gitmedia/sterntours
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init without trunk

Browse source
This commit is contained in:
Kevin Adametz 2020-07-09 12:49:32 +02:00
parent ed24ac4994
commit bb809e7233
14652 changed files with 177862 additions and 94817 deletions
Download patch file Download diff file Expand all files Collapse all files

2
vendor/sensiolabs/security-checker/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
composer.lock
/vendor/

19
vendor/sensiolabs/security-checker/LICENSE vendored Normal file
View file

@ -0,0 +1,19 @@
Copyright (c) 2013-2017 Fabien Potencier
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

46
vendor/sensiolabs/security-checker/README.md vendored Normal file
View file

@ -0,0 +1,46 @@
SensioLabs Security Checker
===========================
The SensioLabs Security Checker is a command line tool that checks if your
application uses dependencies with known security vulnerabilities. It uses the
[Security Check Web service][1] and the [Security Advisories Database][2].
**TIP**: As an alternative, you can use the [Symfony CLI][3] tool that has the
following advantages: it does not depend on PHP, all checks are done locally (no
calls to the security.symfony.com API):
$ symfony security:check
Usage
-----
Download the [security-checker.phar][4] file:
$ php security-checker.phar security:check /path/to/composer.lock
Use the code from the repository directly:
$ composer install
$ php security-checker security:check /path/to/composer.lock
Integration
-----------
The checker uses the Symfony Console component; so, you can easily integrate
the checker into your own project:
* by using the `SecurityCheckerCommand` class into your Symfony Console
application;
* by using the `SecurityChecker` class directly into your own code:
use SensioLabs\Security\SecurityChecker;
$checker = new SecurityChecker();
$result = $checker->check('/path/to/composer.lock', 'json');
$alerts = json_decode((string) $result, true);
[1]: https://security.symfony.com/
[2]: https://github.com/FriendsOfPHP/security-advisories
[3]: https://symfony.com/download
[4]: https://get.sensiolabs.org/security-checker.phar

105
vendor/sensiolabs/security-checker/SensioLabs/Security/Command/SecurityCheckerCommand.php vendored Normal file
View file

@ -0,0 +1,105 @@
<?php
/*
* This file is part of the SensioLabs Security Checker.
*
* (c) Fabien Potencier
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace SensioLabs\Security\Command;
use SensioLabs\Security\SecurityChecker;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputOption;
use SensioLabs\Security\Exception\ExceptionInterface;
class SecurityCheckerCommand extends Command
{
protected static $defaultName = 'security:check';
private $checker;
public function __construct(SecurityChecker $checker)
{
$this->checker = $checker;
parent::__construct();
}
/**
* @see Command
*/
protected function configure()
{
$this
->setName('security:check')
->setDefinition([
new InputArgument('lockfile', InputArgument::OPTIONAL, 'The path to the composer.lock file', 'composer.lock'),
new InputOption('format', '', InputOption::VALUE_REQUIRED, 'The output format', 'ansi'),
new InputOption('end-point', '', InputOption::VALUE_REQUIRED, 'The security checker server URL'),
new InputOption('timeout', '', InputOption::VALUE_REQUIRED, 'The HTTP timeout in seconds'),
new InputOption('token', '', InputOption::VALUE_REQUIRED, 'The server token', ''),
])
->setDescription('Checks security issues in your project dependencies')
->setHelp(<<<EOF
The <info>%command.name%</info> command looks for security issues in the
project dependencies:
<info>php %command.full_name%</info>
You can also pass the path to a <info>composer.lock</info> file as an argument:
<info>php %command.full_name% /path/to/composer.lock</info>
By default, the command displays the result in plain text, but you can also
configure it to output JSON instead by using the <info>--format</info> option:
<info>php %command.full_name% /path/to/composer.lock --format=json</info>
EOF
);
}
/**
* @see Command
* @see SecurityChecker
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
if ($endPoint = $input->getOption('end-point')) {
$this->checker->getCrawler()->setEndPoint($endPoint);
}
if ($timeout = $input->getOption('timeout')) {
$this->checker->getCrawler()->setTimeout($timeout);
}
if ($token = $input->getOption('token')) {
$this->checker->getCrawler()->setToken($token);
}
$format = $input->getOption('format');
if ($input->getOption("no-ansi") && 'ansi' === $format) {
$format = 'text';
}
try {
$result = $this->checker->check($input->getArgument('lockfile'), $format);
} catch (ExceptionInterface $e) {
$output->writeln($this->getHelperSet()->get('formatter')->formatBlock($e->getMessage(), 'error', true));
return 1;
}
$output->writeln((string) $result);
if (count($result) > 0) {
return 1;
}
}
}

