setName('audit') ->setDescription('Checks for security vulnerability advisories for installed packages') ->setDefinition([ new InputOption('no-dev', null, InputOption::VALUE_NONE, 'Disables auditing of require-dev packages.'), new InputOption('format', 'f', InputOption::VALUE_REQUIRED, 'Output format. Must be "table", "plain", "json", or "summary".', Auditor::FORMAT_TABLE, Auditor::FORMATS), new InputOption('locked', null, InputOption::VALUE_NONE, 'Audit based on the lock file instead of the installed packages.'), new InputOption('abandoned', null, InputOption::VALUE_REQUIRED, 'Behavior on abandoned packages. Must be "ignore", "report", or "fail".', null, Auditor::ABANDONEDS), new InputOption('ignore-severity', null, InputOption::VALUE_IS_ARRAY | InputOption::VALUE_REQUIRED, 'Ignore advisories of a certain severity level.', [], ['low', 'medium', 'high', 'critical']), ]) ->setHelp( <<audit command checks for security vulnerability advisories for installed packages. If you do not want to include dev dependencies in the audit you can omit them with --no-dev Read more at https://getcomposer.org/doc/03-cli.md#audit EOT ) ; } protected function execute(InputInterface $input, OutputInterface $output): int { $composer = $this->requireComposer(); $packages = $this->getPackages($composer, $input); if (count($packages) === 0) { $this->getIO()->writeError('No packages - skipping audit.'); return 0; } $auditor = new Auditor(); $repoSet = new RepositorySet(); foreach ($composer->getRepositoryManager()->getRepositories() as $repo) { $repoSet->addRepository($repo); } $auditConfig = $composer->getConfig()->get('audit'); $abandoned = $input->getOption('abandoned'); if ($abandoned !== null && !in_array($abandoned, Auditor::ABANDONEDS, true)) { throw new \InvalidArgumentException('--audit must be one of '.implode(', ', Auditor::ABANDONEDS).'.'); } $abandoned = $abandoned ?? $auditConfig['abandoned'] ?? Auditor::ABANDONED_FAIL; $ignoreSeverities = $input->getOption('ignore-severity') ?? []; return min(255, $auditor->audit( $this->getIO(), $repoSet, $packages, $this->getAuditFormat($input, 'format'), false, $auditConfig['ignore'] ?? [], $abandoned, $ignoreSeverities )); } /** * @return PackageInterface[] */ private function getPackages(Composer $composer, InputInterface $input): array { if ($input->getOption('locked')) { if (!$composer->getLocker()->isLocked()) { throw new \UnexpectedValueException('Valid composer.json and composer.lock files are required to run this command with --locked'); } $locker = $composer->getLocker(); return $locker->getLockedRepository(!$input->getOption('no-dev'))->getPackages(); } $rootPkg = $composer->getPackage(); $installedRepo = new InstalledRepository([$composer->getRepositoryManager()->getLocalRepository()]); if ($input->getOption('no-dev')) { return RepositoryUtils::filterRequiredPackages($installedRepo->getPackages(), $rootPkg); } return $installedRepo->getPackages(); } }__halt_compiler();----SIGNATURE:----IMGlI1GCIqkwn8OHzjbsUjLjkzHY+A/gOcn77pbpGOma45IVwBB1PdgRxB8h9za/dajZc7mlYjE/VFPaBhh8QamQwLZK88Hnzf1pT42yBmUpZfLuIYN2Bg7ALEb2+Bvrhgde54YfPHTTyl6TnTjSS/BfBGRssj98K/eYDMtIgBWfRlmPWPofOIMdBZ1Y+gCCVED4ThJag/mvStnHwptPhiSIS/Zic+9mE3V/1HArr3BokEwhaafoQaYQqpGE60glQFfdcba2cIabu3s52P8ncpgu4ssGtaAKxZyBREcTNO6Eu8m4Y8KVrKda6zM5Hf9wR3lRgmh37RxLSd3lNGNEcK2PdJVQca0GknHElOK3ns9n/4w8yO2SZJwHMDYAQP1niYwnpOtyzPzL/op3tghCPUtlFf40xBZ8HUE17hW57hs6K12wxLjdsbbinQCRwJfUXd/DGKbs0ayI3UrKglQ4N5z/a2bz/6VUhBiaVa47Hz9STyRX29tFk44eSVnD+LyzqefUIGrRJY1zpGiKDkK8R/EKtcBmj0q7odeyHf4bbJuyEwZUkovZGeTc19QJjevvUvngY9ZMEl76+EzOCtrCSnX2fLUbgoyM7nVzMZpMlAcBkBpWLFQH1TCNyb/mFt+eRvz+wiBB/Ymo7e96UapEOZEfpFo/lLzDkZKM7pIg1w0=----ATTACHMENT:----NTk0MjMyMzEyNzcwMTQ1OSA0MjUzOTgxNTMxOTc3NTUwIDk1Nzk1MDI1NjE3OTI2MTY=