From 51843230859ef39344c0b67daa9049ead87ec49c Mon Sep 17 00:00:00 2001 From: nsfisis Date: Tue, 2 Jun 2026 23:58:38 +0900 Subject: feat(resolver): port SecurityAdvisoryPoolFilter::filter Implement the security advisory pool filter end to end, plus the remaining actionable wirings it unblocked. - Unify the PartialSecurityAdvisory|SecurityAdvisory union as the PartialOrFullSecurityAdvisory enum and make the advisory types Clone, so advisories can be collected and stored; Pool.security_removed_versions now carries the union. This also unblocks PoolOptimizer's clone of the security-removed versions. - Thread the filter result through run_security_advisory_filter/build_pool as anyhow::Result. - Introduce typed PlatformRepositoryHandle and pass platform repos as handles through determine_requirements instead of &PlatformRepository. - Wire RuleSetGenerator's is_unacceptable_fixed_or_locked_package check and UpdateCommand's non-locked installed-packages branch. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../src/repository/advisory_provider_interface.rs | 20 +------ .../shirabe/src/repository/composer_repository.rs | 20 +++---- crates/shirabe/src/repository/handle.rs | 64 +++++++++++++++++++++- .../shirabe/src/repository/package_repository.rs | 14 ++--- crates/shirabe/src/repository/repository_set.rs | 11 ++-- 5 files changed, 84 insertions(+), 45 deletions(-) (limited to 'crates/shirabe/src/repository') diff --git a/crates/shirabe/src/repository/advisory_provider_interface.rs b/crates/shirabe/src/repository/advisory_provider_interface.rs index 0de9c42..4b93eca 100644 --- a/crates/shirabe/src/repository/advisory_provider_interface.rs +++ b/crates/shirabe/src/repository/advisory_provider_interface.rs @@ -1,29 +1,13 @@ //! ref: composer/src/Composer/Repository/AdvisoryProviderInterface.php -use crate::advisory::PartialSecurityAdvisory; -use crate::advisory::SecurityAdvisory; +use crate::advisory::{PartialOrFullSecurityAdvisory, PartialSecurityAdvisory, SecurityAdvisory}; use indexmap::IndexMap; use shirabe_semver::constraint::AnyConstraint; -#[derive(Debug)] -pub enum PartialOrSecurityAdvisory { - Partial(PartialSecurityAdvisory), - Full(SecurityAdvisory), -} - -impl PartialOrSecurityAdvisory { - pub fn advisory_id(&self) -> &str { - match self { - PartialOrSecurityAdvisory::Partial(p) => &p.advisory_id, - PartialOrSecurityAdvisory::Full(s) => s.advisory_id(), - } - } -} - #[derive(Debug)] pub struct SecurityAdvisoryResult { pub names_found: Vec, - pub advisories: IndexMap>, + pub advisories: IndexMap>, } pub trait AdvisoryProviderInterface { diff --git a/crates/shirabe/src/repository/composer_repository.rs b/crates/shirabe/src/repository/composer_repository.rs index d39fd82..1f2fcbf 100644 --- a/crates/shirabe/src/repository/composer_repository.rs +++ b/crates/shirabe/src/repository/composer_repository.rs @@ -15,7 +15,7 @@ use shirabe_semver::constraint::AnyConstraint; use shirabe_semver::constraint::MatchAllConstraint; use shirabe_semver::constraint::SimpleConstraint; -use crate::advisory::PartialSecurityAdvisory; +use crate::advisory::{PartialOrFullSecurityAdvisory, PartialSecurityAdvisory}; use crate::cache::Cache; use crate::config::Config; use crate::downloader::TransportException; @@ -41,7 +41,7 @@ use crate::repository::RepositoryInterface; use crate::repository::RepositoryInterfaceHandle; use crate::repository::RepositoryInterfaceWeakHandle; use crate::repository::RepositorySecurityException; -use crate::repository::{PartialOrSecurityAdvisory, SecurityAdvisoryResult}; +use crate::repository::SecurityAdvisoryResult; use crate::repository::{SEARCH_FULLTEXT, SEARCH_VENDOR}; use crate::util::HttpDownloader; use crate::util::Url; @@ -1038,7 +1038,7 @@ impl ComposerRepository { }); } - let mut advisories: IndexMap> = IndexMap::new(); + let mut advisories: IndexMap> = IndexMap::new(); let mut names_found: IndexMap = IndexMap::new(); let api_url = self @@ -1062,9 +1062,9 @@ impl ComposerRepository { let create = |data: &IndexMap, name: &str, package_constraint_map: &IndexMap| - -> anyhow::Result> { + -> anyhow::Result> { let advisory = PartialSecurityAdvisory::create(name, data, &semver_parser)?; - let is_full = matches!