From f0f4922f91c7da04438b84eaae7d45af4e16958e Mon Sep 17 00:00:00 2001 From: Alex Pott Date: Mon, 13 Jul 2020 23:26:11 +0100 Subject: [PATCH] Issue #3133903 by longwave, jungle: Ensure all packages in composer.lock are considered for vendor hardening --- composer/Plugin/VendorHardening/Config.php | 69 ++++++++++++++--- core/lib/Drupal/Core/Composer/Composer.php | 76 +++++++++++++++---- .../Drupal/Tests/ComposerIntegrationTest.php | 5 +- 3 files changed, 121 insertions(+), 29 deletions(-) diff --git a/composer/Plugin/VendorHardening/Config.php b/composer/Plugin/VendorHardening/Config.php index 40676ab5e7f..a2d965d7cf0 100644 --- a/composer/Plugin/VendorHardening/Config.php +++ b/composer/Plugin/VendorHardening/Config.php @@ -20,38 +20,65 @@ class Config { * @var array */ protected static $defaultConfig = [ + 'asm89/stack-cors' => ['test'], 'behat/mink' => ['tests', 'driver-testsuite'], 'behat/mink-browserkit-driver' => ['tests'], 'behat/mink-goutte-driver' => ['tests'], 'behat/mink-selenium2-driver' => ['tests'], - 'composer/composer' => ['bin'], + 'composer/ca-bundle' => ['tests'], + 'composer/composer' => ['bin', 'tests'], + 'composer/installers' => ['tests'], + 'composer/semver' => ['tests'], + 'composer/spdx-licenses' => ['tests'], + 'composer/xdebug-handler' => ['tests'], + 'doctrine/annotations' => ['tests'], + 'doctrine/instantiator' => ['tests'], + 'doctrine/lexer' => ['tests'], + 'doctrine/reflection' => ['tests'], 'drupal/coder' => [ 'coder_sniffer/Drupal/Test', 'coder_sniffer/DrupalPractice/Test', ], - 'doctrine/instantiator' => ['tests'], - 'easyrdf/easyrdf' => ['scripts'], - 'egulias/email-validator' => ['documentation', 'tests'], + 'drupal/core' => [], + 'drupal/core-project-message' => [], + 'drupal/core-vendor-hardening' => [], + 'easyrdf/easyrdf' => ['test', 'scripts'], + 'egulias/email-validator' => ['documentation', 'Tests'], 'fabpot/goutte' => ['Goutte/Tests'], + 'guzzlehttp/guzzle' => ['tests'], 'guzzlehttp/promises' => ['tests'], 'guzzlehttp/psr7' => ['tests'], 'instaclick/php-webdriver' => ['doc', 'test'], - 'justinrainbow/json-schema' => ['demo'], + 'justinrainbow/json-schema' => ['demo', 'tests'], + 'laminas/laminas-diactoros' => ['test'], + 'laminas/laminas-escaper' => ['test'], + 'laminas/laminas-feed' => ['test'], + 'laminas/laminas-stdlib' => ['test'], + 'laminas/laminas-zendframework-bridge' => ['test'], 'masterminds/html5' => ['bin', 'test'], - 'mikey179/vfsstream' => ['src/test'], - 'myclabs/deep-copy' => ['doc'], + 'mikey179/vfsstream' => ['examples', 'src/test'], + 'myclabs/deep-copy' => ['doc', 'tests'], 'pear/archive_tar' => ['docs', 'tests'], 'pear/console_getopt' => ['tests'], 'pear/pear-core-minimal' => ['tests'], 'pear/pear_exception' => ['tests'], 'phar-io/manifest' => ['examples', 'tests'], 'phar-io/version' => ['tests'], + 'phpdocumentor/reflection-common' => ['tests'], 'phpdocumentor/reflection-docblock' => ['tests'], + 'phpdocumentor/type-resolver' => ['tests'], 'phpspec/prophecy' => ['fixtures', 'spec', 'tests'], 'phpunit/php-code-coverage' => ['tests'], + 'phpunit/php-file-iterator' => ['tests'], + 'phpunit/php-text-template' => [], 'phpunit/php-timer' => ['tests'], 'phpunit/php-token-stream' => ['tests'], 'phpunit/phpunit' => ['tests'], + 'psr/container' => [], + 'psr/http-factory' => [], + 'psr/http-message' => [], + 'psr/log' => [], + 'ralouphie/getallheaders' => ['tests'], 'sebastian/code-unit-reverse-lookup' => ['tests'], 'sebastian/comparator' => ['tests'], 'sebastian/diff' => ['tests'], @@ -61,7 +88,11 @@ class Config { 'sebastian/object-enumerator' => ['tests'], 'sebastian/object-reflector' => ['tests'], 'sebastian/recursion-context' => ['tests'], + 'sebastian/resource-operations' => ['tests'], + 'sebastian/type' => ['tests'], + 'sebastian/version' => [], 'seld/jsonlint' => ['tests'], + 'seld/phar-utils' => [], 