183
vendor/sensiolabs/security-checker/SensioLabs/Security/Crawler.php vendored Normal file
View file

@ -0,0 +1,183 @@
<?php
/*
* This file is part of the SensioLabs Security Checker.
*
* (c) Fabien Potencier
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace SensioLabs\Security;
use Composer\CaBundle\CaBundle;
use SensioLabs\Security\Exception\HttpException;
use SensioLabs\Security\Exception\RuntimeException;
/**
* @internal
*/
class Crawler
{
private $endPoint = 'https://security.symfony.com/check_lock';
private $timeout = 20;
private $headers = [];
public function setTimeout($timeout)
{
$this->timeout = $timeout;
}
public function setEndPoint($endPoint)
{
$this->endPoint = $endPoint;
}
public function setToken($token)
{
$this->addHeader('Authorization', 'Token '.$token);
}
/**
* Adds a global header that will be sent with all requests to the server.
*/
public function addHeader($key, $value)
{
$this->headers[] = $key.': '.$value;
}
/**
* Checks a Composer lock file.
*
* @param string $lock The path to the composer.lock file or a string able to be opened via file_get_contents
* @param string $format The format of the result
* @param array $headers An array of headers to add for this specific HTTP request
*
* @return Result
*/
public function check($lock, $format = 'json', array $headers = [])
{
list($headers, $body) = $this->doCheck($lock, $format, $headers);
if (!(preg_match('/X-Alerts: (\d+)/i', $headers, $matches) || 2 == count($matches))) {
throw new RuntimeException('The web service did not return alerts count.');
}
return new Result((int) $matches[1], $body, $format);
}
/**
* @return array An array where the first element is a headers string and second one the response body
*/
private function doCheck($lock, $format = 'json', array $contextualHeaders = [])
{
$boundary = '------------------------'.md5(microtime(true));
$headers = "Content-Type: multipart/form-data; boundary=$boundary\r\nAccept: ".$this->getContentType($format);
foreach ($this->headers as $header) {
$headers .= "\r\n$header";
}
foreach ($contextualHeaders as $key => $value) {
$headers .= "\r\n$key: $value";
}
$opts = [
'http' => [
'method' => 'POST',
'header' => $headers,
'content' => "--$boundary\r\nContent-Disposition: form-data; name=\"lock\"; filename=\"composer.lock\"\r\nContent-Type: application/octet-stream\r\n\r\n".$this->getLockContents($lock)."\r\n--$boundary--\r\n",
'ignore_errors' => true,
'follow_location' => true,
'max_redirects' => 3,
'timeout' => $this->timeout,
'user_agent' => sprintf('SecurityChecker-CLI/%s FGC PHP', SecurityChecker::VERSION),
],
'ssl' => [
'verify_peer' => 1,
'verify_host' => 2,
],
];
$caPathOrFile = CaBundle::getSystemCaRootBundlePath();
if (is_dir($caPathOrFile) || (is_link($caPathOrFile) && is_dir(readlink($caPathOrFile)))) {
$opts['ssl']['capath'] = $caPathOrFile;
} else {
$opts['ssl']['cafile'] = $caPathOrFile;
}
$context = stream_context_create($opts);
$level = error_reporting(0);
$body = file_get_contents($this->endPoint, 0, $context);
error_reporting($level);
if (false === $body) {
$error = error_get_last();
throw new RuntimeException(sprintf('An error occurred: %s.', $error['message']));
}
// status code
if (!preg_match('{HTTP/\d\.\d (\d+) }i', $http_response_header[0], $match)) {
throw new RuntimeException('An unknown error occurred.');
}
$statusCode = $match[1];
if (400 == $statusCode) {
$data = trim($body);
if ('json' === $format) {
$data = json_decode($body, true)['error'];
}
throw new RuntimeException($data);
}
if (200 != $statusCode) {
throw new HttpException(sprintf('The web service failed for an unknown reason (HTTP %s).', $statusCode), $statusCode);
}
$headers = '';
foreach ($http_response_header as $header) {
if (false !== stripos($header, 'X-Alerts: ')) {
$headers = $header;
}
}
return [$headers, $body];
}
private function getContentType($format)
{
static $formats = [
'text' => 'text/plain',
'simple' => 'text/plain',
'markdown' => 'text/markdown',
'yaml' => 'text/yaml',
'json' => 'application/json',
'ansi' => 'text/plain+ansi',
];
return isset($formats[$format]) ? $formats[$format] : 'text';
}
private function getLockContents($lock)
{
$contents = json_decode(file_get_contents($lock), true);
$hash = isset($contents['content-hash']) ? $contents['content-hash'] : (isset($contents['hash']) ? $contents['hash'] : '');
$packages = ['content-hash' => $hash, 'packages' => [], 'packages-dev' => []];
foreach (['packages', 'packages-dev'] as $key) {
if (!is_array($contents[$key])) {
continue;
}
foreach ($contents[$key] as $package) {
$data = [
'name' => $package['name'],
'version' => $package['version'],
];
if (isset($package['time']) && false !== strpos($package['version'], 'dev')) {
$data['time'] = $package['time'];
}
$packages[$key][] = $data;
}
}
return json_encode($packages);
}
}

