hugo
/
composer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Validate config schema before loading it, fixes #10685

Browse Source
main
Jordi Boggiano 2 years ago
parent 10287fcea3
commit 8e93566c18
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
3 changed files with 70 additions and 16 deletions
Show Stats Download Patch File Download Diff File

58
src/Composer/Factory.php
Unescape Escape View File

@ -40,6 +40,7 @@ use Composer\Downloader\TransportException;
use Composer\Json\JsonValidationException; use Composer\Json\JsonValidationException;
use Composer\Repository\InstalledRepositoryInterface; use Composer\Repository\InstalledRepositoryInterface;
use Seld\JsonLint\JsonParser; use Seld\JsonLint\JsonParser;
use UnexpectedValueException;
use ZipArchive; use ZipArchive;
/** /**
@ -170,18 +171,21 @@ class Factory
// determine and add main dirs to the config // determine and add main dirs to the config
$home = self::getHomeDir(); $home = self::getHomeDir();
$config->merge(array('config' => array( $config->merge(array(
'home' => $home, 'config' => array(
'cache-dir' => self::getCacheDir($home), 'home' => $home,
'data-dir' => self::getDataDir($home), 'cache-dir' => self::getCacheDir($home),
)), Config::SOURCE_DEFAULT); 'data-dir' => self::getDataDir($home),
)
), Config::SOURCE_DEFAULT);
// load global config // load global config
$file = new JsonFile($config->get('home').'/config.json'); $file = new JsonFile($config->get('home').'/config.json');
if ($file->exists()) { if ($file->exists()) {
if ($io && $io->isDebug()) { if ($io) {
$io->writeError('Loading config file ' . $file->getPath()); $io->writeError('Loading config file ' . $file->getPath(), true, IOInterface::DEBUG);
} }
self::validateJsonSchema($io, $file);
$config->merge($file->read(), $file->getPath()); $config->merge($file->read(), $file->getPath());
} }
$config->setConfigSource(new JsonConfigSource($file)); $config->setConfigSource(new JsonConfigSource($file));
@ -205,26 +209,30 @@ class Factory
// load global auth file // load global auth file
$file = new JsonFile($config->get('home').'/auth.json'); $file = new JsonFile($config->get('home').'/auth.json');
if ($file->exists()) { if ($file->exists()) {
if ($io && $io->isDebug()) { if ($io) {
$io->writeError('Loading config file ' . $file->getPath()); $io->writeError('Loading config file ' . $file->getPath(), true, IOInterface::DEBUG);
} }
self::validateJsonSchema($io, $file, JsonFile::AUTH_SCHEMA);
$config->merge(array('config' => $file->read()), $file->getPath()); $config->merge(array('config' => $file->read()), $file->getPath());
} }
$config->setAuthConfigSource(new JsonConfigSource($file, true)); $config->setAuthConfigSource(new JsonConfigSource($file, true));
// load COMPOSER_AUTH environment variable if set // load COMPOSER_AUTH environment variable if set
if ($composerAuthEnv = Platform::getEnv('COMPOSER_AUTH')) { if ($composerAuthEnv = Platform::getEnv('COMPOSER_AUTH')) {
$authData = json_decode($composerAuthEnv, true); $authData = json_decode($composerAuthEnv);
if (null === $authData) { if (null === $authData) {
if ($io) { if ($io) {
$io->writeError('<error>COMPOSER_AUTH environment variable is malformed, should be a valid JSON object</error>'); $io->writeError('<error>COMPOSER_AUTH environment variable is malformed, should be a valid JSON object</error>');
} }
} else { } else {
if ($io && $io->isDebug()) { if ($io) {
$io->writeError('Loading auth config from COMPOSER_AUTH'); $io->writeError('Loading auth config from COMPOSER_AUTH', true, IOInterface::DEBUG);
}
self::validateJsonSchema($io, $authData, JsonFile::AUTH_SCHEMA, 'COMPOSER_AUTH');
$authData = json_decode($composerAuthEnv, true);
if (null !== $authData) {
$config->merge(array('config' => $authData), 'COMPOSER_AUTH');
} }
$config->merge(array('config' => $authData), 'COMPOSER_AUTH');
} }
} }
@ -690,4 +698,26 @@ class Factory
return rtrim(strtr($home, '\\', '/'), '/'); return rtrim(strtr($home, '\\', '/'), '/');
} }
/**
* @param mixed $fileOrData
* @param JsonFile::*_SCHEMA $schema
*/
private static function validateJsonSchema(?IOInterface $io, $fileOrData, int $schema = JsonFile::LAX_SCHEMA, ?string $source = null): void
{
try {
if ($fileOrData instanceof JsonFile) {
$fileOrData->validateSchema($schema);
} else {
JsonFile::validateJsonSchema($source, $fileOrData, $schema);
}
} catch (JsonValidationException $e) {
$msg = $e->getMessage().', this may result in errors and should be resolved:'.PHP_EOL.' - '.implode(PHP_EOL.' - ', $e->getErrors());
if ($io) {
$io->writeError('<warning>'.$msg.'</>');
} else {
throw new UnexpectedValueException($msg);
}
}
}
} }

