1
0
Fork 0
Commit Graph

337 Commits (e8d9087229bcdbc5867594d3098091412f1130cf)

Author SHA1 Message Date
Jordi Boggiano 18e24976c1
Merge branch '1.10' 2021-10-05 09:43:00 +02:00
Jordi Boggiano ca5e2f8d50
Fix escaping issues on Windows which could lead to command injection, fixes GHSA-frqg-7g38-6gcf 2021-10-05 09:39:50 +02:00
Jordi Boggiano f4e2b389a1
Fix test 2021-08-29 20:10:24 +02:00
Jordi Boggiano d3c176ec69
PHPStan Level 5 (#10070)
* Bump PHPStan to level 5

* Update seld/phar-utils to latest

* Add phpstan-setup / phpstan scripts
2021-08-21 17:41:52 +02:00
Jordi Boggiano a586a753df
Fix all remaining php8.1 test suite deprecations 2021-08-19 13:00:30 +02:00
Jordi Boggiano 0b09e08f4b
Fix direct deprecations 2021-08-18 15:17:06 +02:00
Stephan c65bd832d6
Url: fix sanitize for new github tokens (#10048) 2021-08-11 13:24:41 +02:00
Jordi Boggiano 10ae1d7b08
Fix some PHP 8.1 deprecation warnings, fixes #10008 2021-07-21 15:13:24 +02:00
Jordi Boggiano cc81f5bac3
Fix support for UNC paths in normalizePath, refs #9993 2021-07-12 13:36:57 +02:00
Jordi Boggiano 1b34495daa
Some phpstan level 4 fixes 2021-06-03 11:29:00 +02:00
Jordi Boggiano 40c7a725e1
Merge branch '2.0' 2021-04-27 13:06:49 +02:00
Jordi Boggiano 332c46af8b
Merge pull request from GHSA-h5h8-pc6h-jvvx
* Fix external process calls to avoid user input being able to pass extra parameters

* Tweak some fixes
2021-04-27 13:00:40 +02:00
Jordi Boggiano 083b73515d
Merge pull request from GHSA-h5h8-pc6h-jvvx
* Fix external process calls to avoid user input being able to pass extra parameters

* Tweak some fixes
2021-04-27 13:00:40 +02:00
Jordi Boggiano 4940009f83
Bump phpstan to level 3 (#9734)
Clean up PackageInterface/CompletePackageInterface, add missing methods, type things in solver as BasePackage, added CompleteAliasPackage, ..
2021-03-09 15:49:40 +01:00
Jordi Boggiano 40800df6bd
Fix CS 2021-02-25 13:46:52 +01:00
Jordi Boggiano b7d770659b
CS fixes 2020-11-22 14:52:39 +01:00
Andrés De la Cruz 480a6439fd
Fix phpstan phpdocs issues (#9478) 2020-11-20 09:28:09 +01:00
Stephan Vock d97c37f103 Zip: ignore mac osx specific folder when searching for composer.json 2020-10-29 22:30:12 +00:00
johnstevenson 2a913c7a68 Improve proxy error messages for streams 2020-10-24 18:20:31 +01:00
Jordi Boggiano 62eff8e979
Tweaks to new proxying code, refs #9324 2020-10-24 10:36:39 +02:00
johnstevenson d47261eb93 Refactor proxy handling for Composer2 2020-10-23 21:38:29 +01:00
Nils Adermann e868996bdd Validate: Warn about providing or replacing packages you require 2020-10-23 22:02:13 +02:00
Jordi Boggiano 8564dd8dac
Allow Url::sanitize to escape URLs without scheme 2020-10-23 13:27:46 +02:00
johnstevenson 8feb83b22b
Remove duplicate StreamContextFactory ssl options
Added in Dec 2014 (commit 8dad846), superseded in Jan 2016 (pr #4759)
2020-10-23 13:25:17 +02:00
Nils Adermann 6409ed0fc2 Validate: Warn about providing or replacing packages you require 2020-10-22 11:28:19 +02:00
Jordi Boggiano c01e3bd2f0
Make async test more robust 2020-10-16 11:23:03 +02:00
Simon Berger 80d71ccb3f Merged isset, unset and str_replace calls 2020-09-26 00:55:19 +02:00
Simon Berger 80a75e9959 Minor code improvements 2020-09-20 02:16:28 +02:00
Jordi Boggiano d942c65e0c
Fix more warnings 2020-09-11 11:32:09 +02:00
Jordi Boggiano 1593b67230
Fix warnings on higher phpunit versions 2020-09-11 11:01:32 +02:00
Simon Berger f3936b82cd Added test to cancel ProcessExecutor::asyncExecute 2020-09-08 11:33:41 +02:00
Nils Adermann 1385412748 Merge branch 'master' into filter-packages
* master:
  Add tests for edge cases of packages providing names which exist as real packages
  Add another test verifying that a package may provide an incompatible version of sth that actually exists
  Fix provider coexistence test, needs another requirement to install both
  Fix test filename to end with .test extension so it gets run
  Update config section to note required scope for GitLab tokens
  Fix pre/post-package-install/update/uninstall events receiving a partial list of operations, fixes #9079
  Also remove credentials from cache dirs in git/svn drivers, fixes #7439, refs #9155
  AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
  Sanitize repo URLs to mask HTTP auth passwords from cache directory
  Util/Zip: fix strpos args order
2020-08-28 14:52:58 +02:00
Ayesh Karunaratne 931a1ff1f8
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.

