View source
<?php
namespace Drupal\Tests\system\Kernel\SecurityAdvisories;
use Drupal\Core\Extension\Extension;
use Drupal\Core\Extension\ModuleExtensionList;
use Drupal\Core\Logger\RfcLoggerTrait;
use Drupal\Core\Logger\RfcLogLevel;
use Drupal\KernelTests\KernelTestBase;
use GuzzleHttp\Client;
use GuzzleHttp\Exception\TransferException;
use GuzzleHttp\Handler\MockHandler;
use GuzzleHttp\HandlerStack;
use GuzzleHttp\Middleware;
use GuzzleHttp\Psr7\Response;
use Psr\Log\LoggerInterface;
class SecurityAdvisoriesFetcherTest extends KernelTestBase implements LoggerInterface {
use RfcLoggerTrait;
protected $watchdogExceptionMessages = [];
protected $logErrorMessages = [];
protected static $modules = [
'system',
'advisory_feed_test',
];
protected $history = [];
protected function setUp() : void {
parent::setUp();
$this
->installConfig('system');
$this->container
->get('logger.factory')
->addLogger($this);
}
public function testShowAdvisories(array $feed_item, string $existing_version = NULL) : void {
$this
->setFeedItems([
$feed_item,
]);
if ($existing_version !== NULL) {
$this
->setExistingProjectVersion($existing_version);
}
$links = $this
->getAdvisories();
$this
->assertCount(1, $links);
$this
->assertSame('http://example.com', $links[0]
->getUrl());
$this
->assertSame('SA title', $links[0]
->getTitle());
$this
->assertCount(1, $this->history);
}
public function providerShowAdvisories() : array {
return [
'contrib:exact:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0',
],
],
'existing_version' => '8.x-1.0',
],
'contrib:semver:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'1.0.0',
],
],
'existing_version' => '1.0.0',
],
'contrib:exact:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0',
],
],
'existing_version' => '8.x-1.0',
],
'contrib:not-exact:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0',
],
],
'existing_version' => '1.0',
],
'contrib:non-matching:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0',
],
],
'existing_version' => '8.x-2.0',
],
'contrib:no-insecure:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'module',
'project' => 'the_project',
'insecure' => [],
],
'existing_version' => '8.x-2.0',
],
'contrib:no-existing-version:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-2.0',
],
],
'existing_version' => '',
],
'contrib:dev:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'module',
'project' => 'the_project',
'insecure' => [],
],
'existing_version' => '8.x-2.x-dev',
],
'contrib:existing-dev-match-minor:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0',
],
],
'existing_version' => '8.x-1.x-dev',
],
'contrib:existing-dev-match-major-semver:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.1.1',
],
],
'existing_version' => '8.x-dev',
],
'contrib:existing-dev-match-minor-semver:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.2.1',
],
],
'existing_version' => '8.2.x-dev',
],
'core:exact:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'core',
'project' => 'drupal',
'insecure' => [
\Drupal::VERSION,
],
],
],
'core:exact:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'core',
'project' => 'drupal',
'insecure' => [
\Drupal::VERSION,
],
],
],
'core:not-exact:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'core',
'project' => 'drupal',
'insecure' => [
'9.1',
],
],
],
'core:non-matching:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'core',
'project' => 'drupal',
'insecure' => [
'9.0.0',
],
],
],
'core:no-insecure:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'core',
'project' => 'drupal',
'insecure' => [],
],
],
];
}
public function testIgnoreAdvisories(array $feed_item, string $existing_version = NULL) : void {
$this
->setFeedItems([
$feed_item,
]);
if ($existing_version !== NULL) {
$this
->setExistingProjectVersion($existing_version);
}
$this
->assertCount(0, $this
->getAdvisories());
$this
->assertCount(1, $this->history);
}
public function providerIgnoreAdvisories() : array {
return [
'contrib:not-exact:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'1.0',
],
],
'existing_version' => '8.x-1.0',
],
'contrib:non-matching:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.1',
],
],
'existing_version' => '8.x-1.0',
],
'contrib:not-exact:non-psa-reversed' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0',
],
],
'existing_version' => '1.0',
],
'contrib:semver-non-exact:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'1.0',
],
],
'existing_version' => '1.0.0',
],
'contrib:semver-major-match-not-minor:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'1.1.0',
],
],
'existing_version' => '1.0.0',
],
'contrib:semver-major-minor-match-not-patch:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'1.1.1',
