Merge branch 'v3' into fix/vswhere-products

Author: luthermonson

src/StaticPHP/Artifact/Artifact.php

@@ -327,7 +327,7 @@ public function getSourceDir(): string
     public function getSourceRoot(): string
     {
         if (isset($this->config['metadata']['source-root'])) {
-            return $this->getSourceDir() . '/' . ltrim($this->config['metadata']['source-root'], '/');
+            return FileSystem::convertPath($this->getSourceDir() . '/' . ltrim($this->config['metadata']['source-root'], '/'));
         }
         return $this->getSourceDir();
     }

src/StaticPHP/Artifact/ArtifactCache.php

@@ -223,8 +223,8 @@ public function getAllBinaryInfo(string $artifact_name): array
     public function getCacheFullPath(array $cache_info): string
     {
         return match ($cache_info['cache_type']) {
-            'archive', 'file' => DOWNLOAD_PATH . '/' . $cache_info['filename'],
-            'git' => DOWNLOAD_PATH . '/' . $cache_info['dirname'],
+            'archive', 'file' => FileSystem::convertPath(DOWNLOAD_PATH . '/' . $cache_info['filename']),
+            'git' => FileSystem::convertPath(DOWNLOAD_PATH . '/' . $cache_info['dirname']),
             'local' => $cache_info['dirname'], // local dirname is absolute path
             default => throw new SPCInternalException("Unknown cache type: {$cache_info['cache_type']}"),
         };

src/StaticPHP/Artifact/Downloader/Type/GitHubTokenSetupTrait.php

@@ -16,8 +16,9 @@ public static function getGitHubTokenHeadersStatic(): array
         // GITHUB_TOKEN support
         if (($token = getenv('GITHUB_TOKEN')) !== false && ($user = getenv('GITHUB_USER')) !== false) {
             logger()->debug("Using 'GITHUB_TOKEN' with user {$user} for authentication");
-            spc_add_log_filter([$user, $token]);
-            return ['Authorization: Basic ' . base64_encode("{$user}:{$token}")];
+            $encoded = base64_encode("{$user}:{$token}");
+            spc_add_log_filter([$user, $token, $encoded]);
+            return ["Authorization: Basic {$encoded}"];
         }
         if (($token = getenv('GITHUB_TOKEN')) !== false) {
             logger()->debug("Using 'GITHUB_TOKEN' for authentication");

src/bootstrap.php

@@ -33,6 +33,23 @@
 ConsoleLogger::$format = '[%date% %level_long%] %body%';
 $ob_logger = new ConsoleLogger(LogLevel::WARNING);
 
+$ob_logger->addLogCallback(function ($level, &$output, &$message, &$context, bool $shouldLog) {
+    global $spc_log_filters;
+    if (!is_array($spc_log_filters)) {
+        $spc_log_filters = [];
+    }
+    // filter message and context
+    $output = str_replace($spc_log_filters, '***', $output);
+    $message = str_replace($spc_log_filters, '***', $message);
+    $context = array_map(function ($item) use ($spc_log_filters) {
+        if (is_string($item)) {
+            return str_replace($spc_log_filters, '***', $item);
+        }
+        return $item;
+    }, $context);
+    return true;
+});
+
 // setup log file
 if (filter_var(getenv('SPC_ENABLE_LOG_FILE'), FILTER_VALIDATE_BOOLEAN)) {
     // init spc log files

