Symfony2 composer adding own bundle requirement - symfony-2.1

How can I install a specific Bundle (for example SonataGoutteBundle) to my Symfony2 project via composer?
I tried this, but it doesn't work for me. Any ideas what's wrong?
"repositories": [
{
"type": "package",
"package": {
"name": "sonata-project/sonatagouttebundle",
"version": "dev-master",
"dist": {
"url": "https://github.com/sonata-project/SonataGoutteBundle.git",
"type": "git"
}
}
}
],
"require": {
"php": ">=5.3.3",
[...],
"sonata-project/sonatagouttebundle": "dev-master"
}

Try something like
{
"repositories": [
{
"type": "vcs",
"url": "https://github.com/sonata-project/SonataGoutteBundle.git"
}
],
"require": {
"php": ">=5.3.3",
"vendor/bundle": "dev-master"
}
}
The SonataGoutteBundle must have a composer.json
In this particular case, this would work:
"repositories": [
{
"type": "package",
"package": {
"name": "sonata-project/goutte",
"version": "dev-master",
"source": {
"url": "https://github.com/sonata-project/SonataGoutteBundle.git",
"type": "git",
"reference": "master"
}
}
}
],
"require": {
"php": ">=5.3.3",
"sonata-project/goutte": "dev-master"
}
For all options see the documentation

You should provide a link to an archive (like zip) in "dist" section. If you want to use git you should define "source" section instead:
{
"repositories": [
{
"type": "package",
"package": {
"name": "sonata-project/sonatagouttebundle",
"version": "dev-master",
"source": {
"url": "https://github.com/sonata-project/SonataGoutteBundle.git",
"type": "git",
"reference": "master"
}
}
}
],
"require": {
"php": ">=5.3.3",
"sonata-project/sonatagouttebundle": "dev-master"
}
}
More about defining custom repositories: http://getcomposer.org/doc/04-schema.md#repositories

