enhance tests with mocked composer's runtime api

Test detection of packages when Composer is used but package metadata is bogus:
- package_name is null, package_version is valid
- package_name is valid, package_version is null
- package_name is null, package_version is null.

Author: lavarou

agent/lib_composer.c

@@ -96,11 +96,18 @@ static void nr_execute_handle_autoload_composer_get_packages_information(
         "    $packages = array();"
         "    foreach (\\Composer\\InstalledVersions::getAllRawData() as $installed) { "
         "      foreach ($installed['versions'] as $packageName => $packageData) {"
+        "        if (!is_string($packageName)) {"
+        "          continue;"
+        "        }"
         "        if (is_array($root_package) && array_key_exists('name', $root_package) && $packageName == $root_package['name']) {"
         "          continue;"
         "        }"
-        "        if (isset($packageData['pretty_version'])) {"
-        "          $packages[$packageName] = ltrim($packageData['pretty_version'], 'v');"
+        "        if (!array_key_exists('pretty_version', $packageData)) {"
+        "          continue;"
+        "        }"
+        "        $pretty_version = $packageData['pretty_version'];"
+        "        if (is_string($pretty_version)) {"
+        "          $packages[$packageName] = ltrim($pretty_version, 'v');"
         "        }"
         "      }"
         "    }"

tests/integration/autoloader/packages-with-broken-composer-02/vendor/autoload.php

@@ -0,0 +1,12 @@
+<?php
+/*
+ * Copyright 2020 New Relic Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*DESCRIPTION
+This file is the usual entry point for installing and using PSR-4 Autoloader.
+The agent verifies its presence to determine if PSR-4 Autoloader is used.
+*/
+
+require_once __DIR__ . '/composer/autoload_real.php';

tests/integration/autoloader/packages-with-broken-composer-02/vendor/composer/InstalledVersions.php

@@ -0,0 +1,51 @@
+<?php
+/*
+ * Copyright 2020 New Relic Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*DESCRIPTION
+This file is the core of real Composer's runtime API, and agent verifies its presence to determine if Composer is used.
+It contains \Composer\InstalledVersions class with methods used by the agent to get the installed packages and their versions.
+*/
+
+namespace Composer;
+class InstalledVersions
+{
+    // This Composer's runtime API method is used by the agent to get the list of installed packages:
+    public static function getAllRawData()
+    {
+        $installed = require __DIR__ . '/installed.php';
+        // This mock only returns a single dataset; in real life, there could be more
+        return array($installed);
+    }
+
+    // This Composer's runtime API method is used by the agent to get the root package:
+    public static function getRootPackage()
+    {
+        $installed = self::getAllRawData();
+        // This mock only returns a single dataset; in real life, there could be more
+        return $installed[0]['root'];
+    }
+
+    // Mock of 'composer show' used by integration tests to generate list of packages:
+    public static function show() {
+        $installed = self::getAllRawData();
+        foreach ($installed[0]['versions'] as $package => $info) {
+            if (!is_string($package)) {
+                continue;
+            }
+            if (!is_array($info)) {
+                continue;
+            }
+            if (!array_key_exists('pretty_version', $info)) {
+                continue;
+            }
+            if (!is_string($info['pretty_version'])) {
+                continue;
+            }
+            $version = ltrim($info['pretty_version'], 'v');
+            echo "$package => $version\n";
+        }
+    }
+}

tests/integration/autoloader/packages-with-broken-composer-02/vendor/composer/autoload_real.php

@@ -0,0 +1,9 @@
+<?php
+/*
+ * Copyright 2020 New Relic Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*DESCRIPTION
+This file is needed by real Composer's Autoload functionality, and agent uses its presence to determine if Composer is used.
+*/

tests/integration/autoloader/packages-with-broken-composer-02/vendor/composer/installed.php

@@ -0,0 +1,44 @@
+<?php
+/*
+ * Copyright 2020 New Relic Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*DESCRIPTION
+This file is needed by real Composer's runtime API, and agent verifies its presence to determine if Composer is used.
+This file contains phpized version of composer.json for the project and its dependencies.
+*/
+  return array(
+    // Mocked data: root package
+    'root' => array(
+        'pretty_version' => 'v1.0.0',
+        'version' => '1.0.0.0',
+        'type' => 'project'
+    ),
+    // Mocked invalid package data: 
+    // - package without name and version
+    // - package without name but with version
+    // - package with name but without version
+    // Mocked valid package data: 
+    // - package with name and version
+    'versions' =>  array(
+        array(
+            'version' => '1.1.3.0',
+            'type' => 'library'
+        ),
+        array(
+            'pretty_version' => 'v2.1.3',
+            'version' => '2.1.3.0',
+            'type' => 'library'
+        ),
+        'vendor2/package2' => array(
+            'version' => '3.1.5.0',
+            'type' => 'library'
+        ),
+        'laravel/framework' => array(
+            'pretty_version' => '11.4.5',
+            'version' => '11.4.5',
+            'type' => 'library'
+        ),
+    )
+  );

tests/integration/autoloader/packages-with-broken-composer-02/vendor/laravel/framework/src/Illuminate/Foundation/Application.php

@@ -0,0 +1,25 @@
+<?php
+/*
+ * Copyright 2020 New Relic Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*DESCRIPTION
+A very simple mock of laravel/framework package used to similate detection of Laravel framework
+which results in php package harvest.
+*/
+
+namespace Illuminate\Foundation;
+
+class Application
+{
+    const VERSION = '11.4.5';
+
+    public function __construct()
+    {
+        echo "";
+    }
+}
+
+// force detection on PHP 8.2+
+echo "";

tests/integration/autoloader/test_packages_with_broken_composer_02.php

@@ -0,0 +1,44 @@
+<?php
+/*
+ * Copyright 2020 New Relic Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*DESCRIPTION
+Test detection of packages when Composer is used but package metadata is bogus:
+- package_name is null, package_version is valid
+- package_name is valid, package_version is null
+- package_name is null, package_version is null.
+Supportability metric for Autoloader and Composer libraries should be present because
+composer install is not broken. However the agent should create package harvest only
+for packages with valid (non null and of type string) package name and version.
+No errors should be generated.
+*/
+
+/*INI
+newrelic.loglevel=verbosedebug
+newrelic.vulnerability_management.composer_api.enabled=true
+*/
+
+/*EXPECT_PHP_PACKAGES
+command=php composer-show.php packages-with-broken-composer-02/vendor/composer/InstalledVersions.php
+expected_packages=laravel/framework
+*/
+
+/*EXPECT_METRICS_EXIST
+Supportability/library/Autoloader/detected, 1
+Supportability/library/Composer/detected, 1
+Supportability/PHP/package/laravel/framework/11/detected
+*/
+
+/*EXPECT_METRICS_DONT_EXIST
+*/
+
+/*EXPECT_TRACED_ERRORS null*/
+
+// Simulate autoloader usage:
+require 'packages-with-broken-composer-02/vendor/autoload.php';
+// Simulate package usage (normally this would be done by the autoloader):
+include 'packages-with-broken-composer-02/vendor/laravel/framework/src/Illuminate/Foundation/Application.php';
+// Trigger instrumentation that generates packages and package-specific metrics:
+$app = new Illuminate\Foundation\Application();