
commit d00f590354
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Composer/Advisory/Auditor.php
View File

@ -264,6 +264,10 @@ class Auditor
$advisory->affectedVersions->getPrettyString(),
$advisory->reportedAt->format(DATE_ATOM),
];
if ($advisory->cve === null) {
$headers[] = 'Advisory ID';
$row[] = $advisory->advisoryId;
}
if ($advisory instanceof IgnoredSecurityAdvisory) {
$headers[] = 'Ignore reason';
$row[] = $advisory->ignoreReason ?? 'None specified';
@ -294,6 +298,9 @@ class Auditor
$error[] = "Package: ".$advisory->packageName;
$error[] = "Severity: ".$this->getSeverity($advisory);
$error[] = "CVE: ".$this->getCVE($advisory);
if ($advisory->cve === null) {
$error[] = "Advisory ID: ".$advisory->advisoryId;
}
$error[] = "Title: ".OutputFormatter::escape($advisory->title);
$error[] = "URL: ".$this->getURL($advisory);
$error[] = "Affected versions: ".OutputFormatter::escape($advisory->affectedVersions->getPrettyString());