bringyourownideas / silverstripe-composer-security-checker
Showing 1 of 4 files from the diff.

@@ -79,22 +79,25 @@
Loading
79 79
80 80
        // use the security checker of
81 81
        $checker = $this->getSecurityChecker();
82 -
        $alerts = $checker->check(BASE_PATH . DIRECTORY_SEPARATOR . 'composer.lock');
82 +
        $result = $checker->check(BASE_PATH . DIRECTORY_SEPARATOR . 'composer.lock');
83 +
        $alerts = json_decode((string) $result, true);
83 84
84 85
        // go through all alerts for packages - each can contain multiple issues
85 86
        foreach ($alerts as $package => $packageDetails) {
86 87
            // go through each individual known security issue
87 88
            foreach ($packageDetails['advisories'] as $details) {
88 89
                $identifier = $this->discernIdentifier($details['cve'], $details['title']);
90 +
                $vulnerability = null;
91 +
89 92
                // check if this vulnerability is already known
90 -
                $vulnerability = SecurityAlert::get()->filter(array(
93 +
                $existingVulns = SecurityAlert::get()->filter(array(
91 94
                    'PackageName' => $package,
92 95
                    'Version' => $packageDetails['version'],
93 96
                    'Identifier'   => $identifier,
94 97
                ));
95 98
96 99
                // Is this vulnerability known? No, lets add it.
97 -
                if ((int) $vulnerability->count() === 0) {
100 +
                if (!$existingVulns->Count()) {
98 101
                    $vulnerability = SecurityAlert::create();
99 102
                    $vulnerability->PackageName  = $package;
100 103
                    $vulnerability->Version      = $packageDetails['version'];
@@ -108,17 +111,18 @@
Loading
108 111
                    $validEntries[] = $vulnerability->ID;
109 112
                } else {
110 113
                    // add existing vulnerabilities (probably just 1) to the list of valid entries
111 -
                    $validEntries = array_merge($validEntries, $vulnerability->column('ID'));
114 +
                    $validEntries = array_merge($validEntries, $existingVulns->column('ID'));
112 115
                }
113 116
114 117
                // Relate this vulnerability to an existing Package, if the
115 118
                // bringyourownideas/silverstripe-maintenance module is installed
116 -
                if ($vulnerability->hasExtension(SecurityAlertExtension::class)
119 +
                if ($vulnerability && $vulnerability->hasExtension(SecurityAlertExtension::class)
117 120
                    && class_exists(Package::class)
118 -
                    && $vulnerability->PackageRecordID === 0
121 +
                    && !$vulnerability->PackageRecordID
119 122
                    && $packageRecord = Package::get()->find('Name', $package)
120 123
                ) {
121 124
                    $vulnerability->PackageRecordID = $packageRecord->ID;
125 +
                    $vulnerability->write();
122 126
                }
123 127
            }
124 128
        }
Files Complexity Coverage
src 33 82.65%
Project Totals (4 files) 33 82.65%
187.5
TRAVIS_PHP_VERSION=7.2
TRAVIS_OS_NAME=linux
1
comment: false
Sunburst
The inner-most circle is the entire project, moving away from the center are folders then, finally, a single file. The size and color of each slice is representing the number of statements and the coverage, respectively.
Icicle
The top section represents the entire project. Proceeding with folders and finally individual files. The size and color of each slice is representing the number of statements and the coverage, respectively.
Grid
Each block represents a single file in the project. The size and color of each block is represented by the number of statements and the coverage, respectively.
Loading