'squizlabs/php_codesniffer' => ['tests'], 'stack/builder' => ['tests'], 'symfony/browser-kit' => ['Tests'], @@ -70,22 +101,38 @@ class Config { 'symfony/debug' => ['Tests'], 'symfony/dependency-injection' => ['Tests'], 'symfony/dom-crawler' => ['Tests'], + 'symfony/error-handler' => ['Tests'], + 'symfony/event-dispatcher' => ['Tests'], + 'symfony/event-dispatcher-contracts' => [], 'symfony/filesystem' => ['Tests'], 'symfony/finder' => ['Tests'], - 'symfony/event-dispatcher' => ['Tests'], 'symfony/http-foundation' => ['Tests'], 'symfony/http-kernel' => ['Tests'], + 'symfony/lock' => ['Tests'], + 'symfony/mime' => ['Tests'], 'symfony/phpunit-bridge' => ['Tests'], + 'symfony/polyfill-ctype' => [], + 'symfony/polyfill-iconv' => [], + 'symfony/polyfill-intl-idn' => [], + 'symfony/polyfill-mbstring' => [], + 'symfony/polyfill-php72' => [], + 'symfony/polyfill-php73' => [], + 'symfony/polyfill-php80' => [], 'symfony/process' => ['Tests'], 'symfony/psr-http-message-bridge' => ['Tests'], 'symfony/routing' => ['Tests'], 'symfony/serializer' => ['Tests'], + 'symfony/service-contracts' => ['Test', 'Tests'], 'symfony/translation' => ['Tests'], - 'symfony/validator' => ['Tests', 'Resources'], + 'symfony/translation-contracts' => ['Test', 'Tests'], + 'symfony/validator' => ['Test', 'Tests', 'Resources'], + 'symfony/var-dumper' => ['Tests'], 'symfony/yaml' => ['Tests'], - 'symfony-cmf/routing' => ['Test', 'Tests'], + 'symfony-cmf/routing' => ['tests'], 'theseer/tokenizer' => ['tests'], - 'twig/twig' => ['doc', 'ext', 'test', 'tests'], + 'twig/twig' => ['doc', 'lib/Twig/Test', 'src/Test', 'tests'], + 'typo3/phar-stream-wrapper' => ['tests'], + 'webmozart/assert' => ['tests'], ]; /** diff --git a/core/lib/Drupal/Core/Composer/Composer.php b/core/lib/Drupal/Core/Composer/Composer.php index 6b7d5899d6e..691edba78fa 100644 --- a/core/lib/Drupal/Core/Composer/Composer.php +++ b/core/lib/Drupal/Core/Composer/Composer.php @@ -16,38 +16,65 @@ use Drupal\Component\FileSecurity\FileSecurity; class Composer { protected static $packageToCleanup = [ + 'asm89/stack-cors' => ['test'], 'behat/mink' => ['tests', 'driver-testsuite'], 'behat/mink-browserkit-driver' => ['tests'], 'behat/mink-goutte-driver' => ['tests'], 'behat/mink-selenium2-driver' => ['tests'], - 'composer/composer' => ['bin'], - 'drupal/coder' => ['coder_sniffer/Drupal/Test', 'coder_sniffer/DrupalPractice/Test'], + 'composer/ca-bundle' => ['tests'], + 'composer/composer' => ['bin', 'tests'], + 'composer/installers' => ['tests'], + 'composer/semver' => ['tests'], + 'composer/spdx-licenses' => ['tests'], + 'composer/xdebug-handler' => ['tests'], + 'doctrine/annotations' => ['tests'], 'doctrine/instantiator' => ['tests'], - 'easyrdf/easyrdf' => ['scripts'], - 'egulias/email-validator' => ['documentation', 'tests'], + 'doctrine/lexer' => ['tests'], + 'doctrine/reflection' => ['tests'], + 'drupal/coder' => [ + 'coder_sniffer/Drupal/Test', + 'coder_sniffer/DrupalPractice/Test', + ], + 'drupal/core' => [], + 'drupal/core-project-message' => [], + 'drupal/core-vendor-hardening' => [], + 'easyrdf/easyrdf' => ['test', 'scripts'], + 'egulias/email-validator' => ['documentation', 'Tests'], 'fabpot/goutte' => ['Goutte/Tests'], + 'guzzlehttp/guzzle' => ['tests'], 'guzzlehttp/promises' => ['tests'], 'guzzlehttp/psr7' => ['tests'], 'instaclick/php-webdriver' => ['doc', 'test'], - 'justinrainbow/json-schema' => ['demo'], - 'laminas/laminas-escaper' => ['doc'], - 'laminas/laminas-feed' => ['doc'], - 'laminas/laminas-stdlib' => ['doc'], + 'justinrainbow/json-schema' => ['demo', 'tests'], + 'laminas/laminas-diactoros' => ['test'], + 'laminas/laminas-escaper' => ['test'], + 'laminas/laminas-feed' => ['test'], + 'laminas/laminas-stdlib' => ['test'], + 'laminas/laminas-zendframework-bridge' => ['test'], 'masterminds/html5' => ['bin', 'test'], - 'mikey179/vfsStream' => ['src/test'], - 