search

laminas / laminas-diagnostics

A set of components for performing diagnostic tests in PHP applications
https://docs.laminas.dev/laminas-diagnostics/
BSD 3-Clause "New" or "Revised" License
55 stars 32 forks source link

SecurityAdvisory does "work" in the constructor #28

Closed kbond closed 2 years ago

kbond commented 3 years ago

Bug Report

Q A
Version(s) 1.10.0

Summary

https://github.com/laminas/laminas-diagnostics/pull/16 added code does work in SecurityAdvisory::__construct() that causes temporary files to be created. Related: https://github.com/liip/LiipMonitorBundle/issues/261.

Ping @paras-malhotra.

Ocramius commented 3 years ago

Hey @kbond, the code in #16 does not include added code that generates temporary files: can you link to a specific code fragment, please?

lostfocus commented 3 years ago

Hi, I was the original reporter in https://github.com/liip/LiipMonitorBundle/issues/261 - the problem is happening here: https://github.com/laminas/laminas-diagnostics/blob/1557e3f173fd00291d286b3ea1b98454c21b08d4/src/Check/SecurityAdvisory.php#L60 The function call within the constructor triggers a download of https://codeload.github.com/FriendsOfPHP/security-advisories/zip/master in the Enlightn Security Checker. (https://github.com/enlightn/security-checker/blob/main/src/AdvisoryFetcher.php)

Ocramius commented 3 years ago

I see - indeed, that should be moved to the body of the check.

Can you adjust that through a patch perhaps?

Ocramius commented 2 years ago

This was handled in #29