-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
SecurityUpdatesTest.php
70 lines (63 loc) · 3.13 KB
/
SecurityUpdatesTest.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
namespace Unish;
use Composer\Semver\Semver;
/**
* Tests "pm:security" command.
* @group commands
* @group pm
*/
class SecurityUpdatesTest extends UnishIntegrationTestCase
{
/**
* Test that insecure Drupal packages are correctly identified.
*/
public function testInsecureDrupalPackage()
{
if (Semver::satisfies(\Drupal::VERSION, '^10')) {
$this->markTestSkipped('drupal/semver_example not yet compatible.');
}
list($expected_package, $expected_version) = ['drupal/semver_example', '2.2.0'];
$this->drush('pm:security', [], ['format' => 'json'], self::EXIT_ERROR_WITH_CLARITY);
$this->assertStringContainsString('One or more of your dependencies has an outstanding security update.', $this->getErrorOutput());
$this->assertStringContainsString("$expected_package", $this->getErrorOutput());
$security_advisories = $this->getOutputFromJSON();
$this->arrayHasKey($expected_package, $security_advisories);
$this->assertEquals($expected_package, $security_advisories[$expected_package]['name']);
$this->assertEquals($expected_version, $security_advisories[$expected_package]['version']);
// If our SUT is 9.2.8, then we should find a security update for Drupal core too.
if (\Drupal::VERSION != '9.2.8') {
$this->markTestSkipped("We only test for drupal/core security updates if the SUT is on Drupal 9.2.8");
}
$this->assertStringContainsString("Try running: composer require drupal/core", $this->getErrorOutput());
$this->arrayHasKey('drupal/core', $security_advisories);
$this->assertEquals('drupal/core', $security_advisories['drupal/core']['name']);
$this->assertEquals('9.2.8', $security_advisories['drupal/core']['version']);
}
/**
* Test that dev modules are correctly excluded.
*/
public function testNoInsecureProductionDrupalPackage()
{
$this->drush('pm:security', [], ['format' => 'json', 'no-dev' => true], self::EXIT_SUCCESS);
$this->assertStringContainsString('There are no outstanding security updates for Drupal projects', $this->getErrorOutput());
}
/**
* Test that insecure PHP packages are correctly identified.
*/
public function testInsecurePhpPackage()
{
$this->drush('pm:security-php', [], ['format' => 'json'], self::EXIT_ERROR_WITH_CLARITY);
$this->assertStringContainsString('One or more of your dependencies has an outstanding security update.', $this->getErrorOutput());
$this->assertStringContainsString('Run composer why david-garcia/phpwhois', $this->getErrorOutput());
$security_advisories = $this->getOutputFromJSON();
$this->arrayHasKey('david-garcia/phpwhois', $security_advisories);
}
/**
* Test that dev dependencies are correctly excluded.
*/
public function testNoInsecureProductionPhpPackage()
{
$this->drush('pm:security-php', [], ['format' => 'json', 'no-dev' => true], self::EXIT_SUCCESS);
$this->assertStringContainsString('There are no outstanding security updates for your dependencies.', $this->getErrorOutput());
}
}