1. class
  2. Drupal
  3. \
  4. Composer
  5. \
  6. Plugin
  7. \
  8. VendorHardening
  9. \
  10. VendorHardeningPlugin

VendorHardeningPlugin

class VendorHardeningPlugin implements PluginInterface, EventSubscriberInterface (View source)

internal  
 

A Composer plugin to clean out your project's vendor directory.

This plugin will remove directory paths within installed packages. You might use this in order to mitigate the security risks of having your vendor directory within an HTTP server's docroot.

Properties

protected Composer $composer

Composer object.
protected IOInterface $io

IO object.
protected Config $config Configuration.
protected string[] $packagesAlreadyCleaned

List of projects already cleaned

Methods

activate(Composer $composer, IOInterface $io)

{@inheritdoc}

deactivate(Composer $composer, IOInterface $io)

{@inheritdoc}

uninstall(Composer $composer, IOInterface $io)

{@inheritdoc}

static 
getSubscribedEvents()

{@inheritdoc}

onPostAutoloadDump(Event $event)

POST_AUTOLOAD_DUMP event handler.

onPostCmd(Event $event)

POST_UPDATE_CMD and POST_INSTALL_CMD event handler.

onPrePackageInstall(PackageEvent $event)

PRE_PACKAGE_INSTALL event handler.

onPrePackageUpdate(PackageEvent $event)

PRE_PACKAGE_UPDATE event handler.

onPostPackageInstall(PackageEvent $event)

POST_PACKAGE_INSTALL event handler.

onPostPackageUpdate(PackageEvent $event)

POST_PACKAGE_UPDATE event handler.

removeBinBeforeCleanup(BasePackage $package)

Remove bin config for packages that would have the bin file removed.

string[]
findBinOverlap(string[] $binaries, string[] $clean_paths)

Find bin files which are inside cleanup directories.

PackageInterface[]
getInstalledPackages()

Gets a list of all installed packages from Composer.

cleanAllPackages(string $vendor_dir)

Clean all configured packages.

cleanPackage(string $vendor_dir, string $package_name)

Clean a single package.

cleanPathsForPackage(string $vendor_dir, string $package_name, string $paths_for_package)

Clean the installed directories for a named package.

writeAccessRestrictionFiles(string $vendor_dir)

Place .htaccess and web.config files into the vendor directory.

Details

at line 60
activate(Composer $composer, IOInterface $io)

{@inheritdoc}

Parameters

Composer $composer
IOInterface $io

at line 71
deactivate(Composer $composer, IOInterface $io)

{@inheritdoc}

Parameters

Composer $composer
IOInterface $io

at line 77
uninstall(Composer $composer, IOInterface $io)

{@inheritdoc}

Parameters

Composer $composer
IOInterface $io

at line 83
static getSubscribedEvents()

{@inheritdoc}

at line 101
onPostAutoloadDump(Event $event)

POST_AUTOLOAD_DUMP event handler.

Parameters

Event $event

The Composer event.

at line 111
onPostCmd(Event $event)

POST_UPDATE_CMD and POST_INSTALL_CMD event handler.

Parameters

Event $event

The Composer event.

at line 120
onPrePackageInstall(PackageEvent $event)

PRE_PACKAGE_INSTALL event handler.

Parameters

PackageEvent $event

at line 131
onPrePackageUpdate(PackageEvent $event)

PRE_PACKAGE_UPDATE event handler.

Parameters

PackageEvent $event

at line 142
onPostPackageInstall(PackageEvent $event)

POST_PACKAGE_INSTALL event handler.

Parameters

PackageEvent $event

at line 154
onPostPackageUpdate(PackageEvent $event)

POST_PACKAGE_UPDATE event handler.

Parameters

PackageEvent $event

at line 170
protected removeBinBeforeCleanup(BasePackage $package)

Remove bin config for packages that would have the bin file removed.

Where the configured bin files are in the directories to be removed, remove the bin config.

Parameters

BasePackage $package

The package we're cleaning up.

at line 212
protected string[] findBinOverlap(string[] $binaries, string[] $clean_paths)

Find bin files which are inside cleanup directories.

Parameters

string[] $binaries

'Bin' configuration from the package we're cleaning up.
string[] $clean_paths

The paths we're cleaning up.

Return Value

string[]

Bin files to remove, with the file as both the key and the value.

at line 253
protected PackageInterface[] getInstalledPackages()

Gets a list of all installed packages from Composer.

Return Value

PackageInterface[]

The list of installed packages.

at line 265
cleanAllPackages(string $vendor_dir)

Clean all configured packages.

This applies in the context of a post-command event.

Parameters

string $vendor_dir

Path to vendor directory

at line 301
cleanPackage(string $vendor_dir, string $package_name)

Clean a single package.

This applies in the context of a package post-install or post-update event.

Parameters

string $vendor_dir

Path to vendor directory
string $package_name

Name of the package to clean

at line 326
protected cleanPathsForPackage(string $vendor_dir, string $package_name, string $paths_for_package)

Clean the installed directories for a named package.

Parameters

string $vendor_dir

Path to vendor directory.
string $package_name

Name of package to sanitize.
string $paths_for_package

List of directories in $package_name to remove

at line 366
writeAccessRestrictionFiles(string $vendor_dir)

Place .htaccess and web.config files into the vendor directory.

Parameters

string $vendor_dir

Path to vendor directory.