Implement SecurityChecker (#171)

* Implement SecurityChecker * Remove unused class; Load advisories only when var is empty
repman-io · May 28, 2020 · 5c15fc4 · 5c15fc4
1 parent f89cfbc
commit 5c15fc4
Show file tree

Hide file tree

Showing 25 changed files with 3,247 additions and 23 deletions.
diff --git a/.codecov.yml b/.codecov.yml
@@ -3,6 +3,6 @@ coverage:
         project:
             default:
                 informational: true
-        path:
+        patch:
             default:
                 informational: true
diff --git a/.env b/.env
@@ -75,4 +75,5 @@ GA_TRACKING=
 ###> storage ###
 PROXY_DIST_DIR=%kernel.project_dir%/var/proxy
 PACKAGES_DIST_DIR=%kernel.project_dir%/var/repo
+SECURITY_ADVISORIES_DB_DIR=%kernel.project_dir%/var/security-advisories
 ###< storage ###
diff --git a/.env.docker b/.env.docker
@@ -79,5 +79,6 @@ GA_TRACKING=
 ###> storage ###
 PROXY_DIST_DIR=%kernel.project_dir%/var/proxy
 PACKAGES_DIST_DIR=%kernel.project_dir%/var/repo
+SECURITY_ADVISORIES_DB_DIR=%kernel.project_dir%/var/security-advisories
 ###< storage ###
 
diff --git a/composer.json b/composer.json
@@ -6,11 +6,11 @@
     "require": {
         "php": "^7.4.1",
         "ext-ctype": "*",
+        "ext-curl": "*",
         "ext-iconv": "*",
         "ext-intl": "*",
-        "ext-zip": "*",
-        "ext-curl": "*",
         "ext-pdo_pgsql": "*",
+        "ext-zip": "*",
         "bitbucket/client": "^2.1",
         "buddy-works/buddy-works-php-api": "^1.3",
         "buddy-works/oauth2-client": "^0.1",
@@ -40,6 +40,7 @@
         "symfony/messenger": "5.0.*",
         "symfony/monolog-bundle": "^3.5",
         "symfony/orm-pack": "^1.0",
+        "symfony/process": "5.0.*",
         "symfony/security-bundle": "5.0.*",
         "symfony/twig-pack": "^1.0",
         "symfony/validator": "5.0.*",

diff --git a/composer.lock b/composer.lock
diff --git a/config/services.yaml b/config/services.yaml
@@ -13,6 +13,8 @@ parameters:
     url_scheme: '%env(resolve:APP_URL_SCHEME)%'
     router.request_context.scheme: '%env(resolve:APP_URL_SCHEME)%'
     router.request_context.host: '%env(default:domain:APP_PUBLIC_HOST)%'
+    security_advisories_db_dir: '%env(resolve:SECURITY_ADVISORIES_DB_DIR)%'
+    security_advisories_db_repo: 'https://github.com/FriendsOfPHP/security-advisories.git'
 
 services:
     # default configuration for services in *this* file
@@ -78,6 +80,11 @@ services:
                 bitbucket: '%env(OAUTH_BITBUCKET_CLIENT_ID)%'
                 buddy: '%env(OAUTH_BUDDY_CLIENT_ID)%'
 
+    Buddy\Repman\Service\Security\SecurityChecker\SensioLabsSecurityChecker:
+        arguments:
+            $databaseDir: '%security_advisories_db_dir%'
+            $databaseRepo: '%security_advisories_db_repo%'
+
     ### Vendor
     Github\Client:
         arguments:

diff --git a/config/services_test.yaml b/config/services_test.yaml
@@ -1,6 +1,8 @@
 parameters:
     dists_dir: '%kernel.project_dir%/tests/Resources'
     repo_dir: '%kernel.project_dir%/tests/Resources'
+    security_advisories_db_dir: '%kernel.project_dir%/tests/Resources/fixtures/security/security-advisories'
+    security_advisories_db_repo: 'bogus'
 
 services:
     Buddy\Repman\Service\Downloader:
@@ -31,3 +33,6 @@ services:
 
     Buddy\Repman\Service\Security\PackageScanner:
         class: Buddy\Repman\Tests\Doubles\FakePackageScanner
+
+    Buddy\Repman\Service\Security\SecurityChecker:
+        class: Buddy\Repman\Tests\Doubles\FakeSecurityChecker
diff --git a/src/Command/UpdateAdvisoriesDbCommand.php b/src/Command/UpdateAdvisoriesDbCommand.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Buddy\Repman\Command;
+
+use Buddy\Repman\Service\Security\SecurityChecker;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class UpdateAdvisoriesDbCommand extends Command
+{
+    private SecurityChecker $checker;
+
+    public function __construct(SecurityChecker $checker)
+    {
+        parent::__construct();
+
+        $this->checker = $checker;
+    }
+
+    /**
+     * @return void
+     */
+    protected function configure()
+    {
+        $this
+            ->setName('repman:security:update-db')
+            ->setDescription('Update security advisories database')
+        ;
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $this->checker->update();
+        $output->writeln(sprintf('Database successfully updated'));
+
+        return 0;
+    }
+}
diff --git a/src/Service/Security/SecurityChecker/Advisory.php b/src/Service/Security/SecurityChecker/Advisory.php
@@ -0,0 +1,47 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Buddy\Repman\Service\Security\SecurityChecker;
+
+final class Advisory
+{
+    private string $title;
+    private string $cve;
+    private string $link;
+    /**
+     * @var Versions[]
+     */
+    private array $branches;
+
+    /**
+     * @param Versions[] $branches
+     */
+    public function __construct(string $title, string $cve, string $link, array $branches)
+    {
+        $this->title = $title;
+        $this->cve = $cve;
+        $this->link = $link;
+        $this->branches = $branches;
+    }
+
+    /**
+     * @return Versions[]
+     */
+    public function branches(): array
+    {
+        return $this->branches;
+    }
+
+    /**
+     * @return array<string,string>
+     */
+    public function toArray(): array
+    {
+        return [
+            'title' => $this->title,
+            'cve' => $this->cve,
+            'link' => $this->link,
+        ];
+    }
+}
diff --git a/src/Service/Security/SecurityChecker/Package.php b/src/Service/Security/SecurityChecker/Package.php
@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Buddy\Repman\Service\Security\SecurityChecker;
+
+final class Package
+{
+    private string $name;
+    private string $version;
+
+    public function __construct(string $name, string $version)
+    {
+        $this->name = $name;
+        $this->version = $version;
+    }
+
+    public function name(): string
+    {
+        return $this->name;
+    }
+
+    public function version(): string
+    {
+        return $this->version;
+    }
+}
diff --git a/src/Service/Security/SecurityChecker/Result.php b/src/Service/Security/SecurityChecker/Result.php
@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Buddy\Repman\Service\Security\SecurityChecker;
+
+final class Result
+{
+    private string $version;
+    /**
+     * @var Advisory[]
+     */
+    private array $advisories;
+
+    /**
+     * @param Advisory[] $advisories
+     */
+    public function __construct(string $version, array $advisories)
+    {
+        $this->version = $version;
+        $this->advisories = $advisories;
+    }
+
+    /**
+     * @return array<string,string|array<string,string>>
+     */
+    public function toArray(): array
+    {
+        return [
+            'version' => $this->version,
+            'advisories' => array_map(fn ($advisory) => $advisory->toArray(), $this->advisories),
+        ];
+    }
+}