16
vendor/sensiolabs/security-checker/SensioLabs/Security/Exception/ExceptionInterface.php vendored Normal file
View file

@ -0,0 +1,16 @@
<?php
/*
* This file is part of the SensioLabs Security Checker.
*
* (c) Fabien Potencier
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace SensioLabs\Security\Exception;
interface ExceptionInterface
{
}

16
vendor/sensiolabs/security-checker/SensioLabs/Security/Exception/HttpException.php vendored Normal file
View file

@ -0,0 +1,16 @@
<?php
/*
* This file is part of the SensioLabs Security Checker.
*
* (c) Fabien Potencier
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace SensioLabs\Security\Exception;
class HttpException extends RuntimeException
{
}

16
vendor/sensiolabs/security-checker/SensioLabs/Security/Exception/RuntimeException.php vendored Normal file
View file

@ -0,0 +1,16 @@
<?php
/*
* This file is part of the SensioLabs Security Checker.
*
* (c) Fabien Potencier
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace SensioLabs\Security\Exception;
class RuntimeException extends \RuntimeException implements ExceptionInterface
{
}

41
vendor/sensiolabs/security-checker/SensioLabs/Security/Result.php vendored Normal file
View file

@ -0,0 +1,41 @@
<?php
/*
* This file is part of the SensioLabs Security Checker.
*
* (c) Fabien Potencier
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace SensioLabs\Security;
class Result implements \Countable
{
private $count;
private $vulnerabilities;
private $format;
public function __construct($count, $vulnerabilities, $format)
{
$this->count = $count;
$this->vulnerabilities = $vulnerabilities;
$this->format = $format;
}
public function getFormat()
{
return $this->format;
}
public function __toString()
{
return $this->vulnerabilities;
}
public function count()
{
return $this->count;
}
}

