Merge pull request #15 from shochdoerfer/fix/upgrade_securitychecker

Fix logic to cope with changes after securitychecker upgrade

Author: shochdoerfer

build.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<project name="securitychecker" basedir="." default="check">
+<project name="securitychecker" basedir="." default="security:check">
 
     <taskdef name="securitychecker" classpath="${phing.dir.securitychecker}/src" classname="bitExpert\Phing\SecurityChecker\SecurityCheckerTask" />
 
@@ -16,6 +16,15 @@
             </then>
         </if>
 
+        <if>
+            <not>
+                <isset property="securitychecker.endpoint" />
+            </not>
+            <then>
+                <property name="securitychecker.endpoint" value="" override="true" />
+            </then>
+        </if>
+
         <securitychecker lockfile="${securitychecker.lockfile}" endpoint="${securitychecker.endpoint}" />
     </target>
 </project>

composer.json

@@ -17,6 +17,7 @@
   "license": "Apache-2.0",
   "require": {
     "php": "^7.1",
+    "ext-json": "*",
     "phing/phing": "^2.8.0",
     "sensiolabs/security-checker": "^5.0"
   },

composer.lock

@@ -67,8 +67,6 @@ public function main()
         }
 
         $checker = $this->getSecurityChecker();
-        $vulnerabilities = [];
-
         try {
             if (!empty($this->timeout)) {
                 $checker->getCrawler()->setTimeout($this->timeout);
@@ -77,8 +75,22 @@ public function main()
                 $checker->getCrawler()->setEndPoint($this->endPoint);
             }
 
-            $vulnerabilities = $checker->check($this->lockFile);
-            foreach ($vulnerabilities as $dependency => $issues) {
+            $vulnerabilities = $checker->check($this->lockFile, 'json');
+            if ($vulnerabilities->count() === 0) {
+                $this->log('No vulnerabilities found!');
+                return;
+            }
+
+            if ($vulnerabilities->getFormat() !== 'json') {
+                throw new \BuildException('Was expecting JSON response, but got "' . $vulnerabilities->getFormat().'"');
+            }
+
+            $dependencies = json_decode($vulnerabilities->__toString(), true);
+            if (!is_array($dependencies)) {
+                throw new \BuildException('The web service response could not be parsed!');
+            }
+
+            foreach ($dependencies as $dependency => $issues) {
                 $dependencyFullName = $dependency . ' (' . $issues['version'] . ')';
                 $this->log($dependencyFullName);
                 $this->log(str_repeat('-', strlen($dependencyFullName)));
@@ -101,9 +113,7 @@ public function main()
             throw new \BuildException($e);
         }
 
-        if (count($vulnerabilities) > 0) {
-            throw new \BuildException('Vulnerabilities found!');
-        }
+        throw new \BuildException('Vulnerabilities found!');
     }
 
     /**

src/bitExpert/Phing/SecurityChecker/SecurityCheckerTask.php

@@ -13,6 +13,7 @@
 
 use PHPUnit\Framework\TestCase;
 use SensioLabs\Security\Crawler;
+use SensioLabs\Security\Result;
 use SensioLabs\Security\SecurityChecker;
 
 /**
@@ -162,7 +163,7 @@ protected function createMockObjects(array $vulnerabilities = [])
         $this->checker = $this->createMock(SecurityChecker::class);
         $this->checker->expects($this->any())
             ->method('check')
-            ->willReturn($vulnerabilities);
+            ->willReturn(new Result(count($vulnerabilities), json_encode($vulnerabilities), 'json'));
         $this->checker->expects($this->any())
             ->method('getCrawler')
             ->willReturn($this->crawler);