adding prettyci (#97)

| Q               | A
| --------------- | ---
| Bug fix?        | no
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | fixes #98, fixes #99 
| License         | MIT
| Doc PR          | -

.prettyci.composer.json

@@ -0,0 +1,5 @@
+{
+    "require-dev": {
+        "narrowspark/php-cs-fixer-config": "^3.4.0"
+    }
+}

.travis.yml

@@ -25,14 +25,14 @@ before_install:
 install:
   - composer global require hirak/prestissimo
   - |
+    composer self-update ${COMPOSER_VERSION}
+
     if [[ "$SETUP" = "high" ]]; then
       $COMPOSER_UP
     elif [[ "$SETUP" = "lowest" ]]; then
-      composer self-update 1.6.5
       $COMPOSER_UP --prefer-lowest --prefer-stable;
-    else
-      $COMPOSER_UP
     fi
+  - composer require composer/composer:${COMPOSER_VERSION} --dev
 
 before_script:
   - wget https://cdn.rawgit.com/prisis/43a2a7b137998ac92e24ee4daaa8e296/raw/681b89b8e156750de46558ead661509c468fb9a2/try_catch.sh -P ./build/travis
@@ -42,48 +42,33 @@ script:
   - ./build/travis/script.sh
 
 jobs:
-  fast_finish: true
   allow_failures:
     - php: nightly
     - php: 7.3
   include:
     - stage: Test
       php: 7.1
-      env: PHPUNIT=true SETUP=high REMOVE_XDEBUG=true
-    - stage: Test
-      php: 7.1
-      env: PHPUNIT=true SETUP=lowest REMOVE_XDEBUG=true
-    - stage: Test
-      php: 7.2
-      env: PHPUNIT=true SETUP=high REMOVE_XDEBUG=true
+      env: PHPUNIT=true SETUP=lowest REMOVE_XDEBUG=true COMPOSER_VERSION=1.6.5
     - stage: Test
       php: 7.2
-      env: PHPUNIT=true SETUP=lowest REMOVE_XDEBUG=true
+      env: PHPUNIT=true SETUP=high REMOVE_XDEBUG=true COMPOSER_VERSION=1.7.0
     - stage: Test
       php: 7.3
-      env: PHPUNIT=true SETUP=high REMOVE_XDEBUG=true
-    - stage: Test
-      php: 7.3
-      env: PHPUNIT=true SETUP=lowest REMOVE_XDEBUG=true
+      env: PHPUNIT=true SETUP=high REMOVE_XDEBUG=true COMPOSER_VERSION=1.8.0
     - stage: Test
       php: nightly
-      env: PHPUNIT=true SETUP=high REMOVE_XDEBUG=true
-
-    - stage: Coding standard
-      php: 7.2
-      env: REMOVE_XDEBUG=true
-      script:
-        - ./vendor/bin/php-cs-fixer fix --verbose --diff --dry-run
+      env: PHPUNIT=true SETUP=high REMOVE_XDEBUG=true COMPOSER_VERSION=1.8.0
 
     - stage: Static Analysis
       php: 7.2
-      env: REMOVE_XDEBUG=false
+      env: REMOVE_XDEBUG=false SETUP=high COMPOSER_VERSION=1.8.0
       script:
-        - ./vendor/bin/phpstan analyse -c phpstan.neon -l 7 src
+        - composer require narrowspark/coding-standard:1.4.0 --no-interaction --prefer-dist --no-progress --profile --no-suggest
+        - composer phpstan
 
     - stage: Coverage
       php: 7.2
-      env: REMOVE_XDEBUG=false
+      env: REMOVE_XDEBUG=false SETUP=high COMPOSER_VERSION=1.8.0
       script:
         - bash -xc "$TEST -c ./phpunit.xml.dist --coverage-clover=coverage.xml"
       after_success:

appveyor.yml

@@ -7,18 +7,18 @@ clone_folder: C:\projects\automatic
 
 environment:
   matrix:
-    - dependencies: basic
+    - dependencies: lowest
       PHP_VERSION: 7.2
+      COMPOSER_VERSION: 1.6.5
     - dependencies: high
       PHP_VERSION: 7.2
-    - dependencies: lowest
-      PHP_VERSION: 7.2
+      COMPOSER_VERSION: 1.7.0
+    - dependencies: high
+      PHP_VERSION: 7.3
+      COMPOSER_VERSION: 1.8.0
 