With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
2020-08-27 12:13:28 +07:00
Jordi Boggiano 9a04ecefbf
Merge branch 'master' into filter-packages 2020-08-25 16:51:28 +02:00
Jordi Boggiano 4d20e6f5d6
Move Version util to Platform namespace, fix CS nitpicks, make regexes case insensitive for robustness, refs #9093 2020-08-13 15:48:41 +02:00
Jordi Boggiano 7e1ef19a5a
Expand library version checking capabilities (closes #9093) 2020-08-13 15:48:41 +02:00
Wissem Riahi 657ae5519e
Add support for TAR in Artifact packages (#9105) 2020-08-12 20:30:58 +02:00
Wissem Riahi c353ac835c
Add exception for multiple composer.json files (#3) 2020-07-21 17:10:26 +02:00
Jordi Boggiano 942562c382
Clean up Zip Util to be more strict about what is a valid package archive, fixes #8931 2020-07-16 17:36:46 +02:00
Yanick Witschi ea0ce9dd7d Merge branch 'master' into filter-packages 2020-06-22 18:38:16 +02:00
Michael Chekin 6d9bf42655
Additional Util\RemoteFileSystem tests (#8960)
* RemoteFilesystemTest: simplifying some mock expectations calls

- will($this->returnValue()) to willReturn()
- will($this->returnCallBack()) to willReturnCallback()

* RemoteFilesystemTest: extracting identical mocks for IOInterface into a separate getIOInterfaceMock() method

* RemoteFilesystemTest: converting protected helper methods to private.

* RemoteFilesystemTest: moving getConfigMock() private method after the public methods (with other private methods)

* adding RemoteFileSystemTest::testCopyWithRetryAuthFailureFalse() unit test.

* Allow optional injecting of AuthHelper into RemoteFilesystem constructor.

* adding RemoteFileSystemTest::testCopyWithSuccessOnRetry() unit test.

* using backward compatible @expectedException in RemoteFilesystemTest.php

* RemoteFilesystemTest: extracting RemoteFilesystem with mocked method creation into a separate method.

* RemoteFilesystemTest: extracting AuthHelper with mocked method creation into a separate method.
2020-06-16 09:35:33 +02:00
Jordi Boggiano 67a88880ec
Get rid of EmptyConstraint 2020-06-05 16:52:24 +02:00
Jordi Boggiano 4e1f8cf89d
Build tweaks 2020-05-20 16:20:54 +02:00
Jordi Boggiano dd0c8b4278
Merge pull request #8723 from helhum/fix-package-sorting
Fix package sorting
2020-05-06 10:47:01 +02:00
Michael Chekin c23670c3ec
Add Util\AuthHelper unit test coverage (#8863)
* Add AuthHelper::addAuthenticationHeader() test on missing authentication credentials.

