API refactor module to be more independent

As part of a greater piece of work with site summaries (cf. bringyourownideas/silverstripe-maintenance). This commit tidies class definitions and makes the import slightly more efficient. Abstractions are added to relate to the Package object from the aforementioned module. Unit tests have been added to ensure tidy standards in future maintenance.
bringyourownideas · May 28, 2018 · 5701642 · 5701642
1 parent 36d92eb
commit 5701642
Show file tree

Hide file tree

Showing 16 changed files with 395 additions and 210 deletions.
diff --git a/_config/packagerelations.yml b/_config/packagerelations.yml
@@ -0,0 +1,15 @@
+---
+Name: packagerelations
+after: '#updatecheckerextensions'
+Only:
+  moduleexists: silverstripe-maintenance
+---
+Package:
+  extensions:
+    - PackageSecurityExtension
+CVE:
+  extensions:
+    - CVEExtension
+SiteSummary:
+  extensions:
+    - SiteSummaryExtension
diff --git a/code/jobs/CheckComposerSecurityJob.php b/code/jobs/CheckComposerSecurityJob.php
diff --git a/code/models/ComposerSecurityVulnerability.php b/code/models/ComposerSecurityVulnerability.php
diff --git a/code/tasks/CheckComposerSecurityTask.php b/code/tasks/CheckComposerSecurityTask.php
diff --git a/composer.json b/composer.json
@@ -19,15 +19,15 @@
     ],
     "require": {
         "php": ">=5.6.0",
-        "silverstripe/framework": "^3.0",
-        "sensiolabs/security-checker": "^3.0",
-        "symbiote/silverstripe-queuedjobs": "^2.8",
-        "friendsofsilverstripe/silverstripe-maintenance": "^0.3"
+        "silverstripe/framework": "^3",
+        "sensiolabs/security-checker": "^4",
+        "symbiote/silverstripe-queuedjobs": "^2"
     },
     "replace": {
         "spekulatius/silverstripe-composer-security-checker": "self.version"
     },
     "suggest": {
+        "friendsofsilverstripe/silverstripe-maintenance": "Display advisory information via Site Summary Report",
         "roave/security-advisories": "Raises a conflict on attempt to install a vulnerable module"
     },
     "support": {

diff --git a/phpcs.xml.dist b/phpcs.xml.dist
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ruleset name="SilverStripe">
+    <description>CodeSniffer ruleset for SilverStripe coding conventions.</description>
+
+    <!-- base rules are PSR-2 -->
+    <rule ref="PSR2" >
+        <!-- Current exclusions -->
+        <exclude name="PSR1.Classes.ClassDeclaration.MissingNamespace" />
+    </rule>
+</ruleset>
diff --git a/src/Extensions/CVEExtension.php b/src/Extensions/CVEExtension.php
@@ -0,0 +1,8 @@
+<?php
+
+class CVEExtension extends DataExtension
+{
+    private static $has_one = [
+        'PackageRecord' => 'Package'
+    ];
+}
diff --git a/src/Extensions/PackageSecruityExtension.php b/src/Extensions/PackageSecruityExtension.php
@@ -0,0 +1,25 @@
+<?php
+
+class PackageSecurityExtension extends DataExtension
+{
+    private static $has_many = [
+        'SecurityAlerts' => 'CVE'
+    ];
+
+    private static $summary_fields = [
+        'listCVEs' => 'Security alerts',
+    ];
+
+    public function listCVEs()
+    {
+        $alerts = $this->owner->SecurityAlerts()->Column('CVE');
+        return $alerts ? implode(', ', $alerts) : null;
+    }
+
+    public function listAlerts()
+    {
+        $templates = ['PackageSecurityAlerts'];
+        $this->owner->extend('updateListAlerts', $templates);
+        return $this->owner->renderWith($templates);
+    }
+}
diff --git a/src/Extensions/SiteSummaryExtension.php b/src/Extensions/SiteSummaryExtension.php
@@ -0,0 +1,15 @@
+<?php
+
+class SiteSummaryExtension extends Extension
+{
+    public function updateColumns(&$columns)
+    {
+        unset($columns['listCVEs']);
+    }
+
+    public function updateCMSFields(&$fields)
+    {
+        $summaryInfo = $this->owner->sourceRecords()->renderWith('PackageSecurityAlerts');
+        $fields->unshift(LiteralField::create('AlertSummary', $summaryInfo));
+    }
+}
diff --git a/src/Jobs/CVECheckJob.php b/src/Jobs/CVECheckJob.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ * Composer security checker job. Runs the task which does the check as a queuedjob.
+ *
+ * @author Peter Thaleikis
+ * @license BSD-3-Clause
+ */
+class CVECheckJob extends AbstractQueuedJob implements QueuedJob
+{
+    private static $dependencies = [
+        'CVECheckTask' => '%$' . CVECheckTask::class,
+    ];
+
+    /**
+     * @var CVECheckTask
+     */
+    protected $checkTask;
+
+    /**
+     * @return CVECheckTask
+     */
+    public function getCVECheckTask()
+    {
+        return $this->checkTask;
+    }
+
+    /**
+     * @param CVECheckTask
+     * @return CVECheckJob
+     */
+    public function setCVECheckTask($checkTask)
+    {
+        $this->checkTask = $checkTask;
+        return $this;
+    }
+
+    public function getTitle()
+    {
+        return _t(
+            __CLASS__ . '.Title',
+            'Check if any composer managed modules have known security vulnerabilities.'
+        );
+    }
+
+    public function getJobType()
+    {
+        $this->totalSteps = 1;
+
+        return QueuedJob::QUEUED;
+    }
+
+    public function process()
+    {
+        // run the task
+        $task = $this->getCVECheckTask();
+        $task->run(null);
+
+        // mark job as completed
+        $this->isComplete = true;
+    }
+}
diff --git a/src/Models/CVE.php b/src/Models/CVE.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Describes a known security issue of an installed Composer package
+ */
+class CVE extends DataObject
+{
+    private static $db = array(
+        'PackageName' => 'Varchar(255)',
+        'Version' => 'Varchar(255)',
+        'Title' => 'Varchar(255)',
+        'ExternalLink' => 'Varchar(255)',
+        'CVE' => 'Varchar(255)',
+    );
+
+    private static $summary_fields = array(
+        'PackageName',
+        'Version',
+        'Title',
+    );
+}