Related

Gitlab: Dependency scanner report is not shown on security dashboard

I am trying to create my own security scanner which will check dependencies. To test the functionality, I created a "mock scanner" which downloads a file from webhook, and saves it as an artifact ought to be uploaded to the server.
The artifact is uploaded successfully and in the CI output I can see the 201 code, but for some reason it is not presented in the security dashboard.
What am I doing wrong?
Thank you!
The CI job looks as following:
mysec_dependency_scanning:
stage: test
script:
- curl https://webhook.site/XXXX -o gl-dependency-scanning-report.json
- sleep 3
allow_failure: true
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
The content of the json file is from the example provided by gitlab and it as following:
{
"version": "2.0",
"vulnerabilities": [
{
"id": "51e83874-0ff6-4677-a4c5-249060554eae",
"category": "dependency_scanning",
"name": "alik alik",
"message": "Regular Expression Denial of Service in debug",
"description": "alik to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.",
"severity": "Unknown",
"solution": "Upgrade to latest versions.",
"scanner": {
"id": "dadada",
"name": "dadada"
},
"location": {
"file": "yarn.lock",
"dependency": {
"package": {
"name": "debug"
},
"version": "1.0.5"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-37283ed4-0380-40d7-ada7-2d994afcc62a",
"value": "37283ed4-0380-40d7-ada7-2d994afcc62a",
"url": "https://deps.sec.gitlab.com/packages/npm/debug/versions/1.0.5/advisories"
}
],
"links": [
{
"url": "https://nodesecurity.io/advisories/534"
},
{
"url": "https://github.com/visionmedia/debug/issues/501"
},
{
"url": "https://github.com/visionmedia/debug/pull/504"
}
]
},
{
"id": "5d681b13-e8fa-4668-957e-8d88f932ddc7",
"category": "dependency_scanning",
"name": "Authentication bypass via incorrect DOM traversal and canonicalization",
"message": "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js",
"description": "Some XML DOM traversal and canonicalization APIs may be inconsistent in handling of comments within XML nodes. Incorrect use of these APIs by some SAML libraries results in incorrect parsing of the inner text of XML nodes such that any inner text after the comment is lost prior to cryptographically signing the SAML message. Text after the comment, therefore, has no impact on the signature on the SAML message.\r\n\r\nA remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider.",
"severity": "Unknown",
"solution": "Upgrade to fixed version.\r\n",
"scanner": {
"id": "dadada",
"name": "dadada"
},
"location": {
"file": "yarn.lock",
"dependency": {
"package": {
"name": "saml2-js"
},
"version": "1.5.0"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-9952e574-7b5b-46fa-a270-aeb694198a98",
"value": "9952e574-7b5b-46fa-a270-aeb694198a98",
"url": "https://deps.sec.gitlab.com/packages/npm/saml2-js/versions/1.5.0/advisories"
},
{
"type": "cve",
"name": "CVE-2017-11429",
"value": "CVE-2017-11429",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11429"
}
],
"links": [
{
"url": "https://github.com/Clever/saml2/commit/3546cb61fd541f219abda364c5b919633609ef3d#diff-af730f9f738de1c9ad87596df3f6de84R279"
},
{
"url": "https://github.com/Clever/saml2/issues/127"
},
{
"url": "https://www.kb.cert.org/vuls/id/475445"
}
]
}
],
"remediations": [
{
"fixes": [
{
"id": "5d681b13-e8fa-4668-957e-8d88f932ddc7",
}
],
"summary": "Upgrade saml2-js",
"diff": "ZGlmZiAtLWdpdCBhL...OR0d1ZUc2THh3UT09Cg==" // some content is omitted for brevity
}
]
}
I was able to fix the problem, the issue was an invalid json format.
Had to do alot of trial and error but I was able to create a working template for a dependency scanning report.
{
"version": "3.0.0",
"vulnerabilities": [
{
"id": "dfa1f7f3d56db6e1c3451a232de42f153e0335611de6f0344443d84e448ee2cf",
"category": "dddda",
"name": "dddda",
"message": "ddda",
"description": "dddda lack of validation in `index.js`.",
"cve": "dada",
"severity": "Critical",
"solution": "Upgrade to version 2.0.5 or above.",
"scanner": {
"id": "lalal",
"name": "Code_Analyzer"
},
"location": {
"file": "yarn.lock",
"dependency": {
"iid": 447,
"package": {
"name": "copy-props"
},
"version": "2.0.4"
}
},
"identifiers": [
{
"type": "dada",
"name": "dada-e9e12690-2e4d-4251-bef0-7357ddc05881",
"value": "e9e57890-5e4d-4832-bef2-7337ddc05889",
"url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/npm/copy-props/CVE-2219-28503.yml"
},
{
"type": "cve",
"name": "CVE-2237-28503",
"value": "CVE-2237-28503",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2237-28503"
}
],
"links": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2237-28503"
}
]
}
],
"remediations": [],
"dependency_files": [
{
"path": "yarn.lock",
"package_manager": "yarn",
"dependencies": [
{
"iid": 447,
"dependency_path": [
{
"iid": 708
},
{
"iid": 707
}
],
"package": {
"name": "copy-props"
},
"version": "2.0.4"
}
]
}
],
"scan": {
"scanner": {
"id": "lalal",
"name": "Code_Analyzer",
"url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium",
"vendor": {
"name": "lalal"
},
"version": "2.29.5"
},
"type": "dependency_scanning",
"start_time": "2021-05-03T06:47:29",
"end_time": "2021-05-03T06:47:30",
"status": "success"
}
}

Icon is not visible on release task catalog in Azure DevOps pipeline. vss-extension.json as below,

{
"manifestVersion": 1,
"id": "build-release-task",
"name": "",
"version": "1.1.9",
"publisher": " ",
"targets": [
{
"id": "Microsoft.VisualStudio.Services"
}
],
"description": "",
"categories": [
"Azure Pipelines"
],
"icons": {
"default": "images/extension-icon.png"
},
"files": [
{
"path": "buildAndReleaseTask"
},
{
"path": "images",
"addressable": true
}
],
"contributions": [
{
"id": "custom-build-release-task",
"type": "ms.vss-distributed-task.task",
"targets": [
"ms.vss-distributed-task.tasks"
],
"properties": {
"name": "buildAndReleaseTask",
"icon": "images/extension-icon.png"
}
}
]
}
You should put the icon file also in the task folder (where the .ts/.ps1 files).