* Add AuthHelper::addAuthenticationHeader() test on bearer password.

* Add AuthHelper::addAuthenticationHeader() test on Github token.

* Add AuthHelper::addAuthenticationHeader() test on Gitlab Oauth token.

* Add $authenticationDisplayMessage write expectation to AuthHelper::addAuthenticationHeader() tests.

* Add AuthHelper::addAuthenticationHeader() test on Gitlab private token.

* Add AuthHelper::addAuthenticationHeader() test on Bitbucket Oauth token.

* Add AuthHelper::addAuthenticationHeader() test on Bitbucket public urls.

* Add AuthHelper::addAuthenticationHeader() test on Basic Http Authentication.

* Add AuthHelper::isPublicBitBucketDownload() tests.

* Rename AuthHelperTest $credentials variable to $auth.

* Add AuthHelper::storeAuth() test for auto-store option.

* Add AuthHelper::storeAuth() test for user prompt and y(es) answer.

* Add AuthHelper::storeAuth() test for user prompt and n(o) answer.

* Add AuthHelper::storeAuth() test for user prompt with invalid answer.

* Add AuthHelper::promptAuthIfNeeded() test for Github authentication failure.

- add GitHub hard dependency mock (new GitHub(...) mock)

* Run AuthHelper::promptAuthIfNeeded() tests only with PHP > 5.3

* Run AuthHelper::promptAuthIfNeeded() tests only with PHP >= 5.4

* Run AuthHelper::promptAuthIfNeeded() tests only with PHP 5.4

* Exclude PHPStan analyses of '../tests/Composer/Test/Util/Mocks/*'

* Exclude AuthHelper::promptAuthIfNeeded() tests from current pull request.

* Extract repetitive AuthHelperTest authentication expectation into a method.
2020-05-04 09:48:23 +02:00
Helmut Hummel 7c891701e6 Fix package sorting
PackageSorter weighs the importance of a package
by counting how many times it is required by other packages.
This works by calculating the weight for each package name.

However currently the package index of the package array
is currently passed the weigh function, which basically
disables package sorting.

The reason for that is, that a package repository previously
returned the package list as associative array with  package name as keys,
but currently just as an array with integer keys.

Therefore we must extract the package name from the package
before passing it to the weigh function.
2020-05-03 16:31:47 +02:00
Michael Chekin b9be78b689
Additional Util\Bitbucket class test coverage (#8835) 2020-04-28 11:45:30 +02:00
Jordi Boggiano 45ecbae8f5
Merge branch 'master' into 2.0 2020-02-07 22:20:51 +01:00
Ion Bazan a9bace37f6 fix windows build 2020-02-07 15:18:18 +08:00
Ion Bazan 58b34d13e8 fix risky tests (without any assertion) 2020-02-07 14:35:07 +08:00
Ion Bazan a2137d5263 use Symfony PHPUnit Bridge 2020-02-07 12:22:22 +08:00
Jordi Boggiano 1e68555e0a
Sanitize URLs in getRepoName and centralize the Url sanitization process 2020-01-30 15:50:46 +01:00
Jordi Boggiano 30b6a41035
Extract MetadataMinifier util 2020-01-15 12:58:30 +01:00
Jordi Boggiano 4a7d42604f
Fix tests 2020-01-14 16:27:16 +01:00
Jordi Boggiano a5b178084c
Merge branch 'master' into 2.0 2020-01-14 15:39:35 +01:00
Jordi Boggiano c43137db3f
Merge branch '1.9' 2020-01-13 15:50:39 +01:00
Jordi Boggiano 4e667f891b
Fix 5.3 build 2020-01-13 13:45:04 +01:00
Jordi Boggiano 23359f2db6
Merge branch 'master' into 2.0 2020-01-13 13:35:52 +01:00
Jordi Boggiano 3d72b56ed6
Merge branch '1.9' 2020-01-13 13:30:52 +01:00
Jordi Boggiano d3f1c664d4
Avoid formatting output from external processes, fixes #8524 2020-01-13 13:30:46 +01:00
Ondrej Mirtes 7d4d4622ab
ProcessExecutor - do not format output from executed processes 2020-01-13 13:20:04 +01:00
johnstevenson 00da9b125d Tidy and fix tests 2019-11-30 15:45:54 +00:00
johnstevenson 74ba9decdf Rewrite NoProxyPattern to include IPv6
This includes two breaking changes:
- the hostname is not resolved in the case of an IP address.
- a hostname with a trailing period (FQDN) is not matched.