tests/GlobalsFunctionsTest.php

@@ -0,0 +1,104 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests;
+
+use PHPUnit\Framework\TestCase;
+use Psr\Log\LogLevel;
+use ZM\Logger\ConsoleLogger;
+
+/**
+ * @internal
+ */
+class GlobalsFunctionsTest extends TestCase
+{
+    protected function setUp(): void
+    {
+        $GLOBALS['spc_log_filters'] = null;
+    }
+
+    protected function tearDown(): void
+    {
+        $GLOBALS['spc_log_filters'] = null;
+    }
+
+    public function testAddLogFilterDeduplicates(): void
+    {
+        spc_add_log_filter('secret-value');
+        spc_add_log_filter('secret-value');
+        spc_add_log_filter(['secret-value', 'other']);
+
+        $this->assertSame(['secret-value', 'other'], $GLOBALS['spc_log_filters']);
+    }
+
+    public function testWriteLogMasksRegisteredValues(): void
+    {
+        spc_add_log_filter(['octocat', 'ghp_abcdef1234567890']);
+
+        $stream = fopen('php://memory', 'r+');
+        spc_write_log($stream, 'user=octocat token=ghp_abcdef1234567890');
+        rewind($stream);
+        $written = stream_get_contents($stream);
+        fclose($stream);
+
+        $this->assertSame('user=*** token=***', $written);
+    }
+
+    public function testLoggerCallbackMasksOutput(): void
+    {
+        $token = 'ghp_abcdef1234567890';
+        spc_add_log_filter($token);
+
+        $stream = fopen('php://memory', 'r+');
+        $logger = new ConsoleLogger(LogLevel::DEBUG, $stream, false);
+        $logger->addLogCallback(function ($level, &$output, &$message, &$context, bool $shouldLog) {
+            global $spc_log_filters;
+            if (!is_array($spc_log_filters)) {
+                $spc_log_filters = [];
+            }
+            $output = str_replace($spc_log_filters, '***', $output);
+            $message = str_replace($spc_log_filters, '***', $message);
+            $context = array_map(function ($item) use ($spc_log_filters) {
+                if (is_string($item)) {
+                    return str_replace($spc_log_filters, '***', $item);
+                }
+                return $item;
+            }, $context);
+            return true;
+        });
+
+        $logger->debug("[PASSTHRU] curl -H\"Authorization: Bearer {$token}\" https://api.github.com/x");
+
+        rewind($stream);
+        $written = stream_get_contents($stream);
+        fclose($stream);
+
+        $this->assertStringNotContainsString($token, $written);
+        $this->assertStringContainsString('***', $written);
+    }
+
+    public function testGitHubTokenTraitRegistersEncodedBasicAuthBlob(): void
+    {
+        $user = 'octocat';
+        $token = 'ghp_abcdef1234567890';
+        $original_token = getenv('GITHUB_TOKEN');
+        $original_user = getenv('GITHUB_USER');
+
+        putenv("GITHUB_TOKEN={$token}");
+        putenv("GITHUB_USER={$user}");
+
+        try {
+            $headers = \StaticPHP\Artifact\Downloader\Type\GitHubRelease::getGitHubTokenHeadersStatic();
+
+            $encoded = base64_encode("{$user}:{$token}");
+            $this->assertSame(["Authorization: Basic {$encoded}"], $headers);
+            $this->assertContains($user, $GLOBALS['spc_log_filters']);
+            $this->assertContains($token, $GLOBALS['spc_log_filters']);
+            $this->assertContains($encoded, $GLOBALS['spc_log_filters']);
+        } finally {
+            $original_token === false ? putenv('GITHUB_TOKEN') : putenv("GITHUB_TOKEN={$original_token}");
+            $original_user === false ? putenv('GITHUB_USER') : putenv("GITHUB_USER={$original_user}");
+        }
+    }
+}

tests/StaticPHP/Artifact/ArtifactTest.php

@@ -254,11 +254,16 @@ public function testGetSourceDirWithAbsoluteExtractInConfig(): void
         ApplicationContext::initialize();
         ApplicationContext::set(ArtifactCache::class, $cache);
 
+        // Use a platform-appropriate absolute path: a Unix-style /tmp/... isn't
+        // absolute on Windows (no drive letter), so the test would otherwise
+        // fall through into the SOURCE_PATH-prefixed branch on Windows.
+        $extract = DIRECTORY_SEPARATOR === '\\' ? 'C:\tmp\my-pkg-extract' : '/tmp/my-pkg-extract';
+
         $artifact = new Artifact('my-pkg', [
-            'source' => ['type' => 'url', 'url' => 'https://example.com/file.tar.gz', 'extract' => '/tmp/my-pkg-extract'],
+            'source' => ['type' => 'url', 'url' => 'https://example.com/file.tar.gz', 'extract' => $extract],
         ]);
 
-        $expected = str_replace(['/', '\\'], DIRECTORY_SEPARATOR, '/tmp/my-pkg-extract');
+        $expected = str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $extract);
         $this->assertSame($expected, $artifact->getSourceDir());
     }
 
@@ -703,11 +708,7 @@ private function getCurrentPlatform(): string
             'Windows' => 'windows',
             default => 'linux',
         };
-        $arch = php_uname('m');
-        if ($arch === 'arm64') {
-            $arch = 'aarch64';
-        }
-        return "{$os}-{$arch}";
+        return "{$os}-" . arch2gnu(php_uname('m'));
     }
 
     private function injectArtifactConfig(string $name, array $config): void