class AuditCommand
Hierarchy
- class \Symfony\Component\Console\Command\Command
- class \Composer\Command\BaseCommand extends \Symfony\Component\Console\Command\Command
- class \Composer\Command\AuditCommand extends \Composer\Command\BaseCommand
- class \Composer\Command\BaseCommand extends \Symfony\Component\Console\Command\Command
Expanded class hierarchy of AuditCommand
File
-
vendor/
composer/ composer/ src/ Composer/ Command/ AuditCommand.php, line 25
Namespace
Composer\CommandView source
class AuditCommand extends BaseCommand {
protected function configure() : void {
$this->setName('audit')
->setDescription('Checks for security vulnerability advisories for installed packages')
->setDefinition([
new InputOption('no-dev', null, InputOption::VALUE_NONE, 'Disables auditing of require-dev packages.'),
new InputOption('format', 'f', InputOption::VALUE_REQUIRED, 'Output format. Must be "table", "plain", "json", or "summary".', Auditor::FORMAT_TABLE, Auditor::FORMATS),
new InputOption('locked', null, InputOption::VALUE_NONE, 'Audit based on the lock file instead of the installed packages.'),
new InputOption('abandoned', null, InputOption::VALUE_REQUIRED, 'Behavior on abandoned packages. Must be "ignore", "report", or "fail".', null, Auditor::ABANDONEDS),
new InputOption('ignore-severity', null, InputOption::VALUE_IS_ARRAY | InputOption::VALUE_REQUIRED, 'Ignore advisories of a certain severity level.', [], [
'low',
'medium',
'high',
'critical',
]),
])
->setHelp(<<<EOT
The <info>audit</info> command checks for security vulnerability advisories for installed packages.
If you do not want to include dev dependencies in the audit you can omit them with --no-dev
Read more at https://getcomposer.org/doc/03-cli.md#audit
EOT
);
}
protected function execute(InputInterface $input, OutputInterface $output) : int {
$composer = $this->requireComposer();
$packages = $this->getPackages($composer, $input);
if (count($packages) === 0) {
$this->getIO()
->writeError('No packages - skipping audit.');
return 0;
}
$auditor = new Auditor();
$repoSet = new RepositorySet();
foreach ($composer->getRepositoryManager()
->getRepositories() as $repo) {
$repoSet->addRepository($repo);
}
$auditConfig = $composer->getConfig()
->get('audit');
$abandoned = $input->getOption('abandoned');
if ($abandoned !== null && !in_array($abandoned, Auditor::ABANDONEDS, true)) {
throw new \InvalidArgumentException('--audit must be one of ' . implode(', ', Auditor::ABANDONEDS) . '.');
}
$abandoned = $abandoned ?? $auditConfig['abandoned'] ?? Auditor::ABANDONED_FAIL;
$ignoreSeverities = $input->getOption('ignore-severity') ?? [];
return min(255, $auditor->audit($this->getIO(), $repoSet, $packages, $this->getAuditFormat($input, 'format'), false, $auditConfig['ignore'] ?? [], $abandoned, $ignoreSeverities));
}
/**
* @return PackageInterface[]
*/
private function getPackages(Composer $composer, InputInterface $input) : array {
if ($input->getOption('locked')) {
if (!$composer->getLocker()
->isLocked()) {
throw new \UnexpectedValueException('Valid composer.json and composer.lock files are required to run this command with --locked');
}
$locker = $composer->getLocker();
return $locker->getLockedRepository(!$input->getOption('no-dev'))
->getPackages();
}
$rootPkg = $composer->getPackage();
$installedRepo = new InstalledRepository([
$composer->getRepositoryManager()
->getLocalRepository(),
]);
if ($input->getOption('no-dev')) {
return RepositoryUtils::filterRequiredPackages($installedRepo->getPackages(), $rootPkg);
}
return $installedRepo->getPackages();
}
}Members
| Title Sort descending | Deprecated | Modifiers | Object type | Summary | Overriden Title | Overrides |
|---|---|---|---|---|---|---|
| AuditCommand::configure | protected | function | Configures the current command. | Overrides Command::configure | ||
| AuditCommand::execute | protected | function | Executes the current command. | Overrides Command::execute | ||
| AuditCommand::getPackages | private | function | ||||
| BaseCommand::$composer | private | property | ||||
| BaseCommand::$io | private | property | ||||
| BaseCommand::complete | public | function | @inheritdoc | Overrides Command::complete | 1 | |
| BaseCommand::createComposerInstance | protected | function | Calls { | |||
| BaseCommand::formatRequirements | protected | function | ||||
| BaseCommand::getApplication | public | function | Gets the application instance for this command. | Overrides Command::getApplication | ||
| BaseCommand::getAuditFormat | protected | function | @internal | |||
| BaseCommand::getComposer | Deprecated | public | function | |||
| BaseCommand::getIO | public | function | ||||
| BaseCommand::getPlatformRequirementFilter | protected | function | ||||
