1. class
  2. Drupal
  3. \
  4. system
  5. \
  6. SecurityAdvisories
  7. \
  8. SecurityAdvisoriesFetcher

SecurityAdvisoriesFetcher

final class SecurityAdvisoriesFetcher (View source)

Defines a service to get security advisories.

Constants

protected ADVISORIES_JSON_EXPIRABLE_KEY

The key to use to store the advisories feed response.

Properties

protected ImmutableConfig $config

The 'system.advisories' configuration.
protected Client $httpClient

The HTTP client.
protected KeyValueStoreExpirableInterface $keyValueExpirable

The expirable key/value store for the advisories JSON response.
protected ExtensionList[] $extensionLists

Array of extension lists, keyed by extension type.
protected LoggerInterface $logger

The logger.
protected bool $withHttpFallback

Whether to fall back to HTTP if the HTTPS request fails.

Methods

__construct(ConfigFactoryInterface $config_factory, KeyValueExpirableFactoryInterface $key_value_factory, ClientInterface $client, ModuleExtensionList $module_list, ThemeExtensionList $theme_list, ProfileExtensionList $profile_list, LoggerInterface $logger, Settings $settings)

Constructs a new SecurityAdvisoriesFetcher object.

array|null
getSecurityAdvisories(bool $allow_outgoing_request = TRUE, int $timeout = 0)

Gets security advisories that are applicable for the current site.

void
deleteStoredResponse()

Deletes the stored JSON feed response, if any.

bool
matchesExistingVersion(SecurityAdvisory $sa)

Determines if an advisory matches the existing version of a project.

array|null
getMatchingExtensionInfo(SecurityAdvisory $sa)

Gets the information for an extension affected by the security advisory.

string|null
getProjectExistingVersion(SecurityAdvisory $sa)

Gets the existing project version.

bool
isApplicable(SecurityAdvisory $sa)

Determines if a security advisory is applicable for the current site.

string
doRequest(int $timeout)

Makes an HTTPS GET request, with a possible HTTP fallback.

Details

at line 91
__construct(ConfigFactoryInterface $config_factory, KeyValueExpirableFactoryInterface $key_value_factory, ClientInterface $client, ModuleExtensionList $module_list, ThemeExtensionList $theme_list, ProfileExtensionList $profile_list, LoggerInterface $logger, Settings $settings)

Constructs a new SecurityAdvisoriesFetcher object.

Parameters

ConfigFactoryInterface $config_factory

The config factory.
KeyValueExpirableFactoryInterface $key_value_factory

The expirable key/value factory.
ClientInterface $client

The HTTP client.
ModuleExtensionList $module_list

The module extension list.
ThemeExtensionList $theme_list

The theme extension list.
ProfileExtensionList $profile_list

The profile extension list.
LoggerInterface $logger

The logger.
Settings $settings

The settings instance.

at line 120
array|null getSecurityAdvisories(bool $allow_outgoing_request = TRUE, int $timeout = 0)

Gets security advisories that are applicable for the current site.

Parameters

bool $allow_outgoing_request

(optional) Whether to allow an outgoing request to fetch the advisories if there is no stored JSON response. Defaults to TRUE.
int $timeout

(optional) The timeout in seconds for the request. Defaults to 0, which is no timeout.

Return Value

array|null

The upstream security advisories, if any. NULL if there was a problem retrieving the JSON feed, or if there was no stored response and $allow_outgoing_request was set to FALSE.

Exceptions

TransferException

at line 169
void deleteStoredResponse()

Deletes the stored JSON feed response, if any.

Return Value

void

at line 183
protected bool matchesExistingVersion(SecurityAdvisory $sa)

Determines if an advisory matches the existing version of a project.

Parameters

SecurityAdvisory $sa

The security advisory.

Return Value

bool

TRUE if the security advisory matches the existing version of the project, or FALSE otherwise.

at line 242
protected array|null getMatchingExtensionInfo(SecurityAdvisory $sa)

Gets the information for an extension affected by the security advisory.

Parameters

SecurityAdvisory $sa

The security advisory.

Return Value

array|null

The information as set in the info.yml file and then processed by the corresponding extension list for the first extension found that matches the project name of the security advisory. If no matching extension is found NULL is returned.

at line 268
protected string|null getProjectExistingVersion(SecurityAdvisory $sa)

Gets the existing project version.

Parameters

SecurityAdvisory $sa

The security advisory.

Return Value

string|null

The project version, or NULL if the project does not exist on the site.

at line 286
protected bool isApplicable(SecurityAdvisory $sa)

Determines if a security advisory is applicable for the current site.

Parameters

SecurityAdvisory $sa

The security advisory.

Return Value

bool

TRUE if the advisory is applicable for the current site, or FALSE otherwise.

at line 312
protected string doRequest(int $timeout)

Makes an HTTPS GET request, with a possible HTTP fallback.

This method will fall back to HTTP if the HTTPS request fails and the site setting 'update_fetch_with_http_fallback' is set to TRUE.

Parameters

int $timeout

The timeout in seconds for the request.

Return Value

string

The response.