Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add allow-list functionality to securitychecker_enlightn #1161

Open
wants to merge 6 commits into
base: v2.x
Choose a base branch
from
Open

Add allow-list functionality to securitychecker_enlightn #1161

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3187ef1
Add allow-list functionality to securitychecker_enlightn
peterjaap Nov 19, 2024
a935884
Update enlightn.md
peterjaap Nov 19, 2024
5646362
Merge branch 'phpro:v2.x' into patch-2
peterjaap Dec 3, 2024
9026e69
Use addArgumentArrayWithSeparatedValue()
peterjaap Dec 3, 2024
bed10e9
Added test case for usage of --allow-list
peterjaap Dec 3, 2024
eda6d36
Add --allow-list option to SecurityCheckerEnlightn task
peterjaap Mar 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions doc/tasks/securitychecker/enlightn.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ grumphp:
securitychecker_enlightn:
lockfile: ./composer.lock
run_always: false
allow_list:
- CVE-2018-15133
- CVE-2024-51755
- CVE-2024-45411
```

**lockfile**
Expand Down
7 changes: 7 additions & 0 deletions src/Task/SecurityCheckerEnlightn.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,12 @@ public static function getConfigurableOptions(): ConfigOptionsResolver
$resolver->setDefaults([
'lockfile' => './composer.lock',
'run_always' => false,
'allow_list' => []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The method provideConfigurableOptions in the test should be altered to cover this newly added default.

]);

$resolver->addAllowedTypes('lockfile', ['string']);
$resolver->addAllowedTypes('run_always', ['bool']);
$resolver->addAllowedTypes('allow_list', ['array']);

return ConfigOptionsResolver::fromOptionsResolver($resolver);
}
Expand All @@ -50,6 +52,11 @@ public function run(ContextInterface $context): TaskResultInterface
$arguments = $this->processBuilder->createArgumentsForCommand('security-checker');
$arguments->add('security:check');
$arguments->addOptionalArgument('%s', $config['lockfile']);
if (!empty($config['allow_list'])) {
foreach ($config['allow_list'] as $allowListItem) {
$arguments->addOptionalArgument('--allow-list %s', $allowListItem);
}
}

$process = $this->processBuilder->buildProcess($arguments);
$process->run();
Expand Down