diff --git a/.circleci/config.yml b/.circleci/config.yml index 3fbdd28cb7..f30731b103 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,6 +1,6 @@ version: 2 jobs: - qa_js_php5: + qa_js_security_php5: working_directory: /home/circleci/mailpoet docker: - image: circleci/php:5.6.30-apache-browsers @@ -38,6 +38,10 @@ jobs: command: | mkdir test-results/mocha ./do t:j test-results/mocha/junit.xml + - run: + name: "Composer security check" + command: | + ./do s:composer - run: name: "PHP Unit tests" command: | @@ -164,7 +168,7 @@ workflows: version: 2 build_and_test: jobs: - - qa_js_php5 + - qa_js_security_php5 - php7 - - php7_multisite + - php7_multisite - acceptance_tests \ No newline at end of file diff --git a/RoboFile.php b/RoboFile.php index 5876d21bb9..92b1dd6897 100644 --- a/RoboFile.php +++ b/RoboFile.php @@ -211,6 +211,10 @@ class RoboFile extends \Robo\Tasks { return $this->_exec($command); } + function securityComposer() { + return $this->_exec('vendor/bin/security-checker security:check --format=simple'); + } + function testDebug($opts=['file' => null, 'xml' => false]) { $this->loadEnv(); $this->_exec('vendor/bin/codecept build -c codeception.unit.yml'); diff --git a/composer.json b/composer.json index 2ba7549754..a5d08ecbb5 100644 --- a/composer.json +++ b/composer.json @@ -17,7 +17,8 @@ "soundasleep/html2text": "^0.3.4", "sabberworm/php-css-parser": "^8.1", "symfony/polyfill-xml": "^1.3", - "symfony/polyfill-mbstring": "1.6.0" + "symfony/polyfill-mbstring": "1.6.0", + "sensiolabs/security-checker": "^4.1" }, "require-dev": { "codeception/aspect-mock": "2.0.1", diff --git a/composer.lock b/composer.lock index 16ae16ecde..6571afa2bd 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "3027f182dae43c1c5d012abb4049cd4a", + "content-hash": "06b0529dcf7867d51ac5b80efe913a54", "packages": [ { "name": "cerdic/css-tidy", @@ -39,6 +39,62 @@ "description": "CSSTidy is a CSS minifier", "time": "2017-09-29T14:18:45+00:00" }, + { + "name": "composer/ca-bundle", + "version": "1.1.0", + "source": { + "type": "git", + "url": "https://github.com/composer/ca-bundle.git", + "reference": "943b2c4fcad1ef178d16a713c2468bf7e579c288" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/composer/ca-bundle/zipball/943b2c4fcad1ef178d16a713c2468bf7e579c288", + "reference": "943b2c4fcad1ef178d16a713c2468bf7e579c288", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "ext-pcre": "*", + "php": "^5.3.2 || ^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^4.8.35", + "psr/log": "^1.0", + "symfony/process": "^2.5 || ^3.0 || ^4.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Composer\\CaBundle\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jordi Boggiano", + "email": "j.boggiano@seld.be", + "homepage": "http://seld.be" + } + ], + "description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.", + "keywords": [ + "cabundle", + "cacert", + "certificate", + "ssl", + "tls" + ], + "time": "2017-11-29T09:37:33+00:00" + }, { "name": "j4mie/idiorm", "version": "v1.5.3", @@ -257,6 +313,53 @@ ], "time": "2017-01-16T07:55:07+00:00" }, + { + "name": "psr/log", + "version": "1.0.2", + "source": { + "type": "git", + "url": "https://github.com/php-fig/log.git", + "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d", + "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Log\\": "Psr/Log/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "http://www.php-fig.org/" + } + ], + "description": "Common interface for logging libraries", + "homepage": "https://github.com/php-fig/log", + "keywords": [ + "log", + "psr", + "psr-3" + ], + "time": "2016-10-10T12:19:37+00:00" + }, { "name": "sabberworm/php-css-parser", "version": "8.1.0", @@ -301,6 +404,51 @@ ], "time": "2016-07-19T19:14:21+00:00" }, + { + "name": "sensiolabs/security-checker", + "version": "v4.1.6", + "source": { + "type": "git", + "url": "https://github.com/sensiolabs/security-checker.git", + "reference": "387b6a3b723ba35588b33d5f8d14e28ed608bd30" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sensiolabs/security-checker/zipball/387b6a3b723ba35588b33d5f8d14e28ed608bd30", + "reference": "387b6a3b723ba35588b33d5f8d14e28ed608bd30", + "shasum": "" + }, + "require": { + "composer/ca-bundle": "^1.0", + "symfony/console": "~2.7|~3.0|~4.0" + }, + "bin": [ + "security-checker" + ], + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "4.1-dev" + } + }, + "autoload": { + "psr-0": { + "SensioLabs\\Security": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien.potencier@gmail.com" + } + ], + "description": "A security checker for your composer.lock", + "time": "2017-10-29T18:48:08+00:00" + }, { "name": "soundasleep/html2text", "version": "0.3.4", @@ -408,6 +556,130 @@ ], "time": "2017-05-01T15:54:03+00:00" }, + { + "name": "symfony/console", + "version": "v3.3.14", + "source": { + "type": "git", + "url": "https://github.com/symfony/console.git", + "reference": "55497618e68845b6f92a66d13187138ac3d7750e" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/console/zipball/55497618e68845b6f92a66d13187138ac3d7750e", + "reference": "55497618e68845b6f92a66d13187138ac3d7750e", + "shasum": "" + }, + "require": { + "php": "^5.5.9|>=7.0.8", + "symfony/debug": "~2.8|~3.0", + "symfony/polyfill-mbstring": "~1.0" + }, + "conflict": { + "symfony/dependency-injection": "<3.3" + }, + "require-dev": { + "psr/log": "~1.0", + "symfony/config": "~3.3", + "symfony/dependency-injection": "~3.3", + "symfony/event-dispatcher": "~2.8|~3.0", + "symfony/filesystem": "~2.8|~3.0", + "symfony/process": "~2.8|~3.0" + }, + "suggest": { + "psr/log": "For using the console logger", + "symfony/event-dispatcher": "", + "symfony/filesystem": "", + "symfony/process": "" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.3-dev" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Component\\Console\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony Console Component", + "homepage": "https://symfony.com", + "time": "2017-11-29T12:25:49+00:00" + }, + { + "name": "symfony/debug", + "version": "v3.4.1", + "source": { + "type": "git", + "url": "https://github.com/symfony/debug.git", + "reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/debug/zipball/fb2001e5d85f95d8b6ab94ae3be5d2672df128fd", + "reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd", + "shasum": "" + }, + "require": { + "php": "^5.5.9|>=7.0.8", + "psr/log": "~1.0" + }, + "conflict": { + "symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2" + }, + "require-dev": { + "symfony/http-kernel": "~2.8|~3.0|~4.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.4-dev" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Component\\Debug\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony Debug Component", + "homepage": "https://symfony.com", + "time": "2017-11-21T09:01:46+00:00" + }, { "name": "symfony/polyfill-mbstring", "version": "v1.6.0", @@ -1080,62 +1352,6 @@ "description": "BDD assertion library for PHPUnit", "time": "2017-01-09T10:58:51+00:00" }, - { - "name": "composer/ca-bundle", - "version": "1.1.0", - "source": { - "type": "git", - "url": "https://github.com/composer/ca-bundle.git", - "reference": "943b2c4fcad1ef178d16a713c2468bf7e579c288" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/composer/ca-bundle/zipball/943b2c4fcad1ef178d16a713c2468bf7e579c288", - "reference": "943b2c4fcad1ef178d16a713c2468bf7e579c288", - "shasum": "" - }, - "require": { - "ext-openssl": "*", - "ext-pcre": "*", - "php": "^5.3.2 || ^7.0" - }, - "require-dev": { - "phpunit/phpunit": "^4.8.35", - "psr/log": "^1.0", - "symfony/process": "^2.5 || ^3.0 || ^4.0" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.x-dev" - } - }, - "autoload": { - "psr-4": { - "Composer\\CaBundle\\": "src" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Jordi Boggiano", - "email": "j.boggiano@seld.be", - "homepage": "http://seld.be" - } - ], - "description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.", - "keywords": [ - "cabundle", - "cacert", - "certificate", - "ssl", - "tls" - ], - "time": "2017-11-29T09:37:33+00:00" - }, { "name": "composer/composer", "version": "1.5.5", @@ -3840,53 +4056,6 @@ ], "time": "2016-08-06T14:39:51+00:00" }, - { - "name": "psr/log", - "version": "1.0.2", - "source": { - "type": "git", - "url": "https://github.com/php-fig/log.git", - "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d", - "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d", - "shasum": "" - }, - "require": { - "php": ">=5.3.0" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.0.x-dev" - } - }, - "autoload": { - "psr-4": { - "Psr\\Log\\": "Psr/Log/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "PHP-FIG", - "homepage": "http://www.php-fig.org/" - } - ], - "description": "Common interface for logging libraries", - "homepage": "https://github.com/php-fig/log", - "keywords": [ - "log", - "psr", - "psr-3" - ], - "time": "2016-10-10T12:19:37+00:00" - }, { "name": "ramsey/array_column", "version": "1.1.3", @@ -4597,7 +4766,7 @@ "typo3" ], "abandoned": true, - "time": "2016-05-12T11:58:38+00:00" + "time": "2016-05-12 11:58:38" }, { "name": "squizlabs/php_codesniffer", @@ -4841,74 +5010,6 @@ "homepage": "https://symfony.com", "time": "2017-11-19T20:09:36+00:00" }, - { - "name": "symfony/console", - "version": "v3.3.14", - "source": { - "type": "git", - "url": "https://github.com/symfony/console.git", - "reference": "55497618e68845b6f92a66d13187138ac3d7750e" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/55497618e68845b6f92a66d13187138ac3d7750e", - "reference": "55497618e68845b6f92a66d13187138ac3d7750e", - "shasum": "" - }, - "require": { - "php": "^5.5.9|>=7.0.8", - "symfony/debug": "~2.8|~3.0", - "symfony/polyfill-mbstring": "~1.0" - }, - "conflict": { - "symfony/dependency-injection": "<3.3" - }, - "require-dev": { - "psr/log": "~1.0", - "symfony/config": "~3.3", - "symfony/dependency-injection": "~3.3", - "symfony/event-dispatcher": "~2.8|~3.0", - "symfony/filesystem": "~2.8|~3.0", - "symfony/process": "~2.8|~3.0" - }, - "suggest": { - "psr/log": "For using the console logger", - "symfony/event-dispatcher": "", - "symfony/filesystem": "", - "symfony/process": "" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "3.3-dev" - } - }, - "autoload": { - "psr-4": { - "Symfony\\Component\\Console\\": "" - }, - "exclude-from-classmap": [ - "/Tests/" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Fabien Potencier", - "email": "fabien@symfony.com" - }, - { - "name": "Symfony Community", - "homepage": "https://symfony.com/contributors" - } - ], - "description": "Symfony Console Component", - "homepage": "https://symfony.com", - "time": "2017-11-29T12:25:49+00:00" - }, { "name": "symfony/css-selector", "version": "v3.4.1", @@ -4962,62 +5063,6 @@ "homepage": "https://symfony.com", "time": "2017-11-05T16:10:10+00:00" }, - { - "name": "symfony/debug", - "version": "v3.4.1", - "source": { - "type": "git", - "url": "https://github.com/symfony/debug.git", - "reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/symfony/debug/zipball/fb2001e5d85f95d8b6ab94ae3be5d2672df128fd", - "reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd", - "shasum": "" - }, - "require": { - "php": "^5.5.9|>=7.0.8", - "psr/log": "~1.0" - }, - "conflict": { - "symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2" - }, - "require-dev": { - "symfony/http-kernel": "~2.8|~3.0|~4.0" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "3.4-dev" - } - }, - "autoload": { - "psr-4": { - "Symfony\\Component\\Debug\\": "" - }, - "exclude-from-classmap": [ - "/Tests/" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Fabien Potencier", - "email": "fabien@symfony.com" - }, - { - "name": "Symfony Community", - "homepage": "https://symfony.com/contributors" - } - ], - "description": "Symfony Debug Component", - "homepage": "https://symfony.com", - "time": "2017-11-21T09:01:46+00:00" - }, { "name": "symfony/dependency-injection", "version": "v3.3.14",