],
],
'existing_version' => '1.1.0',
],
'contrib:non-matching-not-exact:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'1.1',
],
],
'existing_version' => '8.x-1.0',
],
'contrib:both-extra:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0-extraStringNotSpecial',
],
],
'existing_version' => '8.x-1.0-alsoNotSpecialNotMatching',
],
'contrib:semver-7major-match:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'7.x-1.0',
],
],
'existing_version' => '1.0.0',
],
'contrib:different-majors:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'7.x-1.0',
],
],
'existing_version' => '8.x-1.0',
],
'contrib:semver-different-majors:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'1.0.0',
],
],
'existing_version' => '2.0.0',
],
'contrib:no-version:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.1',
],
],
'existing_version' => '',
],
'contrib:insecure-extra:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0-extraStringNotSpecial',
],
],
'existing_version' => '8.x-1.0',
],
'contrib:existing-dev-different-minor:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0',
],
],
'existing_version' => '8.x-2.x-dev',
],
'contrib:existing-dev-different-major:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'7.x-1.0',
],
],
'existing_version' => '8.x-1.x-dev',
],
'contrib:existing-dev-different-major-semver:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.0.0',
],
],
'existing_version' => '9.0.x-dev',
],
'contrib:existing-dev-different-major-no-minor-semver:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.0.0',
],
],
'existing_version' => '9.x-dev',
],
'contrib:existing-dev-different-minor-semver:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'1.0.0',
],
],
'existing_version' => '1.1.0-dev',
],
'contrib:existing-dev-different-minor-x-semver:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'1.0.0',
],
],
'existing_version' => '1.1.x-dev',
],
'contrib:existing-dev-different-8major-semver:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0',
],
],
'existing_version' => '8.x-dev',
],
'contrib:non-existing-project:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'non_existing_project',
'insecure' => [
'8.x-1.0',
],
],
],
'contrib:non-existing-project:psa' => [
'feed_item' => [
'is_psa' => 1,
'type' => 'module',
'project' => 'non_existing_project',
'insecure' => [
'8.x-1.0',
],
],
],
'core:non-matching:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'core',
'project' => 'drupal',
'insecure' => [
'9.0.0',
],
],
],
'core:non-matching-not-exact:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'core',
'project' => 'drupal',
'insecure' => [
'9.1',
],
],
],
'core:no-insecure:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'core',
'project' => 'drupal',
'insecure' => [],
],
],
'contrib:existing-extra:non-psa' => [
'feed_item' => [
'is_psa' => 0,
'type' => 'module',
'project' => 'the_project',
'insecure' => [
'8.x-1.0',
],
],
'existing_version' => '8.x-1.0-extraStringNotSpecial',
],
];
}
protected function setFeedItems(array $feed_items) : void {
$responses = [];
foreach ($feed_items as $feed_item) {
$feed_item += [
'title' => 'SA title',
'link' => 'http://example.com',
];
$responses[] = new Response('200', [], json_encode([
$feed_item,
]));
}
$this
->setTestFeedResponses($responses);
}
protected function setExistingProjectVersion(string $existing_version) : void {
$module_list = $this
->prophesize(ModuleExtensionList::class);
$extension = $this
->prophesize(Extension::class)
->reveal();
$extension->info = [
'project' => 'the_project',
];
if (!empty($existing_version)) {
$extension->info['version'] = $existing_version;
}
$module_list
->getList()
->willReturn([
$extension,
]);
$this->container
->set('extension.list.module', $module_list
->reveal());
}
public function testIntervalConfigUpdate() : void {
$feed_item_1 = [
'is_psa' => 1,
'type' => 'core',
'title' => 'Oh no🙀! Advisory 1',
'project' => 'drupal',
'insecure' => [
\Drupal::VERSION,
],
];
$feed_item_2 = [
'is_psa' => 1,
'type' => 'core',
'title' => 'Oh no😱! Advisory 2',
'project' => 'drupal',
'insecure' => [
\Drupal::VERSION,
],
];
$this
->setFeedItems([
$feed_item_1,
$feed_item_2,
]);
$advisories = $this
->getAdvisories();
$this
->assertCount(1, $advisories);
$this
->assertSame($feed_item_1['title'], $advisories[0]
->getTitle());
$this
->assertCount(1, $this->history);
$advisories = $this
->getAdvisories();
$this
->assertCount(1, $this->history);
$this
->assertCount(1, $advisories);
$this
->assertSame($feed_item_1['title'], $advisories[0]
->getTitle());
$config = $this->container
->get('config.factory')
->getEditable('system.advisories');