This brings the basic implementation in line with curl behaviour, with
the addition of full IP address and range matching (curl does not
differentiate between IP addresses host names).

The NO_PROXY environment variable can be set to either a comma-separated
list of host names that should not use a proxy, or single asterisk `*`
to match all hosts.

- Port numbers can be included by prefixing the port with a colon `:`.
- IP addresses can be used, but must be enclosed in square brackets
`[...]` if they include a port number.
- IP address ranges can specified in CIDR notation, separating the IP
address and prefix-length with a forward slash `/`.
2019-11-29 20:39:08 +00:00
Jordi Boggiano 88b051c96b
Merge branch 'master' into 2.0
Update deps
2019-11-23 12:27:41 +01:00
Stephan Vock b847115617 Git: fix authentication handling for private GitHub repositories 2019-11-23 12:02:06 +01:00
Jordi Boggiano bc2a1d762a
Merge branch 'master' into 2.0 2019-10-30 08:54:44 +01:00
johnstevenson 8d9b822413 Add messages to junction tests to see failures 2019-10-21 11:09:17 +02:00
Jordi Boggiano 6c4357a7ed
Merge branch 'master' into 2.0 2019-07-31 17:50:01 +02:00
Jordi Boggiano 26a3e12c96
Merge pull request #7994 from aschempp/feature/zip-util
Extract the ZIP utility functions from ArtifactRepository
2019-07-30 11:36:10 +02:00
Gabriel Caruso 6c8ddd4d57
Remove unused private properties 2019-07-24 02:53:53 +02:00
Nils Adermann d2fa1e1319 Merge branch 'master' into 2.0
* master: (48 commits)
  SVN: hide passwords for debug output
  Free $solver asap
  fixes #8179
  [minor] Fixed a typo in the CHANGELOG.md.
  Update deps
  Update changelog
  Revert "Allow overriding self-update target file with envvar COMPOSER_SELF_UPDATE_TARGET" Revert "Add docs for COMPOSER_SELF_UPDATE_TARGET, refs #8151"
  Add docs for COMPOSER_SELF_UPDATE_TARGET, refs #8151
  Fix display of HHVM warning appearing when HHVM is not in use, fixes #8138
  Read classmap-authoritative and apcu-autoloader from project config when installing via create-project, fixes #8155
  Use possessive quantifiers
  Update xdebug-handler to 1.3.3
  fixes #8159
  Allow overriding self-update target file with envvar COMPOSER_SELF_UPDATE_TARGET
  flag should come before script name
  use full command name, not abbreviated/alias
  modify text
  Document the alternatives to disable the default script timeout
  Anchor pattern
  Fix URL resolution for Composer repositories
  ...
2019-06-27 14:08:00 +02:00
Stephan Vock 8da046e4e9 SVN: hide passwords for debug output 2019-06-23 18:59:36 +01:00
Andreas Schempp 0e2215dc6c Added full unit test coverage 2019-03-04 11:08:59 +01:00
Jordi Boggiano 64384f8b15 Fix tests 2019-01-14 17:29:24 +01:00
Jordi Boggiano fd11cf3618 Port/extract most behavior of RemoteFilesystem to CurlDownloader 2019-01-14 17:29:23 +01:00
Jordi Boggiano 1cd9f4f9db Disable request_fulluri by default for HTTPS connections 2019-01-14 17:29:23 +01:00
Jordi Boggiano 713bc4de1d Minor fixes and updated the rest of the code/tests to use HttpDownloader 2019-01-14 17:29:23 +01:00
Gabriel Caruso 2a13bb2649 Fixes from PHPStan (#7687)
* fix docblocks

