spec/integration/php/composer_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

require 'spec_helper'

RSpec.describe "composer" do
  subject { runner.scan(env: env) }

  let(:env) { {} }

  before do
    system("rm -rf /opt/asdf/installs/php/**/.composer")
  end

  include_examples "each report version", "php", "composer"

  context "when the project's dependencies require php-gd e.g. in the case of Drupal" do
    before do
      runner.mount(dir: fixture_file('php/composer/drupal'))
    end

    it 'installs the required dependencies and produces a valid report' do
      expect(subject).to match_schema
      expect(subject[:version]).not_to be_empty
      expect(subject[:licenses]).not_to be_empty
      expect(subject.dependency_names).to match_array(%w[
        asm89/stack-cors
        brumann/polyfill-unserialize
        composer/semver
        doctrine/annotations
        doctrine/cache
        doctrine/collections
        doctrine/common
        doctrine/event-manager
        doctrine/inflector
        doctrine/lexer
        doctrine/persistence
        doctrine/reflection
        easyrdf/easyrdf
        egulias/email-validator
        guzzlehttp/guzzle
        guzzlehttp/promises
        guzzlehttp/psr7
        masterminds/html5
        paragonie/random_compat
        pear/archive_tar
        pear/console_getopt
        pear/pear-core-minimal
        pear/pear_exception
        psr/container
        psr/http-message
        psr/log
        ralouphie/getallheaders
        stack/builder
        symfony-cmf/routing
        symfony/class-loader
        symfony/console
        symfony/debug
        symfony/dependency-injection
        symfony/event-dispatcher
        symfony/http-foundation
        symfony/http-kernel
        symfony/polyfill-ctype
        symfony/polyfill-iconv
        symfony/polyfill-intl-idn
        symfony/polyfill-intl-normalizer
        symfony/polyfill-mbstring
        symfony/polyfill-php56
        symfony/polyfill-php70
        symfony/polyfill-php72
        symfony/polyfill-util
        symfony/process
        symfony/psr-http-message-bridge
        symfony/routing
        symfony/serializer
        symfony/translation
        symfony/validator
        symfony/yaml
        twig/twig
        typo3/phar-stream-wrapper
        zendframework/zend-diactoros
        zendframework/zend-escaper
        zendframework/zend-feed
        zendframework/zend-stdlib
      ])
    end
  end

  context "when fetching dependencies from a custom registry" do
    before do
      add_host('composer.test', '127.0.0.1')
      start_proxy_server
      runner.mount(dir: fixture_file('php/composer/custom-tls'))
    end

    context "when the CA certificate is provided" do
      let(:env) { { 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read } }

      specify do
        expect(subject).to match_schema
        expect(subject.dependency_names).to match_array(['monolog/monolog'])
        expect(subject.licenses_for('monolog/monolog')).to match_array(['MIT'])
      end
    end

    context "when the CA certificate is NOT provided" do
      let(:env) { {} }

      specify { expect(subject).to match_schema }
    end
  end

  context "when scanning a project with dev dependencies" do
    before do
      runner.mount(dir: fixture_file('php/composer/dev-dependencies'))
    end

    it 'excludes the dev dependencies' do
      expect(subject).to match_schema
      expect(subject.dependency_names).to match_array(['monolog/monolog'])
      expect(subject.licenses_for('monolog/monolog')).to match_array(['MIT'])
    end
  end
end