$interval = $config
->get('interval_hours');
$config
->set('interval_hours', $interval + 1)
->save();
$advisories = $this
->getAdvisories();
$this
->assertCount(1, $this->history);
$this
->assertCount(1, $advisories);
$this
->assertSame($feed_item_1['title'], $advisories[0]
->getTitle());
$config
->set('interval_hours', $interval - 1)
->save();
$advisories = $this
->getAdvisories();
$this
->assertCount(2, $this->history);
$this
->assertCount(1, $advisories);
$this
->assertSame($feed_item_2['title'], $advisories[0]
->getTitle());
}
public function testInvalidJsonResponse() : void {
$non_json_response = new Response(200, [], '1');
$json_response = new Response(200, [], '[]');
$this
->setTestFeedResponses([
$non_json_response,
$non_json_response,
$json_response,
]);
$this
->assertNull($this
->getAdvisories());
$this
->assertCount(1, $this->history);
$this
->assertServiceAdvisoryLoggedErrors([
'The security advisory JSON feed from Drupal.org could not be decoded.',
]);
$this
->assertNull($this
->getAdvisories());
$this
->assertCount(2, $this->history);
$this
->assertServiceAdvisoryLoggedErrors([
'The security advisory JSON feed from Drupal.org could not be decoded.',
]);
$this
->assertNull($this
->getAdvisories(FALSE));
$this
->assertCount(2, $this->history);
$this
->assertCount(0, $this
->getAdvisories());
$this
->assertCount(3, $this->history);
$this
->assertCount(0, $this
->getAdvisories());
$this
->assertCount(3, $this->history);
$this
->assertServiceAdvisoryLoggedErrors([]);
}
public function testHttpFallback() : void {
$this
->setSetting('update_fetch_with_http_fallback', TRUE);
$feed_item = [
'is_psa' => 1,
'type' => 'core',
'project' => 'drupal',
'insecure' => [
\Drupal::VERSION,
],
'title' => 'SA title',
'link' => 'http://example.com',
];
$this
->setTestFeedResponses([
new Response('500', [], 'HTTPS failed'),
new Response('200', [], json_encode([
$feed_item,
])),
]);
$advisories = $this
->getAdvisories();
$this
->assertCount(2, $this->history);
$first_try = $this->history[0];
$this
->assertNotEmpty($first_try);
$this
->assertEquals('https', $first_try['request']
->getUri()
->getScheme());
$this
->assertEquals(500, $first_try['response']
->getStatusCode());
$second_try = $this->history[1];
$this
->assertNotEmpty($second_try);
$this
->assertEquals('http', $second_try['request']
->getUri()
->getScheme());
$this
->assertEquals(200, $second_try['response']
->getStatusCode());
$this
->assertCount(1, $advisories);
$this
->assertSame('http://example.com', $advisories[0]
->getUrl());
$this
->assertSame('SA title', $advisories[0]
->getTitle());
$this
->assertSame([
"Server error: `GET https://updates.drupal.org/psa.json` resulted in a `500 Internal Server Error` response:\nHTTPS failed\n",
], $this->watchdogExceptionMessages);
}
public function testNoHttpFallback() : void {
$this
->setTestFeedResponses([
new Response('500', [], 'HTTPS failed'),
]);
$exception_thrown = FALSE;
try {
$this
->getAdvisories();
} catch (TransferException $exception) {
$this
->assertSame("Server error: `GET https://updates.drupal.org/psa.json` resulted in a `500 Internal Server Error` response:\nHTTPS failed\n", $exception
->getMessage());
$exception_thrown = TRUE;
}
$this
->assertTrue($exception_thrown);
$this
->assertCount(1, $this->history);
$request = $this->history[0]['request'];
$this
->assertNotEmpty($request);
$this
->assertEquals('https', $request
->getUri()
->getScheme());
$response = $this->history[0]['response'];
$this
->assertEquals(500, $response
->getStatusCode());
}
protected function getAdvisories(bool $allow_http_request = TRUE) : ?array {
$fetcher = $this->container
->get('system.sa_fetcher');
return $fetcher
->getSecurityAdvisories($allow_http_request);
}
protected function setTestFeedResponses(array $responses) : void {
$mock = new MockHandler($responses);
$handler_stack = HandlerStack::create($mock);
$history = Middleware::history($this->history);
$handler_stack
->push($history);
$this->container
->get('kernel')
->rebuildContainer();
$this->container = $this->container
->get('kernel')
->getContainer();
$this->container
->get('logger.factory')
->addLogger($this);
$this->container
->set('http_client', new Client([
'handler' => $handler_stack,
]));
}
protected function assertServiceAdvisoryLoggedErrors(array $expected_messages) : void {
$this
->assertSame($expected_messages, $this->logErrorMessages);
$this->logErrorMessages = [];
}
public function log($level, $message, array $context = []) : void {
if (isset($context['@message'])) {
$this->watchdogExceptionMessages[] = $context['@message'];
}
if ($level === RfcLogLevel::ERROR) {
$this->logErrorMessages[] = $message;
}
}
}