feat(agent): use composer for vuln mgmt package info

agent/config.m4

@@ -230,7 +230,8 @@ if test "$PHP_NEWRELIC" = "yes"; then
   fw_zend2.c fw_zend.c"
   LIBRARIES="lib_aws_sdk_php.c lib_monolog.c lib_doctrine2.c lib_guzzle3.c \
   lib_guzzle4.c lib_guzzle6.c lib_guzzle_common.c \
-  lib_mongodb.c lib_phpunit.c lib_predis.c lib_zend_http.c"
+  lib_mongodb.c lib_phpunit.c lib_predis.c lib_zend_http.c \
+  lib_composer.c"
   PHP_NEW_EXTENSION(newrelic, $FRAMEWORKS $LIBRARIES $NEWRELIC_AGENT, $ext_shared,, \\$(NEWRELIC_CFLAGS))
 
   PHP_SUBST(NEWRELIC_CFLAGS)

agent/fw_drupal.c

@@ -20,6 +20,8 @@
 #include "util_memory.h"
 #include "util_strings.h"
 
+#define PHP_PACKAGE_NAME "drupal/drupal"
+
 /*
  * Set the Web Transaction (WT) name to "(cached page)"
  *
@@ -879,4 +881,15 @@ void nr_drupal_enable(TSRMLS_D) {
   nr_php_user_function_add_declared_callback(
       NR_PSTR("drupal_http_request"), nr_drupal_replace_http_request TSRMLS_CC);
 #endif
+
+  if (NRINI(vulnerability_management_package_detection_enabled)) {
+    nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME,
+                           PHP_PACKAGE_VERSION_UNKNOWN);
+  }
+
+  nr_fw_support_add_package_supportability_metric(
+      NRPRG(txn), PHP_PACKAGE_NAME, NULL,
+      nr_php_packages_get_package(NRPRG(txn)->php_packages,
+                                  PHP_PACKAGE_NAME));
+
 }

agent/fw_drupal8.c

@@ -669,6 +669,7 @@ NR_PHP_WRAPPER_END
 void nr_drupal_version() {
   zval* zval_version = NULL;
   zend_class_entry* class_entry = NULL;
+  nr_php_package_t* p = NULL;
 
   class_entry = nr_php_find_class("drupal");
   if (NULL == class_entry) {
@@ -687,10 +688,10 @@ void nr_drupal_version() {
   if (nr_php_is_zval_valid_string(zval_version)) {
     char* version = Z_STRVAL_P(zval_version);
     if (NRINI(vulnerability_management_package_detection_enabled)) {
-      nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
+      p = nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
     }
-    nr_fw_support_add_package_supportability_metric(NRPRG(txn), PHP_PACKAGE_NAME,
-                                                    version);
+    nr_fw_support_add_package_supportability_metric(
+        NRPRG(txn), PHP_PACKAGE_NAME, version, p);
   }
 
   nr_php_zval_free(&zval_version);

agent/fw_hooks.h

@@ -56,6 +56,7 @@ extern void nr_phpunit_enable(TSRMLS_D);
 extern void nr_predis_enable(TSRMLS_D);
 extern void nr_zend_http_enable(TSRMLS_D);
 extern void nr_monolog_enable(TSRMLS_D);
+extern void nr_composer_handle_autoload(const char* filename);
 
 /* Vulnerability Management Packages */
 extern void nr_drupal_version(void);

agent/fw_laminas3.c

@@ -13,6 +13,8 @@
 #include "util_logging.h"
 #include "util_memory.h"
 
+#define PHP_PACKAGE_NAME "laminas/laminas-mvc"
+
 /*
  * Laminas is a rebranding of Zend, but the logic remains the same,
  * it is simply a name change and corresponds directly to Zend 3.x.
@@ -163,7 +165,11 @@ void nr_laminas3_enable(TSRMLS_D) {
       nr_laminas3_name_the_wt TSRMLS_CC);
 
   if (NRINI(vulnerability_management_package_detection_enabled)) {
-    nr_txn_add_php_package(NRPRG(txn), "laminas/laminas-mvc",
+    nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME,
                            PHP_PACKAGE_VERSION_UNKNOWN);
   }
+  nr_fw_support_add_package_supportability_metric(
+      NRPRG(txn), PHP_PACKAGE_NAME, NULL,
+      nr_php_packages_get_package(NRPRG(txn)->php_packages,
+                                  PHP_PACKAGE_NAME));  
 }

agent/fw_laravel.c

@@ -949,6 +949,7 @@ NR_PHP_WRAPPER(nr_laravel_application_construct) {
   zval* this_var = nr_php_scope_get(NR_EXECUTE_ORIG_ARGS TSRMLS_CC);
   ;
   char* version = NULL;
+  nr_php_package_t* p = NULL;
 
