Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

Adds composer.lock security check

Browse Source 
[MAILPOET-1226]
This commit is contained in:
mrcasual
2017-12-14 03:47:47 -05:00
committed by pavel-mailpoet
parent 51cde55217
commit fda1828637
4 changed files with 287 additions and 233 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.circleci/config.yml
View File

@@ -1,6 +1,6 @@
version: 2
jobs:
qa_js_php5:
qa_js_security_php5:
working_directory: /home/circleci/mailpoet
docker:
- image: circleci/php:5.6.30-apache-browsers
@@ -38,6 +38,10 @@ jobs:
command: |
mkdir test-results/mocha
./do t:j test-results/mocha/junit.xml
- run:
name: "Composer security check"
command: |
./do s:composer
- run:
name: "PHP Unit tests"
command: |
@@ -164,7 +168,7 @@ workflows:
version: 2
build_and_test:
jobs:
- qa_js_php5
- qa_js_security_php5
- php7
- php7_multisite
- acceptance_tests

4
RoboFile.php
View File

@@ -211,6 +211,10 @@ class RoboFile extends \Robo\Tasks {
return $this->_exec($command);
}
function securityComposer() {
return $this->_exec('vendor/bin/security-checker security:check --format=simple');
}
function testDebug($opts=['file' => null, 'xml' => false]) {
$this->loadEnv();
$this->_exec('vendor/bin/codecept build -c codeception.unit.yml');

3
composer.json
View File

@@ -17,7 +17,8 @@
"soundasleep/html2text": "^0.3.4",
"sabberworm/php-css-parser": "^8.1",
"symfony/polyfill-xml": "^1.3",
"symfony/polyfill-mbstring": "1.6.0"
"symfony/polyfill-mbstring": "1.6.0",
"sensiolabs/security-checker": "^4.1"
},
"require-dev": {
"codeception/aspect-mock": "2.0.1",