 matrix:
   fast_finish: true
-  allow_failures:
-    - dependencies: lowest
-      PHP_VERSION: 7.2
 
 services:
   - memcached
@@ -54,23 +54,25 @@ install:
           throw "There are newer queued builds for this pull request, failing early." }
   # Install PHP
   - IF EXIST C:\tools\php (SET PHP=0)
-  - IF %PHP%==1 appveyor DownloadFile "https://raw.githubusercontent.com/prisis/ps-install-php/master/Install-PHP.ps1"
+  - IF %PHP%==0 exit 1;
+  - appveyor DownloadFile "https://raw.githubusercontent.com/prisis/ps-install-php/master/Install-PHP.ps1"
   - ps: if (-not (Test-Path C:\tools\php)) {.\Install-PHP.ps1 -InstallPath C:\tools\php -Version $Env:PHP_VERSION -Highest -Arch $Env:PLATFORM -Extensions mbstring,intl,openssl,fileinfo,curl}
   # PHP settings and extensions
-  - IF %PHP%==1 cd C:\tools\php
-  - IF %PHP%==1 echo zend_extension=php_opcache.dll >> php.ini
-  - IF %PHP%==1 echo max_execution_time=1200 >> php.ini
-  - IF %PHP%==1 echo date.timezone="Europe/Berlin" >> php.ini
-  - IF %PHP%==1 echo opcache.enable_cli=1 >> php.ini
-  - IF %PHP%==1 echo apc.enable_cli=1 >> php.ini
+  - cd C:\tools\php
+  - echo zend_extension=php_opcache.dll >> php.ini
+  - echo max_execution_time=1200 >> php.ini
+  - echo date.timezone="Europe/Berlin" >> php.ini
+  - echo opcache.enable_cli=1 >> php.ini
+  - echo apc.enable_cli=1 >> php.ini
   - IF %APPVEYOR_REPO_BRANCH%==master (SET COMPOSER_ROOT_VERSION=dev-master) ELSE (SET COMPOSER_ROOT_VERSION=%APPVEYOR_REPO_BRANCH%.x-dev)
   - cd C:\projects\automatic
   - php -r "readfile('https://getcomposer.org/installer');" | php
   # Matrix
   - php composer.phar global require hirak/prestissimo
-  - IF %dependencies%==basic appveyor-retry %COMPOSER_UP%
+  - php composer.phar self-update %COMPOSER_VERSION%
   - IF %dependencies%==lowest appveyor-retry %COMPOSER_UP% --prefer-lowest --prefer-stable
   - IF %dependencies%==high appveyor-retry %COMPOSER_UP%
+  - php composer.phar require composer/composer:%COMPOSER_VERSION% --dev
   - cd build/appveyor
   - appveyor DownloadFile https://cdn.rawgit.com/prisis/43a2a7b137998ac92e24ee4daaa8e296/raw/681b89b8e156750de46558ead661509c468fb9a2/try_catch.sh
 

composer.json

@@ -31,12 +31,12 @@
         "composer-plugin-api": "^1.0"
     },
     "require-dev": {
-        "composer/composer": "^1.6.0 || ^1.7.0",
+        "composer/composer": "^1.6.5 || ^1.7.0 || ^1.8.0",
         "mockery/mockery": "^1.0.0",
-        "narrowspark/coding-standard": "^1.4.0",
         "narrowspark/testing-helper": "^6.0.0",
         "nyholm/nsa": "^1.1.0",
-        "phpunit/phpunit": "^7.2.0"
+        "phpunit/phpunit": "^7.5.0",
+        "muglug/package-versions": "^1.2.4"
     },
     "config": {
         "optimize-autoloader": true,
@@ -86,5 +86,8 @@
     "support": {
         "issues": "https://github.com/narrowspark/automatic/issues",
         "source": "https://github.com/narrowspark/automatic"
+    },
+    "suggest": {
+        "narrowspark/coding-standard": "You can use this to check the style before pushing (^1.4.0)"
     }
 }

phpstan.neon

@@ -29,3 +29,4 @@ parameters:
 