   NR_UNUSED_SPECIALFN;
   (void)wraprec;
@@ -961,10 +962,10 @@ NR_PHP_WRAPPER(nr_laravel_application_construct) {
 
   if (NRINI(vulnerability_management_package_detection_enabled)) {
     // Add php package to transaction
-    nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
+    p = nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
   }
   nr_fw_support_add_package_supportability_metric(NRPRG(txn), PHP_PACKAGE_NAME,
-                                                  version);
+                                                  version, p);
 
   if (version) {
     nrl_debug(NRL_FRAMEWORK, "Laravel version is " NRP_FMT, NRP_PHP(version));

agent/fw_lumen.c

@@ -11,10 +11,13 @@
 #include "php_wrapper.h"
 #include "php_hash.h"
 #include "fw_hooks.h"
+#include "fw_support.h"
 #include "util_logging.h"
 #include "util_memory.h"
 #include "util_strings.h"
 
+#define PHP_PACKAGE_NAME "laravel/lumen-framework"
+
 /*
  * Sets the web transaction name. If strip_base == true,
  * leading class path components will be stripped.
@@ -232,7 +235,12 @@ void nr_lumen_enable(TSRMLS_D) {
 #endif
 
   if (NRINI(vulnerability_management_package_detection_enabled)) {
-    nr_txn_add_php_package(NRPRG(txn), "laravel/lumen-framework",
+    nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME,
                            PHP_PACKAGE_VERSION_UNKNOWN);
   }
+
+  nr_fw_support_add_package_supportability_metric(
+      NRPRG(txn), PHP_PACKAGE_NAME, NULL,
+      nr_php_packages_get_package(NRPRG(txn)->php_packages,
+                                  PHP_PACKAGE_NAME));
 }

agent/fw_slim.c

@@ -152,6 +152,7 @@ NR_PHP_WRAPPER_END
 NR_PHP_WRAPPER(nr_slim_application_construct) {
   zval* this_var = nr_php_scope_get(NR_EXECUTE_ORIG_ARGS);
   char* version = NULL;
+  nr_php_package_t* p = NULL;
 
   NR_UNUSED_SPECIALFN;
   (void)wraprec;
@@ -160,11 +161,11 @@ NR_PHP_WRAPPER(nr_slim_application_construct) {
 
   if (NRINI(vulnerability_management_package_detection_enabled)) {
     // Add php package to transaction
-    nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
+    p = nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
   }
 
   nr_fw_support_add_package_supportability_metric(NRPRG(txn), PHP_PACKAGE_NAME,
-                                                  version);
+                                                  version, p);
 
   nr_free(version);
   nr_php_scope_release(&this_var);

agent/fw_support.c

@@ -58,23 +58,39 @@ void nr_fw_support_add_logging_supportability_metric(nrtxn_t* txn,
 void nr_fw_support_add_package_supportability_metric(
     nrtxn_t* txn,
     const char* package_name,
-    const char* package_version) {
-  if (NULL == txn || NULL == package_name || NULL == package_version) {
+    const char* package_version,
+    nr_php_package_t* p) {
+  if (NULL == txn || NULL == package_name) {
     return;
   }
 
   char* metname = NULL;
   char major_version[MAJOR_VERSION_LENGTH] = {0};
+  const char* version = package_version;
+
+  // override provided package_version only if:
+  // - php_package is provided
+  // - its version is not NULL
+  // - its version is not PHP_PACKAGE_VERSION_UNKNOWN
+  if (NULL != p && NULL != p->package_version
+      && 0 != nr_strcmp(p->package_version, PHP_PACKAGE_VERSION_UNKNOWN)) {
+    version = p->package_version;
+  }
+
+  // only generate metric if version is known
+  if (NULL == version || 0 == nr_strcmp(version, PHP_PACKAGE_VERSION_UNKNOWN)) {
+    return;
+  }
 