14
src/Composer/Json/JsonFile.php
Unescape Escape View File

@ -30,6 +30,7 @@ class JsonFile
{ {
public const LAX_SCHEMA = 1; public const LAX_SCHEMA = 1;
public const STRICT_SCHEMA = 2; public const STRICT_SCHEMA = 2;
public const AUTH_SCHEMA = 3;
/** @deprecated Use \JSON_UNESCAPED_SLASHES */ /** @deprecated Use \JSON_UNESCAPED_SLASHES */
public const JSON_UNESCAPED_SLASHES = 64; public const JSON_UNESCAPED_SLASHES = 64;
@ -186,7 +187,9 @@ class JsonFile
* @param string|null $schemaFile a path to the schema file * @param string|null $schemaFile a path to the schema file
* @throws JsonValidationException * @throws JsonValidationException
* @throws ParsingException * @throws ParsingException
* @return bool true on success * @return true true on success
*
* @phpstan-param self::*_SCHEMA $schema
*/ */
public function validateSchema(int $schema = self::STRICT_SCHEMA, ?string $schemaFile = null): bool public function validateSchema(int $schema = self::STRICT_SCHEMA, ?string $schemaFile = null): bool
{ {
@ -197,6 +200,11 @@ class JsonFile
self::validateSyntax($content, $this->path); self::validateSyntax($content, $this->path);
} }
return self::validateJsonSchema($this->path, $data, $schema, $schemaFile);
}
public static function validateJsonSchema($source, $data, int $schema, ?string $schemaFile = null): bool
{
$isComposerSchemaFile = false; $isComposerSchemaFile = false;
if (null === $schemaFile) { if (null === $schemaFile) {
$isComposerSchemaFile = true; $isComposerSchemaFile = true;
@ -216,6 +224,8 @@ class JsonFile
} elseif ($schema === self::STRICT_SCHEMA && $isComposerSchemaFile) { } elseif ($schema === self::STRICT_SCHEMA && $isComposerSchemaFile) {
$schemaData->additionalProperties = false; $schemaData->additionalProperties = false;
$schemaData->required = array('name', 'description'); $schemaData->required = array('name', 'description');
} elseif ($schema === self::AUTH_SCHEMA && $isComposerSchemaFile) {
$schemaData = (object) array('$ref' => $schemaFile.'#/properties/config', '$schema'=> "https://json-schema.org/draft-04/schema#");
} }
$validator = new Validator(); $validator = new Validator();
@ -226,7 +236,7 @@ class JsonFile
foreach ((array) $validator->getErrors() as $error) { foreach ((array) $validator->getErrors() as $error) {
$errors[] = ($error['property'] ? $error['property'].' : ' : '').$error['message']; $errors[] = ($error['property'] ? $error['property'].' : ' : '').$error['message'];
} }
throw new JsonValidationException('"'.$this->path.'" does not match the expected JSON schema', $errors); throw new JsonValidationException('"'.$source.'" does not match the expected JSON schema', $errors);
} }
return true; return true;

14
tests/Composer/Test/Json/JsonFileTest.php
Unescape Escape View File

@ -239,6 +239,20 @@ class JsonFileTest extends TestCase
unlink($schema); unlink($schema);
} }
public function testAuthSchemaValidationWithCustomDataSource(): void
{
$json = json_decode('{"github-oauth": "foo"}');
$expectedMessage = sprintf('"COMPOSER_AUTH" does not match the expected JSON schema');
$expectedError = 'github-oauth : String value found, but an object is required';
try {
JsonFile::validateJsonSchema('COMPOSER_AUTH', $json, JsonFile::AUTH_SCHEMA);
$this->fail('Expected exception to be thrown');
} catch (JsonValidationException $e) {
$this->assertEquals($expectedMessage, $e->getMessage());
$this->assertSame([$expectedError], $e->getErrors());
}
}
public function testParseErrorDetectMissingCommaMultiline(): void public function testParseErrorDetectMissingCommaMultiline(): void
{ {
$json = '{ $json = '{

Write Preview
Loading…
Cancel
Save