Log rotation on IoT Edge Agent

I am following Microsoft documentation and trying to set the logs for edge Agent through the container options. My deployment.template.json file is as follows:
{
"$schema-template": "2.0.0",
"modulesContent": {
"$edgeAgent": {
"properties.desired": {
"schemaVersion": "1.0",
"runtime": {
"type": "docker",
"settings": {
"minDockerVersion": "v1.25",
"loggingOptions": "",
"registryCredentials": {
"myRegistryName": {
"username": "$CONTAINER_REGISTRY_USERNAME",
"password": "$CONTAINER_REGISTRY_PASSWORD",
"address": "myRegistryAddress.azurecr.io"
}
}
}
},
"systemModules": {
"edgeAgent": {
"type": "docker",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-agent:1.0",
"createOptions": {
"HostConfig": {
"LogConfig": {
"Type": "json-file",
"Config": {
"max-size": "10m",
"max-file": "3"
}
}
}
}
}
},
"edgeHub": {
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "mcr.microsoft.com/azureiotedge-hub:1.0",
"createOptions": {
"HostConfig": {
"PortBindings": {
"5671/tcp": [
{
"HostPort": "5671"
}
],
"8883/tcp": [
{
"HostPort": "8883"
}
],
"443/tcp": [
{
"HostPort": "443"
}
]
},
"LogConfig": {
"Type": "json-file",
"Config": {
"max-size": "10m",
"max-file": "3"
}
}
}
}
}
}
},
"modules": {
"Module_Name": {
"version": "1.0",
"type": "docker",
"status": "running",
"restartPolicy": "always",
"settings": {
"image": "${MODULES.Module_Name}",
"createOptions": {
"HostConfig": {
"LogConfig": {
"Type": "json-file",
"Config": {
"max-size": "10m",
"max-file": "3"
}
}
}
}
}
}
}
}
},
"$edgeHub": {
"properties.desired": {
"schemaVersion": "1.0",
"routes": {
"route": "FROM /messages/* INTO $upstream"
},
"storeAndForwardConfiguration": {
"timeToLiveSecs": 7200
}
}
}
}
}
When I build and deploy it on my device, edge Hub and my module log rotation are applied but edgeAgent log rotation is not applied. I check the log rotation settings in the
/var/lib/docker/containers/{container_id}/hostconfig.json file.
What I have done so far:
Removed the image through sudo docker rmi sudo docker rmi mcr.microsoft.com/azureiotedge-agent:1.0 and removed all the containers including the edgeAgent container and restarted the edge environment by sudo systemctl restart iotedge. The log rotation is still not applied to the new container created by the edge run time. I am not sure, what am I missing ? Any help is appreciated. Please note, I don't want to apply log rotation by creating a daemon.json file and placing it in the edge run time folder. I need to do it through the container options specified in the deployment.template.json file.
This is a known bug where edge agent deployment does not apply if version number is identical to the one in config.yaml; please help to create a github issue for it. To workaround, please set the options in config.yaml.

Error creating a customContent on a confluence addon

Today I was trying to create a confluence addon for my company and I've try following atlassian documents.
My problem comes trying to run the express app when adding a new customContent to the atlassian-connect.json, after running npm start I get the following error.
Failed to register with host https‍://admin:xxx#xxx.atlassian.net/wiki (200)
{"type":"INSTALL","pingAfter":300,"status":{"done":true,"statusCode":200,"con
tentType":"application/vnd.atl.plugins.task.install.err+json","subCode":"upm.
pluginInstall.error.descriptor.not.from.marketplace","source":"https‍://1a0adc
8f.ngrok.io/atlassian-connect.json","name":"https‍://1a0adc8f.ngrok.io/atlassi
an-connect.json"},"links":{"self":"/wiki/rest/plugins/1.0/pending/b88594d3-c3
c2-4760-b687-c8d860c0a377","alternate":"/wiki/rest/plugins/1.0/tasks/b88594d3
-c3c2-4760-b687-c8d860c0a377"},"timestamp":1502272147602,"userKey":"xxx","id":"xxx"}
Add-on not registered; no compatible hosts detected
This is my atlassian-connect.json file:
{
"key": "my-add-on",
"name": "Ping Pong",
"description": "My very first add-on",
"vendor": {
"name": "Angry Nerds",
"url": "https://www.atlassian.com/angrynerds"
},
"baseUrl": "{{localBaseUrl}}",
"links": {
"self": "{{localBaseUrl}}/atlassian-connect.json",
"homepage": "{{localBaseUrl}}/atlassian-connect.json"
},
"authentication": {
"type": "jwt"
},
"lifecycle": {
"installed": "/installed"
},
"scopes": [
"READ"
],
"modules": {
"generalPages": [
{
"key": "hello-world-page-jira",
"location": "system.top.navigation.bar",
"name": {
"value": "Hello World"
},
"url": "/hello-world",
"conditions": [{
"condition": "user_is_logged_in"
}]
},
{
"key": "customersViewer",
"location": "system.header/left",
"name": {
"value": "Hello World"
},
"url": "/hello-world",
"conditions": [{
"condition": "user_is_logged_in"
}]
}
],
"customContent": [
{
"key": "customer",
"name": {
"value": "Customers"
},
"uiSupport": {
"contentViewComponent": {
"moduleKey": "customersViewer"
},
"listViewComponent": {
"moduleKey": "customerList"
},
"icons": {
"item": {
"url": "/images/customers.png"
}
}
},
"apiSupport": {
"supportedContainerTypes": ["space"]
}
}
]
}
}
Does anybody has an idea on whats going on?
The contentViewComponent can't find the generalPage it is referencing in moduleKey.
From the docs:
In the snippet above, the moduleKey “customersViewer” maps to a
generalPage module we have defined in our add-on. This generalPage is
passed the context parameters we specify, and visualizes our content
accordingly.
If you change the generalPage with the key hello-world-page-confluence to customersVieweryou be able to install and get up and running.

