do something useful with all that package data

Save package and version information obtained from composer for vulnerability
management package data payload. Additionally use it also to generate package
supportability metrics.

Author: lavarou

agent/php_execute.c

@@ -1055,8 +1055,13 @@ static void nr_execute_handle_autoload_composer_get_packages_information(const c
           }
         }
         zval_dtor(&retval2);
-        nrl_verbosedebug(NRL_TXN, "package %s, version %s",
+        nrl_verbosedebug(NRL_INSTRUMENT, "package %s, version %s",
                          NRSAFESTR(Z_STRVAL_P(value)), NRSAFESTR(version));
+        if (NRINI(vulnerability_management_package_detection_enabled)) {
+          nr_txn_add_php_package(NRPRG(txn), NRSAFESTR(Z_STRVAL_P(value)), NRSAFESTR(version));
+        }
+        nr_fw_support_add_package_supportability_metric(NRPRG(txn), NRSAFESTR(Z_STRVAL_P(value)),
+                                                      NRSAFESTR(version));
       }
       ZEND_HASH_FOREACH_END();
     } else {

daemon/internal/newrelic/integration/php_packages.go

@@ -371,6 +371,18 @@ func (pkgs *PhpPackagesCollection) GatherInstalledPackages() ([]PhpPackage, erro
 		if 0 < len(version) {
 			pkgs.packages = append(pkgs.packages, PhpPackage{"wordpress", version})
 		}
+	} else if 1 < len(splitCmd) && "composer-show.php" == splitCmd[1] {
+		lines := strings.Split(string(out), "\n")
+		version := ""
+		for _, line := range lines {
+			//fmt.Printf("line is |%s|\n", line)
+			splitLine := strings.Split(line, "=>")
+			if 2 == len(splitLine) {
+				name := strings.TrimSpace(splitLine[0])
+				version = strings.TrimSpace(splitLine[1])
+				pkgs.packages = append(pkgs.packages, PhpPackage{name, version})
+			}
+		}
 	} else {
 		return nil, fmt.Errorf("ERROR - unknown method '%s'\n", splitCmd[0])
 	}

tests/integration/autoloader/autoload-with-composer/vendor/composer/InstalledVersions.php

@@ -30,4 +30,11 @@ public static function getInstalledPackages()
         // Return the package names
         return array_keys(self::$installed);
     }
+
+    // Mock of 'composer show' used by integration tests to generate list of packages:
+    public static function show() {
+        foreach (self::$installed as $package => $version) {
+            echo "$package => $version\n";
+        }
+    }
 }

tests/integration/autoloader/composer-show.php

@@ -0,0 +1,14 @@
+<?php
+
+/*
+ * Copyright 2020 New Relic Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*DESCRIPTION
+Mock of 'composer show' used by integration tests to generate list of packages.
+*/
+
+
+include "autoload-with-composer/vendor/composer/InstalledVersions.php";
+Composer\InstalledVersions::show();

tests/integration/autoloader/test_autoloader_with_composer.php

@@ -13,6 +13,11 @@
 /*INI
 */
 
+/*EXPECT_PHP_PACKAGES
+command=php composer-show.php
+expected_packages=vendor1/package1, vendor2/package2
+*/
+
 /*EXPECT_METRICS_EXIST
 Supportability/library/Autoloader/detected, 1
 Supportability/library/Composer/detected, 1