Skip to content

Commit

Permalink
Merge pull request #756 from jderusse/ignore-advisories
Browse files Browse the repository at this point in the history 
Ignore bogus advisories
  • Loading branch information
@Ocramius
Ocramius authored Dec 3, 2024
2 parents d0f7f8f + 3c0cb7d commit d6fdfd2
Show file tree
Hide file tree
Showing 2 changed files with 91 additions and 1 deletion.
13 changes: 12 additions & 1 deletion src/Roave/SecurityAdvisories/AdvisorySources/GetAdvisoriesFromGithubApi.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,15 @@
use SensitiveParameter;
use UnexpectedValueException;

use function in_array;

final class GetAdvisoriesFromGithubApi implements GetAdvisories
{
private const GRAPHQL_QUERY = 'query {
private const IGNORED_ADVISORIES = [
'GHSA-7q22-x757-cmgc', // @see https://phpc.social/@wouterj/113588554019692959
'GHSA-cg28-v4wq-whv5', // @see https://phpc.social/@wouterj/113588554019692959
];
private const GRAPHQL_QUERY = 'query {
securityVulnerabilities(ecosystem: COMPOSER, first: 100 %s) {
edges {
cursor
Expand Down Expand Up @@ -87,6 +93,11 @@ public function __invoke(): Generator
continue;
}

if (in_array($item['node']['advisory']['ghsaId'], self::IGNORED_ADVISORIES, true)) {
// Skip ignored advisories.
continue;
}

try {
yield Advisory::fromArrayData(
[
Expand Down
79 changes: 79 additions & 0 deletions test/RoaveTest/SecurityAdvisories/AdvisorySources/GetAdvisoriesFromGithubApiTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,25 @@ public function testWillSkipWithdrawnAdvisories(ResponseInterface ...$responses)
], Vec\Values($advisories()));
}

/** @dataProvider correctResponseWithIgnoredAdvisories */
public function testWillSkipIgnoredAdvisories(ResponseInterface ...$responses): void
{
$client = $this->createMock(Client::class);
$logger = $this->createMock(LoggerInterface::class);

$client->method('sendRequest')
->willReturnOnConsecutiveCalls(...$responses);

$advisories = new GetAdvisoriesFromGithubApi($client, 'some_token', $logger);

self::assertEquals([
Advisory::fromArrayData([
'reference' => 'aa/bb',
'branches' => [['versions' => ['<= 1.1.0']]],
]),
], Vec\Values($advisories()));
}

/** @psalm-return non-empty-list<list<ResponseInterface>> */
public function correctResponsesWithInvalidAdvisoryNames(): array
{
Expand Down Expand Up @@ -518,6 +537,66 @@ public function correctResponseWithWithdrawnAdvisories(): array
return [[new Response(200, [], $query)]];
}

/** @psalm-return non-empty-list<list<ResponseInterface>> */
public function correctResponseWithIgnoredAdvisories(): array
{
$query = <<<'QUERY'
{
"data": {
"securityVulnerabilities": {
"edges": [
{
"cursor": "Y3Vyc29yOnYyOpK5MjAyMS0wNS0wNVQwMDo0Njo1MSswMjowMM0_Fg==",
"node": {
"vulnerableVersionRange": "<= 1.1.0",
"package": {
"name": "aa/bb"
},
"advisory": {
"ghsaId": "aaa-bbb",
"withdrawnAt": null
}
}
},
{
"cursor": "Y3Vyc29yOnYyOpK5MjAyNC0xMi0wMlQyMToxOTo0MSswMTowMM3_Og==",
"node": {
"vulnerableVersionRange": "< 6.4.4",
"package": {
"name": "symfony/var-dumper"
},
"advisory": {
"ghsaId": "GHSA-cg28-v4wq-whv5",
"withdrawnAt": null
}
}
},
{
"cursor": "3Vyc29yOnYyOpK5MjAyNC0xMi0wMlQyMToyMToxMSswMTowMM3_Ow==",
"node": {
"vulnerableVersionRange": "< 7.1.0",
"package": {
"name": "symfony/security-http"
},
"advisory": {
"ghsaId": "GHSA-7q22-x757-cmgc",
"withdrawnAt": null
}
}
}
],
"pageInfo": {
"hasNextPage": false,
"endCursor": "3Vyc29yOnYyOpK5MjAyNC0xMi0wMlQyMToyMToxMSswMTowMM3_Ow=="
}
}
}
}
QUERY;

return [[new Response(200, [], $query)]];
}

/** @psalm-return non-empty-list<array{string, bool}> */
public function cursorProvider(): array
{
Expand Down

0 comments on commit d6fdfd2

Please sign in to comment.