Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-31821

Failing security-checker results in errored installation

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: QA
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: 1.13.5, 2.5.12, 3.1.1
    • Fix Version/s: Customer request
    • Component/s: Composer
    • Labels:
      None

      Description

      Currently, every time a vulnerability is found, the whole installation ends up with an error and that stops the installation at this point. This becomes problematic e.g. in while deploying to Platform.sh as whenever the security-checker fails, the deploy fails as well.

      Possible ideas on how to resolve the issue:

      • removing "security-checker security:check": "script" from auto-scripts section and make a prominent recommendation for the developers to run it after completing eZ Platform installation,
      • making sure that the security report is shown in case of detected vulnerabilities but not breaking the installation process (no error code).

      The PR uses the 2nd approach above.

       

      Steps to reproduce:

      • Check out ezplatform v1.13.5, or v2.5.5, or v3.1.1
      • composer install && echo "SUCCESS!"
      • expected, pre fix: output about known vulnerabilities, no "SUCCESS!"
      • expected, post fix: output about known vulnerabilities, and "SUCCESS!"

       

        Attachments

          Activity

            People

            Assignee:
            michal.szoltysek@ez.no Michał Szołtysek
            Reporter:
            konrad.oboza@ez.no Konrad Oboza
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: