From 9f5c2c9e14ff10934e7db832fad49a28a4dba538 Mon Sep 17 00:00:00 2001
From: JeroenG <jeroengjeroeng@gmail.com>
Date: Sat, 11 Mar 2017 19:22:08 +0100
Subject: [PATCH] Add check command and fix dumpAutoloads for L5.1 (#32)

---
 changelog.md                 |  1 +
 composer.json                |  3 ++-
 src/PackagerCheckCommand.php | 52 ++++++++++++++++++++++++++++++++++++
 src/PackagerHelper.php       |  9 ++++---
 4 files changed, 60 insertions(+), 5 deletions(-)
 create mode 100644 src/PackagerCheckCommand.php

diff --git a/changelog.md b/changelog.md
index ad4b088..46da5ec 100644
--- a/changelog.md
+++ b/changelog.md
@@ -7,6 +7,7 @@ All Notable changes to Packager will be documented in this file.
 ### Added
 - The `new` command now also accepts an option `--i` To interactively make a package and change all Skeleton placholders.
 - Composer autoloads are dumped after installing or creating a package.
+- The `packager:check` function to check the composer lockfile for security vulnerabilities.
 
 ### Fixed
 - Replacing of the Skeleton placeholders.
diff --git a/composer.json b/composer.json
index 83f3ec3..54afd77 100644
--- a/composer.json
+++ b/composer.json
@@ -21,7 +21,8 @@
         "illuminate/support": "~5",
         "illuminate/console": "~5",
         "illuminate/filesystem": "~5",
-        "guzzlehttp/guzzle": "~6"
+        "guzzlehttp/guzzle": "~6",
+        "sensiolabs/security-checker": "^4.0"
     },
     "autoload": {
         "psr-4": {
diff --git a/src/PackagerCheckCommand.php b/src/PackagerCheckCommand.php
new file mode 100644
index 0000000..134e9eb
--- /dev/null
+++ b/src/PackagerCheckCommand.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace JeroenG\Packager;
+
+use SensioLabs\Security\SecurityChecker;
+use SensioLabs\Security\Formatters\SimpleFormatter;
+
+use Illuminate\Console\Command;
+
+/**
+ * List all locally installed packages.
+ *
+ * @package Packager
+ * @author JeroenG
+ *
+ **/
+class PackagerCheckCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'packager:check {vendor} {name}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Check the composer.lock for security vulnerabilities.';
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        $this->info('Using the SensioLabs Security Checker the composer.lock of the package is scanned for known security vulnerabilities in the dependencies.');
+        $this->info('Make sure you have a composer.lock file first (for example by running "composer install" in the folder');
+
+        $checker = new SecurityChecker();
+        $formatter = new SimpleFormatter($this->getHelperSet()->get('formatter'));
+        $vendor = $this->argument('vendor');
+        $name = $this->argument('name');
+        $lockfile = getcwd().'/packages/'.$vendor.'/'.$name.'/composer.lock';
+        $vulnerabilities = $checker->check($lockfile);
+        
+        return $formatter->displayResults($this->output, $lockfile, $vulnerabilities);
+    }
+}
\ No newline at end of file
diff --git a/src/PackagerHelper.php b/src/PackagerHelper.php
index be2fb95..fb0f8e0 100644
--- a/src/PackagerHelper.php
+++ b/src/PackagerHelper.php
@@ -5,7 +5,7 @@
 use ZipArchive;
 use RuntimeException;
 use GuzzleHttp\Client;
-use Illuminate\Support\Composer;
+//use Illuminate\Support\Composer;
 use Illuminate\Filesystem\Filesystem;
 
 /**
@@ -30,7 +30,7 @@ class PackagerHelper
     public function __construct(Filesystem $files)
     {
         $this->files = $files;
-        $this->composer = new Composer($files);
+        //$this->composer = new Composer($files);
     }
 
     /**
@@ -195,6 +195,7 @@ public function cleanUp($zipFile)
      */
     public function dumpAutoloads()
     {
-        return $this->composer->dumpAutoloads();
+        //return $this->composer->dumpAutoloads();
+        shell_exec('composer dump-autoload');
     }
-}
+}
\ No newline at end of file