/
AuditCommand.php
49 lines (41 loc) · 1.75 KB
/
AuditCommand.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<?php
namespace Composer\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Composer\Factory;
use Composer\Util\Auditor;
use Composer\Util\Filesystem;
use Symfony\Component\Console\Input\InputOption;
class AuditCommand extends BaseCommand
{
protected function configure()
{
$this
->setName('audit')
->setDescription('Checks for security vulnerability advisories for packages in your composer.lock.')
->setDefinition(array(
new InputOption('no-dev', null, InputOption::VALUE_NONE, 'Disables auditing of require-dev packages.'),
))
->setHelp(
<<<EOT
The <info>audit</info> command checks for security vulnerability advisories for packages in your composer.lock.
If you do not want to include dev dependencies in the audit you can omit them with --no-dev
Read more at https://getcomposer.org/doc/03-cli.md#audit
EOT
)
;
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$lockFile = Factory::getLockFile(Factory::getComposerFile());
if (!Filesystem::isReadable($lockFile)) {
$this->getIO()->writeError('<error>' . $lockFile . ' is not readable.</error>');
return 1;
}
$composer = $this->requireComposer($input->getOption('no-plugins'), $input->getOption('no-scripts'));
$locker = $composer->getLocker();
$packages = $locker->getLockedRepository(!$input->getOption('no-dev'))->getPackages();
$httpDownloader = Factory::createHttpDownloader($this->getIO(), $composer->getConfig());
return Auditor::audit($this->getIO(), $httpDownloader, $packages, false);
}
}