         # Automatic
         - '#does not call parent constructor from Composer\\Repository\\ComposerRepository#'
+        - '#Call to function method_exists\(\) with Symfony\\Component\\Console\\Style\\SymfonyStyle and#'

src/Security/Command/AuditCommand.php

@@ -88,7 +88,14 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 
             return 1;
         }
-        $output->comment('This checker can only detect vulnerabilities that are referenced in the SensioLabs security advisories database.');
+
+        $message = 'This checker can only detect vulnerabilities that are referenced in the SensioLabs security advisories database.';
+
+        if (\method_exists($output, 'comment')) {
+            $output->comment($message);
+        } else {
+            $output->writeln(\sprintf('<comment>%s</>', $message));
+        }
 
         if (\count($messages) !== 0) {
             $output->note('Please report this found messages to https://github.com/narrowspark/security-advisories.');

tests/Automatic/AutomaticTest.php

@@ -39,7 +39,6 @@
 use Narrowspark\TestingHelper\Phpunit\MockeryTestCase;
 use Nyholm\NSA;
 use Symfony\Component\Console\Input\ArrayInput;
-use Symfony\Component\Filesystem\Filesystem;
 
 /**
  * @internal
@@ -60,7 +59,7 @@ protected function setUp(): void
     {
         $this->composerCachePath = __DIR__ . '/AutomaticTest';
 
-        \mkdir($this->composerCachePath);
+        @\mkdir($this->composerCachePath);
         \putenv('COMPOSER_CACHE_DIR=' . $this->composerCachePath);
 
         $this->arrangeComposerClasses();
@@ -83,7 +82,14 @@ protected function tearDown(): void
         \putenv('COMPOSER_CACHE_DIR=');
         \putenv('COMPOSER_CACHE_DIR');
 
-        (new Filesystem())->remove([$this->composerCachePath, __DIR__ . \DIRECTORY_SEPARATOR . 'narrowspark']);
+        $narrowsparkPath = __DIR__ . \DIRECTORY_SEPARATOR . 'narrowspark';
+
+        $this->delete($this->composerCachePath);
+        $this->delete($narrowsparkPath);
+
+        @\unlink($this->composerCachePath . \DIRECTORY_SEPARATOR . '.htaccess');
+        @\rmdir($this->composerCachePath);
+        @\rmdir($narrowsparkPath);
     }
 
     public function testGetSubscribedEvents(): void
@@ -916,4 +922,17 @@ private function arrangeUpdateComposerLock()
 
         return $containerMock;
     }
+
+    private function delete(string $path): void
+    {
+        \array_map(function ($value) {
+            if (\is_dir($value)) {
+                $this->delete($value);
+
+                @\rmdir($value);
+            } else {
+                @\unlink($value);
+            }
+        }, \glob($path . \DIRECTORY_SEPARATOR . '*'));
+    }
 }

tests/Security/AuditTest.php

@@ -2,7 +2,6 @@
 declare(strict_types=1);
 namespace Narrowspark\Automatic\Security\Test;
 
-use Composer\Util\Filesystem;
 use Narrowspark\Automatic\Security\Audit;
 use Narrowspark\Automatic\Security\Contract\Exception\RuntimeException;
 use Narrowspark\Automatic\Security\Downloader\ComposerDownloader;
@@ -42,7 +41,8 @@ protected function tearDown()
     {
         parent::tearDown();
 
-        (new Filesystem())->remove($this->path . \DIRECTORY_SEPARATOR);
+        $this->delete($this->path);
+        @\rmdir($this->path);
     }
 
     public function testCheckPackageWithSymfony(): void
@@ -232,10 +232,33 @@ private function assertSymfonySecurity(int $vulnerabilitiesCount, array $vulnera
                             'link'  => 'https://symfony.com/cve-2017-16790',
                             'cve'   => 'CVE-2017-16790',
                         ],
+                        'CVE-2018-19789' => [
+                            'title' => 'CVE-2018-19789: Temporary uploaded file path disclosure',
+                            'link'  => 'https://symfony.com/cve-2018-19789',
+                            'cve'   => 'CVE-2018-19789',
+                        ],
+                        'CVE-2018-19790' => [
+                            'title' => 'CVE-2018-19790: Open Redirect Vulnerability on login',
+                            'link'  => 'https://symfony.com/cve-2018-19790',
+                            'cve'   => 'CVE-2018-19790',
+                        ],
                     ],
                 ],
             ],
             $vulnerabilities
         );
     }
+
+    private function delete(string $path): void
+    {
+        \array_map(function ($value) {
+            if (\is_dir($value)) {
+                $this->delete($value);
+
+                @\rmdir($value);
+            } else {
+                @\unlink($value);
+            }
+        }, \glob($path . \DIRECTORY_SEPARATOR . '*'));
+    }
 }

tests/Security/Command/AuditCommandTest.php

@@ -3,6 +3,7 @@
 namespace Narrowspark\Automatic\Security\Test;
 
 use Composer\Console\Application;
+use Muglug\PackageVersions\Versions;
 use Narrowspark\Automatic\Security\Command\AuditCommand;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\Console\Command\Command;
@@ -18,6 +19,16 @@ final class AuditCommandTest extends TestCase
      */
     private $application;
 