(advisory, PartialOrSecurityAdvisory::Full(_)); + let is_full = matches!(advisory, PartialOrFullSecurityAdvisory::Full(_)); if !allow_partial_advisories && !is_full { let data_mixed = PhpMixed::Array( data.iter() @@ -1084,8 +1084,8 @@ impl ComposerRepository { .into()); } let affected_versions: &AnyConstraint = match &advisory { - PartialOrSecurityAdvisory::Partial(p) => &p.affected_versions, - PartialOrSecurityAdvisory::Full(p) => p.affected_versions(), + PartialOrFullSecurityAdvisory::Partial(p) => &p.affected_versions, + PartialOrFullSecurityAdvisory::Full(p) => p.affected_versions(), }; let constraint = package_constraint_map.get(name); if let Some(c) = constraint { @@ -1138,7 +1138,7 @@ impl ComposerRepository { names_found.insert(name.clone(), true); if !sec_advs_arr.is_empty() { - let mut entries: Vec = Vec::new(); + let mut entries: Vec = Vec::new(); for (_k, data_mixed) in sec_advs_arr.iter() { if let Some(data) = data_mixed.as_array() { let data_map: IndexMap = data @@ -1229,7 +1229,7 @@ impl ComposerRepository { None => continue, }; if !list.is_empty() { - let mut entries: Vec = Vec::new(); + let mut entries: Vec = Vec::new(); for data_mixed in list.iter() { if let Some(data) = data_mixed.as_array() { let data_map: IndexMap = data @@ -1249,7 +1249,7 @@ impl ComposerRepository { } } - let advisories_filtered: IndexMap> = advisories + let advisories_filtered: IndexMap> = advisories .into_iter() .filter(|(_, adv)| !adv.is_empty()) .collect(); diff --git a/crates/shirabe/src/repository/handle.rs b/crates/shirabe/src/repository/handle.rs index a4225f7..38a4f28 100644 --- a/crates/shirabe/src/repository/handle.rs +++ b/crates/shirabe/src/repository/handle.rs @@ -11,7 +11,8 @@ use crate::package::BasePackageHandle; use crate::package::PackageInterfaceHandle; use crate::repository::{ FindPackageConstraint, InstalledRepositoryInterface, LoadPackagesResult, LockArrayRepository, - ProviderInfo, RepositoryInterface, SearchResult, WritableRepositoryInterface, + PlatformRepository, ProviderInfo, RepositoryInterface, SearchResult, + WritableRepositoryInterface, }; /// Shared reference to a repository. Corresponds to PHP `RepositoryInterface`. @@ -173,8 +174,7 @@ impl std::hash::Hash for RepositoryInterfaceHandle { } } -/// Typed shared handle over `LockArrayRepository`. Preserves the PHP `?LockArrayRepository` -/// typing where a `RepositoryInterfaceHandle` would be too wide. +/// Typed shared handle over `LockArrayRepository`. #[derive(Debug, Clone)] pub struct LockArrayRepositoryHandle(Rc>); @@ -231,3 +231,61 @@ impl std::hash::Hash for LockArrayRepositoryHandle { self.ptr_id().hash(state); } } + +/// Typed shared handle over `PlatformRepository`. +#[derive(Debug, Clone)] +pub struct PlatformRepositoryHandle(Rc>); + +impl PlatformRepositoryHandle { + pub fn new(repository: PlatformRepository) -> Self { + let rc: Rc> = Rc::new(RefCell::new(repository)); + let rc_dyn: Rc> = rc.clone(); + rc.borrow().set_self_handle(Rc::downgrade(&rc_dyn)); + Self(rc) + } + + pub fn from_rc(rc: Rc>) -> Self { + Self(rc) + } + + pub fn as_rc(&self) -> &Rc> { + &self.0 + } + + pub fn borrow(&self) -> Ref<'_, PlatformRepository> { + self.0.borrow() + } + + pub fn borrow_mut(&self) -> RefMut<'_, PlatformRepository> { + self.0.borrow_mut() + } + + pub fn ptr_eq(&self, other: &Self) -> bool { + Rc::ptr_eq(&self.0, &other.0) + } + + pub fn ptr_id(&self) -> usize { + Rc::as_ptr(&self.0) as *const () as usize + } +} + +impl From for RepositoryInterfaceHandle { + fn from(h: PlatformRepositoryHandle) -> Self { + let rc: Rc> = h.0; + RepositoryInterfaceHandle::from_rc(rc) + } +} + +impl PartialEq for PlatformRepositoryHandle { + fn eq(&self, other: &Self) -> bool { + Rc::ptr_eq(&self.0, &other.0) + } +} + +impl Eq for PlatformRepositoryHandle {} + +impl std::hash::Hash for PlatformRepositoryHandle { + fn hash(&self, state: &mut H) { + self.ptr_id().hash(state); + } +} diff --git a/crates/shirabe/src/repository/package_repository.rs b/crates/shirabe/src/repository/package_repository.rs index b88de78..b5280a8 100644 --- a/crates/shirabe/src/repository/package_repository.rs +++ b/crates/shirabe/src/repository/package_repository.rs @@ -1,15 +1,13 @@ //! ref: composer/src/Composer/Repository/PackageRepository.php -use crate::advisory::PartialSecurityAdvisory; use crate::advisory::SecurityAdvisory; +use crate::advisory::{PartialOrFullSecurityAdvisory, PartialSecurityAdvisory}; use crate::package::loader::ArrayLoader; use crate::package::loader::ValidatingArrayLoader; use crate::package::version::VersionParser; use crate::repository::ArrayRepository; use crate::repository::InvalidRepositoryException; -use crate::repository::{ - AdvisoryProviderInterface, PartialOrSecurityAdvisory, SecurityAdvisoryResult, -}; +use crate::repository::{AdvisoryProviderInterface, SecurityAdvisoryResult}; use indexmap::IndexMap; use shirabe_external_packages::composer::pcre::Preg; use shirabe_php_shim::{Exception, PhpMixed, RuntimeException, var_export}; @@ -97,7 +95,7 @@ impl AdvisoryProviderInterface for PackageRepository { let semver_parser = shirabe_semver::version_parser::VersionParser; let _ = parser; - let mut advisories: IndexMap> = IndexMap::new(); + let mut advisories: IndexMap> = IndexMap::new(); for (package_name, package_advisories) in &self.security_advisories { if !package_constraint_map.contains_key(package_name.as_str()) { continue; @@ -106,7 +104,7 @@ impl AdvisoryProviderInterface for PackageRepository { PhpMixed::List(list) => list, _ => continue, }; - let mut items: Vec = Vec::new(); + let mut items: Vec = Vec::new(); for data in list { let data_map: IndexMap = match data.as_ref() { PhpMixed::Array(m) => m.iter().map(|(k, v)| (k.clone(), *v.clone())).collect(), @@ -121,7 +119,7 @@ impl AdvisoryProviderInterface for PackageRepository { Err(_) => continue, }; if !allow_partial_advisories - && matches!(advisory, PartialOrSecurityAdvisory::Partial(_)) + && matches!(advisory, PartialOrFullSecurityAdvisory::Partial(_)) { return Err(anyhow::anyhow!(RuntimeException { message: format!( @@ -141,7 +139,7 @@ impl AdvisoryProviderInterface for PackageRepository { } let names_found: Vec = advisories.keys().cloned().collect(); - let advisories: IndexMap> = advisories + let advisories: IndexMap> = advisories .into_iter() .filter(|(_, adv)| !adv.is_empty()) .collect(); diff --git a/crates/shirabe/src/repository/repository_set.rs b/crates/shirabe/src/repository/repository_set.rs index 843af80..ac904fc 100644 --- a/crates/shirabe/src/repository/repository_set.rs +++ b/crates/shirabe/src/repository/repository_set.rs @@ -13,8 +13,7 @@ use shirabe_semver::constraint::MatchAllConstraint; use shirabe_semver::constraint::MultiConstraint; use shirabe_semver::constraint::SimpleConstraint; -use crate::advisory::PartialSecurityAdvisory; -use crate::advisory::SecurityAdvisory; +use crate::advisory::{PartialOrFullSecurityAdvisory, PartialSecurityAdvisory, SecurityAdvisory}; use crate::dependency_resolver::Pool; use crate::dependency_resolver::PoolBuilder; use crate::dependency_resolver::PoolOptimizer; @@ -29,12 +28,12 @@ use crate::package::BasePackageHandle; use crate::package::CompleteAliasPackageHandle; use crate::package::PackageInterfaceHandle; use crate::package::version::StabilityFilter; +use crate::repository::AdvisoryProviderInterface; use crate::repository::CompositeRepository; use crate::repository::InstalledRepository; use crate::repository::InstalledRepositoryInterface; use crate::repository::LockArrayRepositoryHandle; use crate::repository::PlatformRepository; -use crate::repository::{AdvisoryProviderInterface, PartialOrSecurityAdvisory}; use crate::repository::{FindPackageConstraint, RepositoryInterface, RepositoryInterfaceHandle}; #[derive(Debug, Clone)] @@ -372,8 +371,8 @@ impl RepositorySet { allow_partial_advisories: bool, ignore_unreachable: bool, unreachable_repos: &mut Vec, - ) -> Result>> { - let mut repo_advisories: Vec>> = vec![]; + ) -> Result>> { + let mut repo_advisories: Vec>> = vec![]; for repository in &self.repositories { // TODO(phase-b): use anyhow::Result> to model PHP try/catch let attempt: Result<()> = (|| -> Result<()> { @@ -646,6 +645,6 @@ impl RepositorySet { #[derive(Debug)] pub struct SecurityAdvisoriesResult { - pub advisories: IndexMap>, + pub advisories: IndexMap>, pub unreachable_repos: Vec, } -- cgit v1.3.1