* remove redundant conditional

* fix wrong variable name

* fix wrong namespaces

* add missing private members

* remove unused/redundant arguments

* move testcase class

* exclude TestCase.php

* Tweak RuleWatchGraph type hints

* Tweak doc comment
2018-11-12 15:23:32 +01:00
Jordi Boggiano bf125295df Fix escaping of URLs in Perforce and Subversion drivers 2018-08-25 18:48:56 +02:00
Jordi Boggiano ff59bbdab0 CS fixer 2018-07-24 14:32:52 +02:00
Jordi Boggiano 38866ba310 Merge remote-tracking branch 'johnstevenson/external-xdebug' 2018-04-13 15:38:27 +02:00
Jordi Boggiano bfa01285c2 Merge branch '1.6' 2018-04-12 10:25:03 +02:00
Jordi Boggiano 066351c5b9 Remove use of deprecated getMock method 2018-04-12 10:24:56 +02:00
johnstevenson ed97c2116c Use external XdebugHandler library 2018-03-08 19:20:16 +00:00
Jordi Boggiano ea9b7ecbb0
Merge pull request #6982 from carusogabriel/phpstan
Fixes from PHPStan level 0
2018-01-22 14:50:43 +01:00
Martin Hujer bbee0d7c6c Validation warns if script description for nonexistent script is present
Fixes #7010
2018-01-17 19:15:06 +01:00
Gabriel Caruso 3d262bd637 Fixes from PHPStan level 0
More fixes from PHPStan level 0
2018-01-14 11:44:15 -02:00
Tomas Klinkenberg 60106edd32 Added a test to confirm issue #6994.
Added a encapsulated group to the replacement parameter of the `preg_replace` for GitLab in `\Composer\Util\Url::updateDistReference()`. This fixes #6994.
2018-01-09 17:57:22 +01:00
Jordi Boggiano e6114b2ca7 Fix support for replacing dist refs in gitlab URLs and add support for gitlab/github enterprise too 2018-01-05 15:20:30 +01:00
Jordi Boggiano c8aea719b1 CS fixes 2017-12-18 16:02:48 +01:00
Gabriel Caruso 885da4c8ef Refactoring tests 2017-12-03 02:41:58 -02:00
Gabriel Caruso afc9a7643e Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase 2017-11-30 13:44:43 -02:00
Gabriel Caruso a4b220273e Refactoring Tests (#6849) 2017-11-30 15:58:10 +01:00
Jordi Boggiano eab826b00b Merge branch '1.5' 2017-11-29 16:37:49 +01:00
Jordi Boggiano 45cd26b2df Fix test and actually check that we get hasAuthentication called for different domains 2017-11-29 16:37:00 +01:00
Jordi Boggiano 0b3bc4ccb9 Merge branch '1.5' 2017-11-28 18:09:36 +01:00
johnstevenson b0922b95af Report multiple inis in php.ini specific messages
Where systems use multiple ini files it is perhaps more useful to
suggest running `php --ini` to see their locations, rather than showing
the loaded php.ini (if one exists).
2017-11-28 18:09:08 +01:00
croensch 6da92e98ac also support NO_PROXY
since WINDOWS can only have one case and that is usually upperase
2017-10-12 16:35:05 +02:00
Vladimir Reznichenko c8615358cb SCA with PHP Inspections (EA Extended) 2017-09-11 19:40:43 +02:00
Christian Ramelow f178c340e9 Fixed tests. 2017-09-01 20:47:13 +02:00