flatpak compile depedencies - permissions denied

I'm creating a flatpak package for vlc. Since flatpak runs in sandbox and vlc depends on lua -> guile -> bdw-gc -> libunistring.
I have to first compile all these dependencies into flatpak sandbox. However bdw-gc and libunistring`` compile perfectly, butguilefails in last step ofmake` with error:
make[1]: Leaving directory '/run/build/guile'
stripping /home/ivansek/projects/vlc/flatpak/vlc-repo2/files/bin/guile to /home/ivansek/projects/vlc/flatpak/vlc-repo2/files/lib/debug/bin/guile.debug
stripping /home/ivansek/projects/vlc/flatpak/vlc-repo2/files/lib/libguile-2.0.so.22.8.1 to /home/ivansek/projects/vlc/flatpak/vlc-repo2/files/lib/debug/lib/libguile-2.0.so.22.8.1.debug
Error: module guile: Error opening file '/home/ivansek/projects/vlc/flatpak/vlc-repo2/files/lib/debug/source/guile/libguile/scmconfig.h': Permission denied
I'm using flatpak-builder for that using manifest file as:
{
"app-id": "org.gnome.vlc",
"runtime": "org.gnome.Platform",
"runtime-version": "3.22",
"sdk": "org.gnome.Sdk",
"command": "vlc",
"finish-args": [
"--socket=x11",
"--share=network",
"--share=ipc",
"--filesystems=host"
],
"modules": [
{
"name": "bdw-gc",
"sources": [
{
"type": "archive",
"url": "http://www.hboehm.info/gc/gc_source/gc-7.6.0.tar.gz",
"sha256": "a14a28b1129be90e55cd6f71127ffc5594e1091d5d54131528c24cd0c03b7d90"
}
]
},
{
"name": "libunistring",
"sources": [
{
"type": "archive",
"url": "http://ftp.gnu.org/gnu/libunistring/libunistring-0.9.6.tar.xz",
"sha256": "2df42eae46743e3f91201bf5c100041540a7704e8b9abfd57c972b2d544de41b"
}
]
},
{
"name": "guile",
"sources": [
{
"type": "archive",
"url": "https://ftp.gnu.org/gnu/guile/guile-2.0.13.tar.xz",
"sha256": "3744f2addc282a0de627aaef048f062982b44564d54ac31ff5217972529ed88b"
}
]
},
{
"name": "autogen",
"sources": [
{
"type": "archive",
"url": "https://ftp.gnu.org/gnu/autogen/rel5.18/autogen-5.18.tar.xz",
"sha256": "0c2dce22d4306ea29a01f6e54a35ea2b42dc7cf14f9818057b785e375bfbb784"
}
]
},
{
"name": "lua",
"sources": [
{
"type": "archive",
"url": "https://www.lua.org/ftp/lua-5.3.3.tar.gz",
"sha256": "5113c06884f7de453ce57702abaac1d618307f33f6789fa870e87a59d772aca2"
}
]
},
{
"name": "vlc",
"sources": [
{
"type": "archive",
"url": "http://get.videolan.org/vlc/2.2.4/vlc-2.2.4.tar.xz",
"sha256": "1632e91d2a0087e0ef4c3fb4c95c3c2890f7715a9d1d43ffd46329f428cf53be"
}
]
}
]
}
How can I solve this problem, or what is another approach to include vlc in flatpak?

Resources