kariricode-devkit/src/Runner/ComposerAuditRunner.php at 62320425488deb7e0d5508b132f566e9a4104b3d · KaririCode-Framework/kariricode-devkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php

declare(strict_types=1);

namespace KaririCode\Devkit\Runner;

/**
 * Runs `composer audit` for known vulnerability scanning.
 *
 * Unlike other runners, this invokes the `composer` binary directly
 * and does not require a generated config file.
 *
 * @since 1.0.0
 */
final class ComposerAuditRunner extends AbstractToolRunner
{
    #[\Override]
    public function toolName(): string
    {
        return 'composer-audit';
    }

    #[\Override]
    protected function vendorBin(): string
    {
        return 'vendor/bin/composer';
    }

    #[\Override]
    protected function defaultArguments(): array
    {
        return ['audit', '--format=plain', '--ansi'];
    }

    /**
     * Composer is typically global — override binary resolution
     * to prefer global `composer` before vendor path.
     */
    #[\Override]
    protected function binary(): ?string
    {
        /** @psalm-suppress ForbiddenCode — shell_exec is intentional for binary resolution; input is escaped */
        $global = trim((string) shell_exec('command -v ' . escapeshellarg('composer') . ' 2>/dev/null'));

        if ('' !== $global && is_executable($global)) {
            return $global;
        }

        return parent::binary();
    }
}