class SecurityAdvisory
Same name in other branches
- 9 core/modules/system/src/SecurityAdvisories/SecurityAdvisory.php \Drupal\system\SecurityAdvisories\SecurityAdvisory
- 11.x core/modules/system/src/SecurityAdvisories/SecurityAdvisory.php \Drupal\system\SecurityAdvisories\SecurityAdvisory
Provides a security advisory value object.
These come from the security advisory feed on Drupal.org.
@internal
Hierarchy
- class \Drupal\system\SecurityAdvisories\SecurityAdvisory
Expanded class hierarchy of SecurityAdvisory
See also
https://www.drupal.org/docs/updating-drupal/responding-to-critical-secu…
1 file declares its use of SecurityAdvisory
- SecurityAdvisoryTest.php in core/
modules/ system/ tests/ src/ Unit/ SecurityAdvisories/ SecurityAdvisoryTest.php
File
-
core/
modules/ system/ src/ SecurityAdvisories/ SecurityAdvisory.php, line 20
Namespace
Drupal\system\SecurityAdvisoriesView source
final class SecurityAdvisory {
/**
* The title of the advisory.
*
* @var string
*/
protected $title;
/**
* The project name for the advisory.
*
* @var string
*/
protected $project;
/**
* The project type for the advisory.
*
* @var string
*/
protected $type;
/**
* Whether this advisory is a PSA instead of another type of advisory.
*
* @var bool
*/
protected $isPsa;
/**
* The currently insecure versions of the project.
*
* @var string[]
*/
protected $insecureVersions;
/**
* The URL to the advisory.
*
* @var string
*/
protected $url;
/**
* Constructs a SecurityAdvisories object.
*
* @param string $title
* The title of the advisory.
* @param string $project
* The project name.
* @param string $type
* The project type.
* @param bool $is_psa
* Whether this advisory is a public service announcement.
* @param string $url
* The URL to the advisory.
* @param string[] $insecure_versions
* The versions of the project that are currently insecure. For public
* service announcements this list does not include versions that will be
* marked as insecure when the new security release is published.
*/
private function __construct(string $title, string $project, string $type, bool $is_psa, string $url, array $insecure_versions) {
$this->title = $title;
$this->project = $project;
$this->type = $type;
$this->isPsa = $is_psa;
$this->url = $url;
$this->insecureVersions = $insecure_versions;
}
/**
* Creates a SecurityAdvisories instance from an array.
*
* @param mixed[] $data
* The security advisory data as returned from the JSON feed.
*
* @return self
* A new SecurityAdvisories object.
*/
public static function createFromArray(array $data) : self {
static::validateAdvisoryData($data);
return new static($data['title'], $data['project'], $data['type'], $data['is_psa'], $data['link'], $data['insecure']);
}
/**
* Validates the security advisory data.
*
* @param mixed[] $data
* The advisory data.
*
* @throws \UnexpectedValueException
* Thrown if security advisory data is not valid.
*/
protected static function validateAdvisoryData(array $data) : void {
$not_blank_constraints = [
new Type([
'type' => 'string',
]),
new NotBlank(),
];
$collection_constraint = new Collection([
'fields' => [
'title' => $not_blank_constraints,
'project' => $not_blank_constraints,
'type' => $not_blank_constraints,
'link' => $not_blank_constraints,
'is_psa' => new Choice([
'choices' => [
1,
'1',
0,
'0',
TRUE,
FALSE,
],
]),
'insecure' => new Type([
'type' => 'array',
]),
],
// Allow unknown fields, in the case that new fields are added to JSON
// feed validation should still pass.
'allowExtraFields' => TRUE,
]);
$violations = Validation::createValidator()->validate($data, $collection_constraint);
if ($violations->count()) {
foreach ($violations as $violation) {
$violation_messages[] = "Field " . $violation->getPropertyPath() . ": " . $violation->getMessage();
}
throw new \UnexpectedValueException('Malformed security advisory: ' . implode(",\n", $violation_messages));
}
}
/**
* Gets the title.
*
* @return string
* The project title.
*/
public function getTitle() : string {
return $this->title;
}
/**
* Gets the project associated with the advisory.
*
* @return string
* The project name.
*/
public function getProject() : string {
return $this->project;
}
/**
* Gets the type of project associated with the advisory.
*
* @return string
* The project type.
*/
public function getProjectType() : string {
return $this->type;
}
/**
* Whether the security advisory is for core or not.
*
* @return bool
* TRUE if the advisory is for core, or FALSE otherwise.
*/
public function isCoreAdvisory() : bool {
return $this->getProjectType() === 'core';
}
/**
* Whether the security advisory is a public service announcement or not.
*
* @return bool
* TRUE if the advisory is a public service announcement, or FALSE
* otherwise.
*/
public function isPsa() : bool {
return $this->isPsa;
}
/**
* Gets the currently insecure versions of the project.
*
* @return string[]
* The versions of the project that are currently insecure.
*/
public function getInsecureVersions() : array {
return $this->insecureVersions;
}
/**
* Gets the URL to the security advisory.
*
* @return string
* The URL to the security advisory.
*/
public function getUrl() : string {
return $this->url;
}
}
Members
Title Sort descending | Modifiers | Object type | Summary |
---|---|---|---|
SecurityAdvisory::$insecureVersions | protected | property | The currently insecure versions of the project. |
SecurityAdvisory::$isPsa | protected | property | Whether this advisory is a PSA instead of another type of advisory. |
SecurityAdvisory::$project | protected | property | The project name for the advisory. |
SecurityAdvisory::$title | protected | property | The title of the advisory. |
SecurityAdvisory::$type | protected | property | The project type for the advisory. |
SecurityAdvisory::$url | protected | property | The URL to the advisory. |
SecurityAdvisory::createFromArray | public static | function | Creates a SecurityAdvisories instance from an array. |
SecurityAdvisory::getInsecureVersions | public | function | Gets the currently insecure versions of the project. |
SecurityAdvisory::getProject | public | function | Gets the project associated with the advisory. |
SecurityAdvisory::getProjectType | public | function | Gets the type of project associated with the advisory. |
SecurityAdvisory::getTitle | public | function | Gets the title. |
SecurityAdvisory::getUrl | public | function | Gets the URL to the security advisory. |
SecurityAdvisory::isCoreAdvisory | public | function | Whether the security advisory is for core or not. |
SecurityAdvisory::isPsa | public | function | Whether the security advisory is a public service announcement or not. |
SecurityAdvisory::validateAdvisoryData | protected static | function | Validates the security advisory data. |
SecurityAdvisory::__construct | private | function | Constructs a SecurityAdvisories object. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.