Merge remote-tracking branch 'edas/exception-on-broken-signature'

12 years ago · b59489f6ae
parent 9521d1e7ad a8a99cee24
commit b59489f6ae
2 changed files with 23 additions and 1 deletions
--- a/src/Composer/Repository/ComposerRepository.php
+++ b/src/Composer/Repository/ComposerRepository.php
@ -468,8 +468,8 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository
                        continue;
                    }

-                    // TODO throw SecurityException and abort once we are sure this can not happen accidentally
                    $this->io->write('<warning>The contents of '.$filename.' do not match its signature, this is most likely due to a temporary glitch but could indicate a man-in-the-middle attack. Try running composer again and please report it if it still persists.</warning>');
+                    throw new RepositorySecurityException('The contents of '.$filename.' do not match its signature');
                }
                $data = JsonFile::parseJson($json, $filename);
                $this->cache->write($cacheKey, $json);
--- a/src/Composer/Repository/RepositorySecurityException.php
+++ b/src/Composer/Repository/RepositorySecurityException.php
@ -0,0 +1,22 @@
+<?php
+
+/*
+ * This file is part of Composer.
+ *
+ * (c) 
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Composer\Repository;
+
+/**
+ * Thrown when a security problem, like a broken or missing signature
+ *
+ * @author Eric Daspet <edaspet@survol.fr>
+ */
+class RepositorySecurityException extends \Exception
+{
+	// nothing more, standard Exception
+}