Merge pull request #43 from packagist/t/add-security-notice-api

Add security issues endpoints

Author: glaubinix

README.md

@@ -70,6 +70,7 @@
             * [Delete a package](#delete-a-package)
             * [List all dependents of a package](#list-all-dependents-of-a-package)
             * [List all customers with access to a package](#list-all-customers-with-access-to-a-package)
+            * [List all security issues of a package](#list-all-security-issues-of-a-package)
             * [Create an artifact package file](#create-an-artifact-package-file)
             * [Create an artifact package](#create-an-artifact-package)
             * [Add an artifact file to an existing package](#add-an-artifact-file-to-an-existing-package)
@@ -92,14 +93,16 @@
          * [Job](#job)
             * [Show a job](#show-a-job)
             * [Wait for a job to finish](#wait-for-a-job-to-finish)
+         * [Security Issue](#security-issue)
+            * [List an organization's security issues](#list-an-organizations-security-issues)
          * [Magento legacy keys](#magento-legacy-keys)
             * [List all legacy keys for a customer](#list-all-legacy-keys-for-a-customer)
             * [Create a new legacy keys for a customer](#create-a-new-legacy-keys-for-a-customer)
             * [Delete a legacy keys from a customer](#delete-a-legacy-keys-from-a-customer)
          * [Validate incoming webhook payloads](#validate-incoming-webhook-payloads)
       * [License](#license)
 
-<!-- Added by: wissem, at: Fri Oct 16 14:23:54 CEST 2020 -->
+<!-- Added by: wissem, at: Wed May 26 12:28:19 CEST 2021 -->
 
 <!--te-->
 
@@ -505,7 +508,8 @@ $client->subrepositories()->mirroredRepositories()->removePackages($subrepositor
 #### List an organization's packages
 ```php
 $filters = [
-    'origin' => \PrivatePackagist\ApiClient\Api\Packages::ORIGIN_PRIVATE, // optional filter to only receive packages that can be added to customers 
+    'origin' => \PrivatePackagist\ApiClient\Api\Packages::ORIGIN_PRIVATE, // optional filter to only receive packages that can be added to customers,
+    'security-issue-state' => \PrivatePackagist\ApiClient\Api\SecurityIssues::STATE_OPEN, // optional filter to filter packages with open security issues,
 ];
 $packages = $client->packages()->all($filters);
 ```
@@ -581,6 +585,15 @@ $client->packages()->listCustomers('acme-website/package');
 ```
 Returns a list of customers with access to the package.
 
+#### List all security issues of a package
+```php
+$filters = [
+    'security-issue-state' => \PrivatePackagist\ApiClient\Api\SecurityIssues::STATE_OPEN,
+];
+$client->packages()->listSecurityIssues('acme-website/package', $filters);
+```
+Returns a list of security issues.
+
 #### Create an artifact package file
 
