search

repman-io / repman

Repman - PHP Repository Manager: packagist proxy and host for private packages
https://repman.io
MIT License
515 stars 107 forks source link

Bug: Update Security DB does not work with S3 or if specified directory does not exist #540

Open xvilo opened 2 years ago

xvilo commented 2 years ago

I've noticed that the Update Security DB command does not play well with S3. It says the direct does not exist.

Symfony\Component\Process\Exception\RuntimeException: The provided cwd "some/root/dir/prod/security-advisories" does not exist.
#12 /vendor/symfony/process/Process.php(347): Symfony\Component\Process\Process::start
#11 /vendor/symfony/process/Process.php(250): Symfony\Component\Process\Process::run
#10 /src/Service/Security/SecurityChecker/SensioLabsSecurityChecker.php(215): Buddy\Repman\Service\Security\SecurityChecker\SensioLabsSecurityChecker::runProcess
#9 /src/Service/Security/SecurityChecker/SensioLabsSecurityChecker.php(196): Buddy\Repman\Service\Security\SecurityChecker\SensioLabsSecurityChecker::cloneRepo
#8 /src/Service/Security/SecurityChecker/SensioLabsSecurityChecker.php(34): Buddy\Repman\Service\Security\SecurityChecker\SensioLabsSecurityChecker::update
#7 /src/Command/UpdateAdvisoriesDbCommand.php(41): Buddy\Repman\Command\UpdateAdvisoriesDbCommand::execute
#6 /vendor/symfony/console/Command/Command.php(299): Symfony\Component\Console\Command\Command::run
#5 /vendor/symfony/console/Application.php(996): Symfony\Component\Console\Application::doRunCommand
#4 /vendor/symfony/framework-bundle/Console/Application.php(96): Symfony\Bundle\FrameworkBundle\Console\Application::doRunCommand
#3 /vendor/symfony/console/Application.php(295): Symfony\Component\Console\Application::doRun
#2 /vendor/symfony/framework-bundle/Console/Application.php(82): Symfony\Bundle\FrameworkBundle\Console\Application::doRun
#1 /vendor/symfony/console/Application.php(167): Symfony\Component\Console\Application::run
#0 /bin/console(42): null

So from what I can see we're doing the following: 

git clone --depth 1 --branch master https://github.com/FriendsOfPHP/security-advisories.git .

The file can not be cloned to S3 via Flysystem as we're manually calling git for this with symfony/process. Another thing is, if this directory does not exist on disk, it still breaks with the same exception. As a first improvement, we should probably check if the directory exists and create it if not.

As a second improvement, can we use the zip/tar.gz download URI from GitHub itself? In that case, we can possibly download just the latest ref, unpack it memory (as a cron for example) and then store it on S3.