503
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"content-hash": "3027f182dae43c1c5d012abb4049cd4a",
"content-hash": "06b0529dcf7867d51ac5b80efe913a54",
"packages": [
{
"name": "cerdic/css-tidy",
@@ -39,6 +39,62 @@
"description": "CSSTidy is a CSS minifier",
"time": "2017-09-29T14:18:45+00:00"
},
{
"name": "composer/ca-bundle",
"version": "1.1.0",
"source": {
"type": "git",
"url": "https://github.com/composer/ca-bundle.git",
"reference": "943b2c4fcad1ef178d16a713c2468bf7e579c288"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/ca-bundle/zipball/943b2c4fcad1ef178d16a713c2468bf7e579c288",
"reference": "943b2c4fcad1ef178d16a713c2468bf7e579c288",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"ext-pcre": "*",
"php": "^5.3.2 || ^7.0"
},
"require-dev": {
"phpunit/phpunit": "^4.8.35",
"psr/log": "^1.0",
"symfony/process": "^2.5 || ^3.0 || ^4.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.x-dev"
}
},
"autoload": {
"psr-4": {
"Composer\\CaBundle\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jordi Boggiano",
"email": "j.boggiano@seld.be",
"homepage": "http://seld.be"
}
],
"description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.",
"keywords": [
"cabundle",
"cacert",
"certificate",
"ssl",
"tls"
],
"time": "2017-11-29T09:37:33+00:00"
},
{
"name": "j4mie/idiorm",
"version": "v1.5.3",
@@ -257,6 +313,53 @@
],
"time": "2017-01-16T07:55:07+00:00"
},
{
"name": "psr/log",
"version": "1.0.2",
"source": {
"type": "git",
"url": "https://github.com/php-fig/log.git",
"reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d",
"reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
}
},
"autoload": {
"psr-4": {
"Psr\\Log\\": "Psr/Log/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "PHP-FIG",
"homepage": "http://www.php-fig.org/"
}
],
"description": "Common interface for logging libraries",
"homepage": "https://github.com/php-fig/log",
"keywords": [
"log",
"psr",
"psr-3"
],
"time": "2016-10-10T12:19:37+00:00"
},
{
"name": "sabberworm/php-css-parser",
"version": "8.1.0",
@@ -301,6 +404,51 @@
],
"time": "2016-07-19T19:14:21+00:00"
},
{
"name": "sensiolabs/security-checker",
"version": "v4.1.6",
"source": {
"type": "git",
"url": "https://github.com/sensiolabs/security-checker.git",
"reference": "387b6a3b723ba35588b33d5f8d14e28ed608bd30"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sensiolabs/security-checker/zipball/387b6a3b723ba35588b33d5f8d14e28ed608bd30",
"reference": "387b6a3b723ba35588b33d5f8d14e28ed608bd30",
"shasum": ""
},
"require": {
"composer/ca-bundle": "^1.0",
"symfony/console": "~2.7|~3.0|~4.0"
},
"bin": [
"security-checker"
],
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "4.1-dev"
}
},
"autoload": {
"psr-0": {
"SensioLabs\\Security": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Fabien Potencier",
"email": "fabien.potencier@gmail.com"
}
],
"description": "A security checker for your composer.lock",
"time": "2017-10-29T18:48:08+00:00"
},
{
"name": "soundasleep/html2text",
"version": "0.3.4",
@@ -408,6 +556,130 @@
],
"time": "2017-05-01T15:54:03+00:00"
},
{
"name": "symfony/console",
"version": "v3.3.14",
"source": {
"type": "git",
"url": "https://github.com/symfony/console.git",
"reference": "55497618e68845b6f92a66d13187138ac3d7750e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/console/zipball/55497618e68845b6f92a66d13187138ac3d7750e",
"reference": "55497618e68845b6f92a66d13187138ac3d7750e",
"shasum": ""
},
"require": {
"php": "^5.5.9|>=7.0.8",
"symfony/debug": "~2.8|~3.0",
"symfony/polyfill-mbstring": "~1.0"
},
"conflict": {
"symfony/dependency-injection": "<3.3"
},
"require-dev": {
"psr/log": "~1.0",
"symfony/config": "~3.3",
"symfony/dependency-injection": "~3.3",
"symfony/event-dispatcher": "~2.8|~3.0",
"symfony/filesystem": "~2.8|~3.0",
"symfony/process": "~2.8|~3.0"
},
"suggest": {
"psr/log": "For using the console logger",
"symfony/event-dispatcher": "",
"symfony/filesystem": "",
"symfony/process": ""
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.3-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Component\\Console\\": ""
},
"exclude-from-classmap": [
"/Tests/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Fabien Potencier",
"email": "fabien@symfony.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony Console Component",
"homepage": "https://symfony.com",
"time": "2017-11-29T12:25:49+00:00"
},
{
"name": "symfony/debug",
"version": "v3.4.1",
"source": {
"type": "git",
"url": "https://github.com/symfony/debug.git",
"reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/debug/zipball/fb2001e5d85f95d8b6ab94ae3be5d2672df128fd",
"reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd",
"shasum": ""
},
"require": {
"php": "^5.5.9|>=7.0.8",
"psr/log": "~1.0"
},
"conflict": {
"symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2"
},
"require-dev": {
"symfony/http-kernel": "~2.8|~3.0|~4.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.4-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Component\\Debug\\": ""
