2017-04-04 15:59:28 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace PHPCensor\Plugin;
|
|
|
|
|
|
|
|
use PHPCensor;
|
|
|
|
use PHPCensor\Builder;
|
|
|
|
use PHPCensor\Model\Build;
|
|
|
|
use PHPCensor\Plugin;
|
|
|
|
use PHPCensor\Model\BuildError;
|
|
|
|
use PHPCensor\ZeroConfigPluginInterface;
|
|
|
|
use SensioLabs\Security\SecurityChecker as BaseSecurityChecker;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* SensioLabs Security Checker Plugin
|
2018-02-04 08:22:07 +01:00
|
|
|
*
|
2017-04-04 15:59:28 +02:00
|
|
|
* @author Dmitry Khomutov <poisoncorpsee@gmail.com>
|
|
|
|
*/
|
|
|
|
class SecurityChecker extends Plugin implements ZeroConfigPluginInterface
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* @var integer
|
|
|
|
*/
|
2018-02-04 08:22:07 +01:00
|
|
|
protected $allowedWarnings;
|
|
|
|
|
2017-04-04 15:59:28 +02:00
|
|
|
/**
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public static function pluginName()
|
|
|
|
{
|
|
|
|
return 'security_checker';
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* {@inheritdoc}
|
|
|
|
*/
|
|
|
|
public function __construct(Builder $builder, Build $build, array $options = [])
|
|
|
|
{
|
|
|
|
parent::__construct($builder, $build, $options);
|
|
|
|
|
2018-02-04 08:22:07 +01:00
|
|
|
$this->allowedWarnings = 0;
|
2017-04-04 15:59:28 +02:00
|
|
|
|
|
|
|
if (isset($options['zero_config']) && $options['zero_config']) {
|
2018-02-04 08:22:07 +01:00
|
|
|
$this->allowedWarnings = -1;
|
2017-04-04 15:59:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (array_key_exists('allowed_warnings', $options)) {
|
2018-02-04 08:22:07 +01:00
|
|
|
$this->allowedWarnings = (int)$options['allowed_warnings'];
|
2017-04-04 15:59:28 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if this plugin can be executed.
|
|
|
|
*
|
|
|
|
* @param $stage
|
|
|
|
* @param Builder $builder
|
|
|
|
* @param Build $build
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public static function canExecute($stage, Builder $builder, Build $build)
|
|
|
|
{
|
2018-03-08 04:31:31 +01:00
|
|
|
$path = $builder->buildPath . '/composer.lock';
|
2017-04-04 15:59:28 +02:00
|
|
|
|
|
|
|
if (file_exists($path) && $stage == Build::STAGE_TEST) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function execute()
|
|
|
|
{
|
|
|
|
$success = true;
|
|
|
|
$checker = new BaseSecurityChecker();
|
2018-03-08 04:31:31 +01:00
|
|
|
$warnings = $checker->check($this->builder->buildPath . '/composer.lock');
|
2017-04-04 15:59:28 +02:00
|
|
|
|
|
|
|
if ($warnings) {
|
|
|
|
foreach ($warnings as $library => $warning) {
|
2018-02-04 08:22:07 +01:00
|
|
|
foreach ($warning['advisories'] as $data) {
|
2017-04-04 15:59:28 +02:00
|
|
|
$this->build->reportError(
|
|
|
|
$this->builder,
|
|
|
|
'security_checker',
|
|
|
|
$library . ' (' . $warning['version'] . ")\n" . $data['cve'] . ': ' . $data['title'] . "\n" . $data['link'],
|
|
|
|
BuildError::SEVERITY_CRITICAL,
|
|
|
|
'-',
|
|
|
|
'-'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-02-04 08:22:07 +01:00
|
|
|
if ($this->allowedWarnings != -1 && ((int)$checker->getLastVulnerabilityCount() > $this->allowedWarnings)) {
|
2017-04-04 15:59:28 +02:00
|
|
|
$success = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return $success;
|
|
|
|
}
|
|
|
|
}
|