 ```php
@@ -746,6 +759,18 @@ try {
 ```
 Returns the job.
 
+### Security Issue
+
+#### List an organization's security issues
+
+```php
+$filters = [
+    'security-issue-state' => \PrivatePackagist\ApiClient\Api\SecurityIssues::STATE_OPEN, // optional filter to filter packages with open security issues,
+];
+$packages = $client->securityIssues()->all($filters);
+```
+Returns an array of security issues.
+
 ### Magento legacy keys
 
 #### List all legacy keys for a customer

src/Api/Packages.php

@@ -120,6 +120,11 @@ public function listDependents($packageName)
         return $this->get(sprintf('/packages/%s/dependents/', $packageName));
     }
 
+    public function listSecurityIssues($packageName, array $filters = [])
+    {
+        return $this->get(sprintf('/packages/%s/security-issues/', $packageName), $filters);
+    }
+
     public function artifacts()
     {
         return new Artifacts($this->client, $this->client->getResponseMediator());

src/Api/SecurityIssues.php

@@ -0,0 +1,53 @@
+<?php
+
+/*
+ * (c) Packagist Conductors UG (haftungsbeschränkt) <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace PrivatePackagist\ApiClient\Api;
+
+class SecurityIssues extends AbstractApi
+{
+    /**
+     * Security issue that is still open
+     */
+    const STATE_OPEN = 'open';
+
+    /**
+     * Security issue where a fix is in progress
+     */
+    const STATE_IN_PROGRESS = 'in-progress';
+
+    /**
+     * Security issue that doesn't affect the project
+     */
+    const STATE_NOT_AFFECTED = 'not-affected';
+
+    /**
+     * Security issue that is incorrect
+     */
+    const STATE_INCORRECT = 'incorrect';
+
+    /**
+     * Security issue where there is no capacity to fix the issue
+     */
+    const STATE_NO_CAPACITY = 'no-capacity';
+
+    /**
+     * Security issue that can be ignored
+     */
+    const STATE_IGNORE = 'ignore';
+
+    /**
+     * Security issue that has been resolved
+     */
+    const STATE_RESOLVED = 'resolved';
+
+    public function all(array $filters = [])
+    {
+        return $this->get('/security-issues/', $filters);
+    }
+}

src/Client.php

@@ -88,6 +88,12 @@ public function packages()
         return new Api\Packages($this, $this->responseMediator);
     }
 
+    public function securityIssues()
+    {
+        return new Api\SecurityIssues($this, $this->responseMediator);
+    }
+
+
     public function jobs()
     {
         return new Api\Jobs($this, $this->responseMediator);

tests/Api/PackagesTest.php

@@ -261,6 +261,35 @@ public function testListDependents()
         $this->assertSame($expected, $api->listDependents($packageName));
     }
 
+    public function testListSecurityIssues()
+    {
+        $packageName = 'acme-website/core-package';
+        $expected = [
+            [
+                'packageName' => 'acme-website/package',
+                'state' => 'open',
+                'branch' => 'dev-master',
+                'installedPackage' => 'acme/library',
+                'installedVersion' => '1.0.0',
+                'advisory' => [
+                    'title' => 'CVE-1999: Remote code execution',
+                    'link' =>'https://acme.website/security-advisories',
+                    'cve' => 'CVE-1999',
+                    'affectedVersions' => '>=1.0',
+                ],
+            ],
+        ];
+
+        /** @var Packages&\PHPUnit_Framework_MockObject_MockObject $api */
+        $api = $this->getApiMock();
+        $api->expects($this->once())
+            ->method('get')
+            ->with($this->equalTo('/packages/acme-website/core-package/security-issues/'))
+            ->willReturn($expected);
+
+        $this->assertSame($expected, $api->listSecurityIssues($packageName));
+    }
+
     protected function getApiClass()
     {
         return Packages::class;

tests/Api/SecurityIssuesTest.php

@@ -0,0 +1,78 @@
+<?php
+
+/*
+ * (c) Packagist Conductors UG (haftungsbeschränkt) <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace PrivatePackagist\ApiClient\Api;
+
+class SecurityIssuesTest extends ApiTestCase
+{
+    public function testAll()
+    {
+        $expected = [
+            [
+                'packageName' => 'acme-website/package',
+                'state' => 'open',
+                'branch' => 'dev-master',
+                'installedPackage' => 'acme/library',
+                'installedVersion' => '1.0.0',
+                'advisory' => [
+                    'title' => 'CVE-1999: Remote code execution',
+                    'link' =>'https://acme.website/security-advisories',
+                    'cve' => 'CVE-1999',
+                    'affectedVersions' => '>=1.0',
+                ],
+            ],
+        ];
+
+        /** @var Packages&\PHPUnit_Framework_MockObject_MockObject $api */
+        $api = $this->getApiMock();
+        $api->expects($this->once())
+            ->method('get')
+            ->with($this->equalTo('/security-issues/'))
+            ->willReturn($expected);
+
+        $this->assertSame($expected, $api->all());
+    }
+
+    public function testAllWithFilters()
+    {
+        $expected = [
+            [
+                'packageName' => 'acme-website/package',
+                'state' => 'open',
+                'branch' => 'dev-master',
+                'installedPackage' => 'acme/library',
+                'installedVersion' => '1.0.0',
+                'advisory' => [
+                    'title' => 'CVE-1999: Remote code execution',
+                    'link' =>'https://acme.website/security-advisories',
+                    'cve' => 'CVE-1999',
+                    'affectedVersions' => '>=1.0',
+                ],
+            ],
+        ];
+
+        $filters = [
+            'security-issue-state' => SecurityIssues::STATE_OPEN,
+        ];
+
+        /** @var Packages&\PHPUnit_Framework_MockObject_MockObject $api */
+        $api = $this->getApiMock();
+        $api->expects($this->once())
+            ->method('get')
+            ->with($this->equalTo('/security-issues/'), $this->equalTo($filters))
+            ->willReturn($expected);
+
+        $this->assertSame($expected, $api->all($filters));
+    }
+
+    protected function getApiClass()
+    {
+        return SecurityIssues::class;
+    }
+}