+    /**
+     * @var string
+     */
+    private $greenString;
+
+    /**
+     * @var string
+     */
+    private $redString;
+
     /**
      * {@inheritdoc}
      */
@@ -26,6 +37,11 @@ protected function setUp(): void
         parent::setUp();
 
         $this->application = new Application();
+
+        $consoleVersion = \version_compare(Versions::getShortVersion('symfony/console'), '3.0.0', '<');
+
+        $this->greenString = $consoleVersion ? '' : '[+]';
+        $this->redString   = $consoleVersion ? '' : '[!]';
     }
 
     public function testAuditCommand(): void
@@ -34,7 +50,7 @@ public function testAuditCommand(): void
 
         $commandTester = $this->executeCommand(new AuditCommand());
 
-        $this->assertContains('[+] No known vulnerabilities found', \trim($commandTester->getDisplay(true)));
+        $this->assertContains($this->greenString . ' No known vulnerabilities found', \trim($commandTester->getDisplay(true)));
 
         \putenv('COMPOSER=');
         \putenv('COMPOSER');
@@ -51,7 +67,7 @@ public function testAuditCommandWithComposerLockOption(): void
 
         $this->assertContains('=== Audit Security Report ===', $output);
         $this->assertContains('This checker can only detect vulnerabilities that are referenced', $output);
-        $this->assertContains('[+] No known vulnerabilities found', $output);
+        $this->assertContains($this->greenString . ' No known vulnerabilities found', $output);
     }
 
     public function testAuditCommandWithEmptyComposerLockPath(): void
@@ -79,7 +95,7 @@ public function testAuditCommandWithError(): void
         $this->assertContains('=== Audit Security Report ===', $output);
         $this->assertContains('This checker can only detect vulnerabilities that are referenced', $output);
         $this->assertContains('symfony/symfony (v2.5.2)', $output);
-        $this->assertContains('[!] 1 vulnerability found - We recommend you to check the related security advisories and upgrade these dependencies.', $output);
+        $this->assertContains($this->redString . ' 1 vulnerability found - We recommend you to check the related security advisories and upgrade these dependencies.', $output);
     }
 
     public function testAuditCommandWithErrorAndJsonFormat(): void
@@ -95,23 +111,10 @@ public function testAuditCommandWithErrorAndJsonFormat(): void
 
         $output = \trim($commandTester->getDisplay(true));
 
-        $jsonOutput = \str_replace(
-            [
-                '=== Audit Security Report ===',
-                '//',
-                'This checker can only detect vulnerabilities that are referenced',
-                'in the',
-                'SensioLabs security advisories database.',
-                '[!] 1 vulnerability found - We recommend you to check the related security advisories and upgrade these dependencies.',
-            ],
-            '',
-            $output
-        );
-
-        $this->assertJson($jsonOutput);
+        $this->assertJson(\strstr(\substr($output, 0, \strrpos($output, '}') + 1), '{'));
         $this->assertContains('=== Audit Security Report ===', $output);
         $this->assertContains('This checker can only detect vulnerabilities that are referenced', $output);
-        $this->assertContains('[!] 1 vulnerability found - We recommend you to check the related security advisories and upgrade these dependencies.', $output);
+        $this->assertContains($this->redString . ' 1 vulnerability found - We recommend you to check the related security advisories and upgrade these dependencies.', $output);
     }
 
     public function testAuditCommandWithErrorAndSimpleFormat(): void
@@ -131,7 +134,7 @@ public function testAuditCommandWithErrorAndSimpleFormat(): void
 ------------------------
 '), $output);
         $this->assertContains('This checker can only detect vulnerabilities that are referenced', $output);
-        $this->assertContains('[!] 1 vulnerability found - We recommend you to check the related security advisories and upgrade these dependencies.', $output);
+        $this->assertContains($this->redString . ' 1 vulnerability found - We recommend you to check the related security advisories and upgrade these dependencies.', $output);
     }
 
     /**