   /* The below for loop checks if the major version of the package is more than
    * one digit and keeps looping until a '.' is encountered or one of the
    * conditions is met.
    */
-  for (int i = 0; package_version[i] && i < MAJOR_VERSION_LENGTH - 1; i++) {
-    if ('.' == package_version[i]) {
+  for (int i = 0; version[i] && i < MAJOR_VERSION_LENGTH - 1; i++) {
+    if ('.' == version[i]) {
       break;
     }
-    major_version[i] = package_version[i];
+    major_version[i] = version[i];
   }
 
   if (NR_FW_UNSET == NRINI(force_framework)) {

agent/fw_support.h

@@ -8,6 +8,7 @@
 #define FW_SUPPORT_HDR
 
 #include "php_user_instrument.h"
+#include "nr_php_packages.h"
 
 extern void nr_php_framework_add_supportability_metric(
     const char* framework_name,
@@ -44,11 +45,13 @@ extern void nr_fw_support_add_logging_supportability_metric(
  * Params  : 1. Transaction object
  *           2. Package name
  *           3. Package version
+ *           4. PHP package reported for vulnerability management
  *
  */
 extern void nr_fw_support_add_package_supportability_metric(
     nrtxn_t* txn,
     const char* package_name,
-    const char* package_version);
+    const char* package_version,
+    nr_php_package_t* p);
 
 #endif /* FW_SUPPORT_HDR */

agent/fw_symfony4.c

@@ -10,6 +10,8 @@
 #include "fw_support.h"
 #include "fw_symfony_common.h"
 
+#define PHP_PACKAGE_NAME "symfony/http-kernel"
+
 NR_PHP_WRAPPER(nr_symfony4_exception) {
   int priority = nr_php_error_get_priority(E_ERROR);
   zval* event = NULL;
@@ -277,7 +279,12 @@ void nr_symfony4_enable(TSRMLS_D) {
 #endif
 
   if (NRINI(vulnerability_management_package_detection_enabled)) {
-    nr_txn_add_php_package(NRPRG(txn), "symfony/http-kernel",
+    nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME,
                            PHP_PACKAGE_VERSION_UNKNOWN);
   }
+
+  nr_fw_support_add_package_supportability_metric(
+      NRPRG(txn), PHP_PACKAGE_NAME, NULL,
+      nr_php_packages_get_package(NRPRG(txn)->php_packages,
+                                  PHP_PACKAGE_NAME));  
 }

agent/fw_wordpress.c

@@ -806,15 +806,16 @@ void nr_wordpress_version() {
   zval retval;
   int result
       = zend_eval_string(func_string, &retval, "Get Wordpress Version");
+  nr_php_package_t* p = NULL;
   // Add php package to transaction
   if (SUCCESS == result) {
     if (nr_php_is_zval_valid_string(&retval)) {
       char* version = Z_STRVAL(retval);
       if (NRINI(vulnerability_management_package_detection_enabled)) {
-        nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
+        p = nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
       }
-      nr_fw_support_add_package_supportability_metric(NRPRG(txn), PHP_PACKAGE_NAME,
-                                                      version);
+      nr_fw_support_add_package_supportability_metric(
+          NRPRG(txn), PHP_PACKAGE_NAME, version, p);
     }
     zval_dtor(&retval);
   }

agent/fw_yii.c

@@ -14,6 +14,7 @@
 #include "util_memory.h"
 #include "util_strings.h"
 
+#define PHP_PACKAGE_NAME "yiisoft/yii2"
 /*
  * Yii1: Set the web transaction name from the controllerId + actionId combo.
  *
@@ -221,4 +222,14 @@ void nr_yii2_enable(TSRMLS_D) {
   nr_php_wrap_user_function(NR_PSTR("yii\\base\\ErrorHandler::logException"),
                             nr_yii2_error_handler_wrapper TSRMLS_CC);
 #endif
+
+  if (NRINI(vulnerability_management_package_detection_enabled)) {
+    nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME,
+                           PHP_PACKAGE_VERSION_UNKNOWN);
+  }
+
+  nr_fw_support_add_package_supportability_metric(
+      NRPRG(txn), PHP_PACKAGE_NAME, NULL,
+      nr_php_packages_get_package(NRPRG(txn)->php_packages,
+                                  PHP_PACKAGE_NAME));
 }

agent/lib_aws_sdk_php.c

@@ -56,6 +56,7 @@ void nr_lib_aws_sdk_php_handle_version() {
   zval* zval_version = NULL;
   zend_class_entry* class_entry = NULL;
   char* version = NULL;
+  nr_php_package_t* p = NULL;
 
   class_entry = nr_php_find_class("aws\\sdk");
   if (NULL != class_entry) {
@@ -67,10 +68,10 @@ void nr_lib_aws_sdk_php_handle_version() {
   }
   if (NRINI(vulnerability_management_package_detection_enabled)) {
     /* Add php package to transaction */
-    nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
+    p = nr_txn_add_php_package(NRPRG(txn), PHP_PACKAGE_NAME, version);
   }
   nr_fw_support_add_package_supportability_metric(NRPRG(txn), PHP_PACKAGE_NAME,
-                                                  version);
+                                                  version, p);
   nr_php_zval_free(&zval_version);
 }