From e0e8991c2916fb70f0748ca0e12acdc43e2a813f Mon Sep 17 00:00:00 2001 From: Michal Nowacki Date: Thu, 12 Sep 2024 16:18:12 -0400 Subject: [PATCH] do something useful with all that package data Save package and version information obtained from composer for vulnerability management package data payload. Additionally use it also to generate package supportability metrics. --- agent/php_execute.c | 7 ++++++- .../internal/newrelic/integration/php_packages.go | 12 ++++++++++++ .../vendor/composer/InstalledVersions.php | 7 +++++++ tests/integration/autoloader/composer-show.php | 14 ++++++++++++++ .../autoloader/test_autoloader_with_composer.php | 5 +++++ 5 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 tests/integration/autoloader/composer-show.php diff --git a/agent/php_execute.c b/agent/php_execute.c index 54fee376b..1666195c3 100644 --- a/agent/php_execute.c +++ b/agent/php_execute.c @@ -1055,8 +1055,13 @@ static void nr_execute_handle_autoload_composer_get_packages_information(const c } } zval_dtor(&retval2); - nrl_verbosedebug(NRL_TXN, "package %s, version %s", + nrl_verbosedebug(NRL_INSTRUMENT, "package %s, version %s", NRSAFESTR(Z_STRVAL_P(value)), NRSAFESTR(version)); + if (NRINI(vulnerability_management_package_detection_enabled)) { + nr_txn_add_php_package(NRPRG(txn), NRSAFESTR(Z_STRVAL_P(value)), NRSAFESTR(version)); + } + nr_fw_support_add_package_supportability_metric(NRPRG(txn), NRSAFESTR(Z_STRVAL_P(value)), + NRSAFESTR(version)); } ZEND_HASH_FOREACH_END(); } else { diff --git a/daemon/internal/newrelic/integration/php_packages.go b/daemon/internal/newrelic/integration/php_packages.go index 375954b0d..2e5e506ff 100644 --- a/daemon/internal/newrelic/integration/php_packages.go +++ b/daemon/internal/newrelic/integration/php_packages.go @@ -371,6 +371,18 @@ func (pkgs *PhpPackagesCollection) GatherInstalledPackages() ([]PhpPackage, erro if 0 < len(version) { pkgs.packages = append(pkgs.packages, PhpPackage{"wordpress", version}) } + } else if 1 < len(splitCmd) && "composer-show.php" == splitCmd[1] { + lines := strings.Split(string(out), "\n") + version := "" + for _, line := range lines { + //fmt.Printf("line is |%s|\n", line) + splitLine := strings.Split(line, "=>") + if 2 == len(splitLine) { + name := strings.TrimSpace(splitLine[0]) + version = strings.TrimSpace(splitLine[1]) + pkgs.packages = append(pkgs.packages, PhpPackage{name, version}) + } + } } else { return nil, fmt.Errorf("ERROR - unknown method '%s'\n", splitCmd[0]) } diff --git a/tests/integration/autoloader/autoload-with-composer/vendor/composer/InstalledVersions.php b/tests/integration/autoloader/autoload-with-composer/vendor/composer/InstalledVersions.php index 593625abe..1c22b57b4 100644 --- a/tests/integration/autoloader/autoload-with-composer/vendor/composer/InstalledVersions.php +++ b/tests/integration/autoloader/autoload-with-composer/vendor/composer/InstalledVersions.php @@ -30,4 +30,11 @@ public static function getInstalledPackages() // Return the package names return array_keys(self::$installed); } + + // Mock of 'composer show' used by integration tests to generate list of packages: + public static function show() { + foreach (self::$installed as $package => $version) { + echo "$package => $version\n"; + } + } } diff --git a/tests/integration/autoloader/composer-show.php b/tests/integration/autoloader/composer-show.php new file mode 100644 index 000000000..5c1ee2525 --- /dev/null +++ b/tests/integration/autoloader/composer-show.php @@ -0,0 +1,14 @@ +