Added SensioLabs Security Checker Plugin. Issue #27

composer.json

@@ -54,6 +54,16 @@
     "sensiolabs/ansi-to-html":   "1.1.*",
     "pda/pheanstalk":            "3.1.*",
 
+    "phpunit/phpunit":                 "5.7.*",
+    "codeception/codeception":         "2.2.*",
+    "phpmd/phpmd":                     "2.5.*",
+    "sebastian/phpcpd":                "2.0.*",
+    "squizlabs/php_codesniffer":       "2.7.*",
+    "block8/php-docblock-checker":     "1.0.*",
+    "phploc/phploc":                   "3.0.*",
+    "jakub-onderka/php-parallel-lint": "0.9.*",
+    "sensiolabs/security-checker":     "4.0.*",
+
     "mnsami/composer-custom-directory-installer": "1.1.*",
 
     "npm-asset/sprintf-js":     "1.0.*",
@@ -63,15 +73,6 @@
     "bower-asset/ionicons":     "2.0.*",
     "bower-asset/raphael":      "2.2.*"
   },
-  "require-dev": {
-    "phpunit/phpunit":                 "5.7.*",
-    "phpmd/phpmd":                     "2.5.*",
-    "sebastian/phpcpd":                "2.0.*",
-    "squizlabs/php_codesniffer":       "2.7.*",
-    "block8/php-docblock-checker":     "1.0.*",
-    "phploc/phploc":                   "3.0.*",
-    "jakub-onderka/php-parallel-lint": "0.9.*"
-  },
   "extra": {
     "installer-paths": {
       "public/assets/vendor/sprintf-js":   ["npm-asset/sprintf-js"],

docs/en/README.md

@@ -64,6 +64,7 @@ Plugins
 * [Shell](plugins/shell.md) - `shell`
 * [Slack](plugins/slack_notify.md) - `slack_notify`
 * [Technical Debt](plugins/technical_dept.md) - `technical_debt`
+* [Security Checker](plugins/security_checker.md) - SensioLabs Security Checker Plugin (`security_checker`).
 * [XMPP](plugins/xmpp.md) - `xmpp`
 
 ### Third-party plugins

docs/en/plugins/security_checker.md

@@ -0,0 +1,21 @@
+SensioLabs Security Checker Plugin
+==================================
+
+Runs [SensioLabs Security Checker](https://github.com/sensiolabs/security-checker) against your project.
+
+Configuration
+-------------
+
+### Options
+
+- **allowed_warnings** [int, optional] - The warning limit for a successful build (default: 0). -1 disables warnings.
+
+### Example
+
+Run PHPLoc against the app directory only. This will prevent inclusion of code from 3rd party libraries that are included outside of the app directory.
+
+```yml
+test:
+  security_checker:
+    allowed_warnings: -1
+```

public/assets/js/build-plugins/phpspec.js

@@ -49,27 +49,27 @@ var phpspecPlugin = ActiveBuild.UiPlugin.extend({
         tbody.empty();
 
         for (var i in tests.suites) {
-			var test_suite = tests.suites[i];
+            var test_suite = tests.suites[i];
 
-			for(var k in test_suite.cases){
-				var test_case = test_suite.cases[k];
+            for (var k in test_suite.cases) {
+                var test_case = test_suite.cases[k];
 
-				var row = $(
-					'<tr>'+
-						'<td>'+test_suite.name+'</td>'+
-						'<td title="'+Lang.get('took_n_seconds', test_case['time'])+'">'+test_case.name+'</td>'+
-						'<td>'+(test_case.message ? test_case.message : Lang.get('ok'))+'</td>'+
-					'</tr>'
-				);
+                var row = $(
+                    '<tr>' +
+                    '<td>' + test_suite.name + '</td>' +
+                    '<td title="' + Lang.get('took_n_seconds', test_case['time']) + '">' + test_case.name + '</td>' +
+                    '<td>' + (test_case.message ? test_case.message : Lang.get('ok')) + '</td>' +
+                    '</tr>'
+                );
 
-				if (test_case.status!='passed') {
-					row.addClass('danger');
-				} else {
-					row.addClass('success');
-				}
+                if (test_case.status != 'passed') {
+                    row.addClass('danger');
+                } else {
+                    row.addClass('success');
+                }
 
-				tbody.append(row);
-			}
+                tbody.append(row);
+            }
         }
         
         // show plugin once preparation of grid is done

src/PHPCensor/Languages/lang.en.php

@@ -394,6 +394,7 @@ PHP Censor',
     'slack_notify'         => 'Slack',
     'technical_debt'       => 'Technical Debt',
     'xmpp'                 => 'XMPP',
+    'security_checker'     => 'SensioLabs Security Checker',
 
     'confirm_message' => 'Item will be permanently deleted. Are you sure?',
     'confirm_title'   => 'Item delete confirmation',

src/PHPCensor/Languages/lang.ru.php

@@ -377,6 +377,7 @@ PHP Censor',
     'slack_notify'         => 'Slack',
     'technical_debt'       => 'Technical Debt',
     'xmpp'                 => 'XMPP',
+    'security_checker'     => 'SensioLabs Security Checker',
 
     'confirm_message' => 'Элемент будет удален навсегда. Вы уверены?',
     'confirm_title'   => 'Подтвержение удаления',

src/PHPCensor/Plugin/Mage.php

@@ -8,13 +8,14 @@ namespace PHPCensor\Plugin;
 use PHPCensor\Builder;
 use PHPCensor\Model\Build;
 use Psr\Log\LogLevel;
+use \PHPCensor\Plugin;
 
 /**
  * Integrates PHPCensor with Mage: https://github.com/andres-montanez/Magallanes
  * @package      PHPCensor
  * @subpackage   Plugins
  */
-class Mage extends \PHPCensor\Plugin
+class Mage extends Plugin
 {
     protected $mage_bin = 'mage';
     protected $mage_env;

src/PHPCensor/Plugin/PhpDocblockChecker.php

@@ -5,6 +5,7 @@ namespace PHPCensor\Plugin;
 use PHPCensor;
 use PHPCensor\Builder;
 use PHPCensor\Model\Build;
+use PHPCensor\Model\BuildError;
 use PHPCensor\Plugin;
 use PHPCensor\ZeroConfigPluginInterface;
 
@@ -28,6 +29,10 @@ class PhpDocblockChecker extends Plugin implements ZeroConfigPluginInterface
 
     protected $skipClasses = false;
     protected $skipMethods = false;
+
+    /**
+     * @var integer
+     */
     protected $allowed_warnings;
 
     /**
@@ -128,8 +133,8 @@ class PhpDocblockChecker extends Plugin implements ZeroConfigPluginInterface
         // Re-enable exec output logging:
         $this->builder->logExecOutput(true);
 
-        $output = json_decode($this->builder->getLastOutput(), true);
-        $errors = count($output);
+        $output  = json_decode($this->builder->getLastOutput(), true);
+        $errors  = count($output);
         $success = true;
 
         $this->build->storeMeta('phpdoccheck-warnings', $errors);
@@ -150,11 +155,11 @@ class PhpDocblockChecker extends Plugin implements ZeroConfigPluginInterface
     {
         foreach ($output as $error) {
             $message = 'Class ' . $error['class'] . ' is missing a docblock.';
-            $severity = PHPCensor\Model\BuildError::SEVERITY_LOW;
+            $severity = BuildError::SEVERITY_LOW;
 
             if ($error['type'] == 'method') {
                 $message = $error['class'] . '::' . $error['method'] . ' is missing a docblock.';
-                $severity = PHPCensor\Model\BuildError::SEVERITY_NORMAL;
+                $severity = BuildError::SEVERITY_NORMAL;
             }
 
             $this->build->reportError(

src/PHPCensor/Plugin/SecurityChecker.php

@@ -0,0 +1,98 @@
+<?php
+
+namespace PHPCensor\Plugin;
+
+use PHPCensor;
+use PHPCensor\Builder;
+use PHPCensor\Model\Build;
+use PHPCensor\Plugin;
+use PHPCensor\Model\BuildError;
+use PHPCensor\ZeroConfigPluginInterface;
+use SensioLabs\Security\SecurityChecker as BaseSecurityChecker;
+
+/**
+ * SensioLabs Security Checker Plugin
+ * 
+ * @author Dmitry Khomutov <poisoncorpsee@gmail.com>
+ */
+class SecurityChecker extends Plugin implements ZeroConfigPluginInterface
+{
+    /**
+     * @var integer
+     */
+    protected $allowed_warnings;
+    
+    /**
+     * @return string
+     */
+    public static function pluginName()
+    {
+        return 'security_checker';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct(Builder $builder, Build $build, array $options = [])
+    {
+        parent::__construct($builder, $build, $options);
+
+        $this->allowed_warnings = 0;
+
+        if (isset($options['zero_config']) && $options['zero_config']) {
+            $this->allowed_warnings = -1;
+        }
+
+        if (array_key_exists('allowed_warnings', $options)) {
+            $this->allowed_warnings = (int)$options['allowed_warnings'];
+        }
+    }
+
+    /**
+     * Check if this plugin can be executed.
+     *
+     * @param         $stage
+     * @param Builder $builder
+     * @param Build   $build
+     *
+     * @return bool
+     */
+    public static function canExecute($stage, Builder $builder, Build $build)
+    {
+        $path = $builder->buildPath . DIRECTORY_SEPARATOR . 'composer.lock';
+
+        if (file_exists($path) && $stage == Build::STAGE_TEST) {
+            return true;
+        }
+
+        return false;
+    }
+
+    public function execute()
+    {
+        $success   = true;
+        $checker   = new BaseSecurityChecker();
+        $warnings  = $checker->check($this->builder->buildPath . DIRECTORY_SEPARATOR . 'composer.lock');
+
+        if ($warnings) {
+            foreach ($warnings as $library => $warning) {
+                foreach ($warning['advisories'] as $advisory => $data) {
+                    $this->build->reportError(
+                        $this->builder,
+                        'security_checker',
+                        $library . ' (' . $warning['version'] . ")\n" . $data['cve'] . ': ' . $data['title'] . "\n" . $data['link'],
+                        BuildError::SEVERITY_CRITICAL,
+                        '-',
+                        '-'
+                    );
+                }
+            }
+
+            if ($this->allowed_warnings != -1 && ((int)$checker->getLastVulnerabilityCount() > $this->allowed_warnings)) {
+                $success = false;
+            }
+        }
+
+        return $success;
+    }
+}