'myclabs/deep-copy' => ['doc'], + 'mikey179/vfsstream' => ['examples', 'src/test'], + 'myclabs/deep-copy' => ['doc', 'tests'], 'pear/archive_tar' => ['docs', 'tests'], 'pear/console_getopt' => ['tests'], 'pear/pear-core-minimal' => ['tests'], 'pear/pear_exception' => ['tests'], 'phar-io/manifest' => ['examples', 'tests'], 'phar-io/version' => ['tests'], + 'phpdocumentor/reflection-common' => ['tests'], 'phpdocumentor/reflection-docblock' => ['tests'], + 'phpdocumentor/type-resolver' => ['tests'], 'phpspec/prophecy' => ['fixtures', 'spec', 'tests'], 'phpunit/php-code-coverage' => ['tests'], + 'phpunit/php-file-iterator' => ['tests'], + 'phpunit/php-text-template' => [], 'phpunit/php-timer' => ['tests'], 'phpunit/php-token-stream' => ['tests'], 'phpunit/phpunit' => ['tests'], + 'psr/container' => [], + 'psr/http-factory' => [], + 'psr/http-message' => [], + 'psr/log' => [], + 'ralouphie/getallheaders' => ['tests'], 'sebastian/code-unit-reverse-lookup' => ['tests'], 'sebastian/comparator' => ['tests'], 'sebastian/diff' => ['tests'], @@ -57,7 +84,11 @@ class Composer { 'sebastian/object-enumerator' => ['tests'], 'sebastian/object-reflector' => ['tests'], 'sebastian/recursion-context' => ['tests'], + 'sebastian/resource-operations' => ['tests'], + 'sebastian/type' => ['tests'], + 'sebastian/version' => [], 'seld/jsonlint' => ['tests'], + 'seld/phar-utils' => [], 'squizlabs/php_codesniffer' => ['tests'], 'stack/builder' => ['tests'], 'symfony/browser-kit' => ['Tests'], @@ -66,23 +97,38 @@ class Composer { 'symfony/debug' => ['Tests'], 'symfony/dependency-injection' => ['Tests'], 'symfony/dom-crawler' => ['Tests'], - 'symfony/filesystem' => ['Tests'], - 'symfony/finder' => ['Tests'], 'symfony/error-handler' => ['Tests'], 'symfony/event-dispatcher' => ['Tests'], + 'symfony/event-dispatcher-contracts' => [], + 'symfony/filesystem' => ['Tests'], + 'symfony/finder' => ['Tests'], 'symfony/http-foundation' => ['Tests'], 'symfony/http-kernel' => ['Tests'], + 'symfony/lock' => ['Tests'], + 'symfony/mime' => ['Tests'], 'symfony/phpunit-bridge' => ['Tests'], + 'symfony/polyfill-ctype' => [], + 'symfony/polyfill-iconv' => [], + 'symfony/polyfill-intl-idn' => [], + 'symfony/polyfill-mbstring' => [], + 'symfony/polyfill-php72' => [], + 'symfony/polyfill-php73' => [], + 'symfony/polyfill-php80' => [], 'symfony/process' => ['Tests'], 'symfony/psr-http-message-bridge' => ['Tests'], 'symfony/routing' => ['Tests'], 'symfony/serializer' => ['Tests'], + 'symfony/service-contracts' => ['Test', 'Tests'], 'symfony/translation' => ['Tests'], - 'symfony/validator' => ['Tests', 'Resources'], + 'symfony/translation-contracts' => ['Test', 'Tests'], + 'symfony/validator' => ['Test', 'Tests', 'Resources'], + 'symfony/var-dumper' => ['Tests'], 'symfony/yaml' => ['Tests'], - 'symfony-cmf/routing' => ['Test', 'Tests'], + 'symfony-cmf/routing' => ['tests'], 'theseer/tokenizer' => ['tests'], - 'twig/twig' => ['doc', 'ext', 'test', 'tests'], + 'twig/twig' => ['doc', 'lib/Twig/Test', 'src/Test', 'tests'], + 'typo3/phar-stream-wrapper' => ['tests'], + 'webmozart/assert' => ['tests'], ]; /** diff --git a/core/tests/Drupal/Tests/ComposerIntegrationTest.php b/core/tests/Drupal/Tests/ComposerIntegrationTest.php index 5cd2719bebf..2c0c3a3ca0e 100644 --- a/core/tests/Drupal/Tests/ComposerIntegrationTest.php +++ b/core/tests/Drupal/Tests/ComposerIntegrationTest.php @@ -260,9 +260,8 @@ class ComposerIntegrationTest extends UnitTestCase { $reflection = new \ReflectionProperty($class, $property); $reflection->setAccessible(TRUE); $config = $reflection->getValue(); - foreach (array_keys($config) as $package) { - $this->assertContains(strtolower($package), $packages); - } + $config_packages = array_map('strtolower', array_keys($config)); + $this->assertEqualsCanonicalizing($packages, $config_packages); } /**