},
"exclude-from-classmap": [
"/Tests/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Fabien Potencier",
"email": "fabien@symfony.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony Debug Component",
"homepage": "https://symfony.com",
"time": "2017-11-21T09:01:46+00:00"
},
{
"name": "symfony/polyfill-mbstring",
"version": "v1.6.0",
@@ -1080,62 +1352,6 @@
"description": "BDD assertion library for PHPUnit",
"time": "2017-01-09T10:58:51+00:00"
},
{
"name": "composer/ca-bundle",
"version": "1.1.0",
"source": {
"type": "git",
"url": "https://github.com/composer/ca-bundle.git",
"reference": "943b2c4fcad1ef178d16a713c2468bf7e579c288"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/ca-bundle/zipball/943b2c4fcad1ef178d16a713c2468bf7e579c288",
"reference": "943b2c4fcad1ef178d16a713c2468bf7e579c288",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"ext-pcre": "*",
"php": "^5.3.2 || ^7.0"
},
"require-dev": {
"phpunit/phpunit": "^4.8.35",
"psr/log": "^1.0",
"symfony/process": "^2.5 || ^3.0 || ^4.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.x-dev"
}
},
"autoload": {
"psr-4": {
"Composer\\CaBundle\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jordi Boggiano",
"email": "j.boggiano@seld.be",
"homepage": "http://seld.be"
}
],
"description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.",
"keywords": [
"cabundle",
"cacert",
"certificate",
"ssl",
"tls"
],
"time": "2017-11-29T09:37:33+00:00"
},
{
"name": "composer/composer",
"version": "1.5.5",
@@ -3840,53 +4056,6 @@
],
"time": "2016-08-06T14:39:51+00:00"
},
{
"name": "psr/log",
"version": "1.0.2",
"source": {
"type": "git",
"url": "https://github.com/php-fig/log.git",
"reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d",
"reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
}
},
"autoload": {
"psr-4": {
"Psr\\Log\\": "Psr/Log/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "PHP-FIG",
"homepage": "http://www.php-fig.org/"
}
],
"description": "Common interface for logging libraries",
"homepage": "https://github.com/php-fig/log",
"keywords": [
"log",
"psr",
"psr-3"
],
"time": "2016-10-10T12:19:37+00:00"
},
{
"name": "ramsey/array_column",
"version": "1.1.3",
@@ -4597,7 +4766,7 @@
"typo3"
],
"abandoned": true,
"time": "2016-05-12T11:58:38+00:00"
"time": "2016-05-12 11:58:38"
},
{
"name": "squizlabs/php_codesniffer",
@@ -4841,74 +5010,6 @@
"homepage": "https://symfony.com",
"time": "2017-11-19T20:09:36+00:00"
},
{
"name": "symfony/console",
"version": "v3.3.14",
"source": {
"type": "git",
"url": "https://github.com/symfony/console.git",
"reference": "55497618e68845b6f92a66d13187138ac3d7750e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/console/zipball/55497618e68845b6f92a66d13187138ac3d7750e",
"reference": "55497618e68845b6f92a66d13187138ac3d7750e",
"shasum": ""
},
"require": {
"php": "^5.5.9|>=7.0.8",
"symfony/debug": "~2.8|~3.0",
"symfony/polyfill-mbstring": "~1.0"
},
"conflict": {
"symfony/dependency-injection": "<3.3"
},
"require-dev": {
"psr/log": "~1.0",
"symfony/config": "~3.3",
"symfony/dependency-injection": "~3.3",
"symfony/event-dispatcher": "~2.8|~3.0",
"symfony/filesystem": "~2.8|~3.0",
"symfony/process": "~2.8|~3.0"
},
"suggest": {
"psr/log": "For using the console logger",
"symfony/event-dispatcher": "",
"symfony/filesystem": "",
"symfony/process": ""
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.3-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Component\\Console\\": ""
},
"exclude-from-classmap": [
"/Tests/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Fabien Potencier",
"email": "fabien@symfony.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony Console Component",
"homepage": "https://symfony.com",
"time": "2017-11-29T12:25:49+00:00"
},
{
"name": "symfony/css-selector",
"version": "v3.4.1",
@@ -4962,62 +5063,6 @@
"homepage": "https://symfony.com",
"time": "2017-11-05T16:10:10+00:00"
},
{
"name": "symfony/debug",
"version": "v3.4.1",
"source": {
"type": "git",
"url": "https://github.com/symfony/debug.git",
"reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/debug/zipball/fb2001e5d85f95d8b6ab94ae3be5d2672df128fd",
"reference": "fb2001e5d85f95d8b6ab94ae3be5d2672df128fd",
"shasum": ""
},
"require": {
"php": "^5.5.9|>=7.0.8",
"psr/log": "~1.0"
},
"conflict": {
"symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2"
},
"require-dev": {
"symfony/http-kernel": "~2.8|~3.0|~4.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.4-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Component\\Debug\\": ""
},
"exclude-from-classmap": [
"/Tests/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Fabien Potencier",
"email": "fabien@symfony.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony Debug Component",
"homepage": "https://symfony.com",
"time": "2017-11-21T09:01:46+00:00"
},
{
"name": "symfony/dependency-injection",
"version": "v3.3.14",