| BaseCommand::getPreferredInstallOptions | protected | function | Returns preferSource and preferDist values based on the configuration. | |||
| BaseCommand::getTerminalWidth | protected | function | ||||
| BaseCommand::initialize | protected | function | @inheritDoc | Overrides Command::initialize | 1 | |
| BaseCommand::isProxyCommand | public | function | Whether or not this command is meant to call another command. | 2 | ||
| BaseCommand::normalizeRequirements | protected | function | ||||
| BaseCommand::renderTable | protected | function | ||||
| BaseCommand::requireComposer | public | function | Retrieves the default Composer\Composer instance or throws | |||
| BaseCommand::resetComposer | public | function | Removes the cached composer instance | |||
| BaseCommand::setComposer | public | function | ||||
| BaseCommand::setIO | public | function | ||||
| BaseCommand::tryComposer | public | function | Retrieves the default Composer\Composer instance or null | |||
| Command::$aliases | private | property | 1 | |||
| Command::$application | private | property | ||||
| Command::$code | private | property | ||||
| Command::$definition | private | property | ||||
| Command::$description | private | property | 1 | |||
| Command::$fullDefinition | private | property | ||||
| Command::$help | private | property | ||||
| Command::$helperSet | private | property | ||||
| Command::$hidden | private | property | ||||
| Command::$ignoreValidationErrors | private | property | 2 | |||
| Command::$name | private | property | ||||
| Command::$processTitle | private | property | ||||
| Command::$synopsis | private | property | ||||
| Command::$usages | private | property | ||||
| Command::addArgument | public | function | Adds an argument. | 2 | ||
| Command::addOption | public | function | Adds an option. | 2 | ||
| Command::addUsage | public | function | Add a command usage example, it'll be prefixed with the command name. | 2 | ||
| Command::FAILURE | public | constant | ||||
| Command::getAliases | public | function | Returns the aliases for the command. | |||
| Command::getDefaultDescription | public static | function | ||||
| Command::getDefaultName | public static | function | ||||
| Command::getDefinition | public | function | Gets the InputDefinition attached to this Command. | 2 | ||
| Command::getDescription | public | function | Returns the description for the command. | |||
| Command::getHelp | public | function | Returns the help for the command. | 2 | ||
| Command::getHelper | public | function | Gets a helper instance by name. | 2 | ||
| Command::getHelperSet | public | function | Gets the helper set. | 1 | ||
| Command::getName | public | function | Returns the command name. | |||
| Command::getNativeDefinition | public | function | Gets the InputDefinition to be used to create representations of this Command. | 2 | ||
| Command::getProcessedHelp | public | function | Returns the processed help for the command replacing the %command.name% and %command.full_name% patterns with the real values dynamically. |
2 | ||
| Command::getSynopsis | public | function | Returns the synopsis for the command. | 2 | ||
| Command::getUsages | public | function | Returns alternative usages of the command. | 2 | ||
| Command::ignoreValidationErrors | public | function | Ignores validation errors. | 2 | ||
| Command::interact | protected | function | Interacts with the user. | 5 | ||
| Command::INVALID | public | constant | ||||
| Command::isEnabled | public | function | Checks whether the command is enabled or not in the current environment. | 2 | ||
| Command::isHidden | public | function | ||||
| Command::mergeApplicationDefinition | public | function | Merges the application definition with the command definition. | 2 | ||
| Command::run | public | function | Runs the command. | 4 | ||
| Command::setAliases | public | function | Sets the aliases for the command. | |||
| Command::setApplication | public | function | 2 | |||
| Command::setCode | public | function | Sets the code to execute when running this command. | 2 | ||
| Command::setDefinition | public | function | Sets an array of argument and option instances. | 2 | ||
| Command::setDescription | public | function | Sets the description for the command. | |||
| Command::setHelp | public | function | Sets the help for the command. | 2 | ||
| Command::setHelperSet | public | function | 2 | |||
| Command::setHidden | public | function | ||||
| Command::setName | public | function | Sets the name of the command. | |||
| Command::setProcessTitle | public | function | Sets the process title of the command. | 2 | ||
| Command::SUCCESS | public | constant | ||||
| Command::validateName | private | function | Validates a command name. | |||
| Command::__construct | public | function | 15 |