65
vendor/sensiolabs/security-checker/SensioLabs/Security/SecurityChecker.php vendored Normal file
View file

@ -0,0 +1,65 @@
<?php
/*
* This file is part of the SensioLabs Security Checker.
*
* (c) Fabien Potencier
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace SensioLabs\Security;
use SensioLabs\Security\Exception\RuntimeException;
class SecurityChecker
{
const VERSION = '5.0';
private $crawler;
public function __construct(Crawler $crawler = null)
{
$this->crawler = null === $crawler ? new Crawler() : $crawler;
}
/**
* Checks a composer.lock file.
*
* @param string $lock The path to the composer.lock file
* @param string $format The format of the result
* @param array $headers An array of headers to add for this specific HTTP request
*
* @return Result
*
* @throws RuntimeException When the lock file does not exist
* @throws RuntimeException When the certificate can not be copied
*/
public function check($lock, $format = 'json', array $headers = [])
{
if (0 !== strpos($lock, 'data://text/plain;base64,')) {
if (is_dir($lock) && file_exists($lock.'/composer.lock')) {
$lock = $lock.'/composer.lock';
} elseif (preg_match('/composer\.json$/', $lock)) {
$lock = str_replace('composer.json', 'composer.lock', $lock);
}
if (!is_file($lock)) {
throw new RuntimeException('Lock file does not exist.');
}
}
return $this->crawler->check($lock, $format, $headers);
}
/**
* @internal
*
* @return Crawler
*/
public function getCrawler()
{
return $this->crawler;
}
}

25
vendor/sensiolabs/security-checker/box.json vendored Normal file
View file

@ -0,0 +1,25 @@
{
"output": "security-checker.phar",
"chmod": "0755",
"compactors": [
"Herrera\\Box\\Compactor\\Php"
],
"extract": false,
"main": "security-checker",
"files": [
"LICENSE"
],
"finder": [
{
"name": "*.*",
"exclude": ["Tests"],
"in": "vendor"
},
{
"name": ["*.*"],
"in": "SensioLabs"
}
],
"stub": true,
"web": false
}

25
vendor/sensiolabs/security-checker/composer.json vendored Normal file
View file

@ -0,0 +1,25 @@
{
"name": "sensiolabs/security-checker",
"description": "A security checker for your composer.lock",
"license": "MIT",
"authors": [
{
"name": "Fabien Potencier",
"email": "fabien.potencier@gmail.com"
}
],
"require": {
"php": ">=5.5.9",
"symfony/console": "~2.7|~3.0|~4.0",
"composer/ca-bundle": "^1.0"
},
"bin": ["security-checker"],
"autoload": {
"psr-4": { "SensioLabs\\Security\\": "SensioLabs/Security" }
},
"extra": {
"branch-alias": {
"dev-master": "5.0-dev"
}
}
}

33
vendor/sensiolabs/security-checker/security-checker vendored Executable file
View file

@ -0,0 +1,33 @@
#!/usr/bin/env php
<?php
/*
* This file is part of the SensioLabs Security Checker.
*
* (c) Fabien Potencier
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
function includeIfExists($file)
{
if (file_exists($file)) {
return include $file;
}
}
if ((!$loader = includeIfExists(__DIR__.'/vendor/autoload.php')) && (!$loader = includeIfExists(__DIR__.'/../../autoload.php'))) {
die('You must set up the project dependencies, run the following commands:'.PHP_EOL.
'curl -sS https://getcomposer.org/installer | php'.PHP_EOL.
'php composer.phar install'.PHP_EOL);
}
use Symfony\Component\Console\Application;
use SensioLabs\Security\Command\SecurityCheckerCommand;
use SensioLabs\Security\SecurityChecker;
use SensioLabs\Security\Crawler;
$console = new Application('SensioLabs Security Checker', SecurityChecker::VERSION);
$console->add(new SecurityCheckerCommand(new SecurityChecker(new Crawler())));
$console->run();