Merge pull request #45 from youwe-petervanderwal/feat/security-checker-allow-list

youwe-petervanderwal · web-flow · commit b658e1b43707 · 2025-08-28T15:13:08.000+02:00
feat: add an allow list to security checker
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Migration docs for migration from v2 to v3 of the testing suite.
 - Option to use PHP CS Fixer instead of PHPCS
 - Pimcore coding standards with [PER coding standards](https://www.php-fig.org/per/coding-style/)
+- Added support for an Allow List within the Security Checker. 
 
 ### Changed
 - [BREAKING] The composer.json configurations `config.youwe-testing-suite.type` and `config.mediact-testing-suite.type`
diff --git a/composer.json b/composer.json
@@ -32,7 +32,7 @@
         "php-cs-fixer/shim": "@stable",
         "php-parallel-lint/php-parallel-lint": "^1.4",
         "phpmd/phpmd": "^2.15",
-        "phpro/grumphp-shim": "^2.12",
+        "phpro/grumphp-shim": "^2.15",
         "phpstan/phpstan": "@stable",
         "squizlabs/php_codesniffer": "^3.12.0",
         "youwe/composer-dependency-installer": "^2.0",
diff --git a/config/default/grumphp.yml b/config/default/grumphp.yml
@@ -51,6 +51,7 @@ parameters:
 
   securitychecker.lockfile: ./composer.lock
   securitychecker.run_always: true
+  securitychecker.allow_list: []
 
   git_blacklist.keywords:
     - "die("
@@ -149,3 +150,4 @@ grumphp:
     securitychecker_enlightn:
       lockfile: '%securitychecker.lockfile%'
       run_always: '%securitychecker.run_always%'
+      allow_list: '%securitychecker.allow_list%'
diff --git a/config/drupal/grumphp.yml b/config/drupal/grumphp.yml
@@ -3,4 +3,8 @@ imports:
 
 # Extend git triggers with common Drupal constructs
 parameters:
-  git_blacklist.triggered_by: [ 'php', 'js', 'twig' ]
+  git_blacklist.triggered_by: [ 'php', 'js', 'twig' ]
+
+#  securitychecker.allow_list:
+#    - CVE-2002-0121 # Add a jira ticket indicating when this vulnerability will be fixed (update/upgrade will be
+                     #    performed). Within that ticket explain this (new) vulnerability.
diff --git a/config/magento2/grumphp.yml b/config/magento2/grumphp.yml
@@ -17,3 +17,7 @@ parameters:
     - "<?php echo"
     - "Magento\\\\Framework\\\\App\\\\ObjectManager"
   git_blacklist.triggered_by: [ 'php', 'js', 'phtml' ]
+
+#  securitychecker.allow_list:
+#    - CVE-2002-0121 # Add a jira ticket indicating when this vulnerability will be fixed (update/upgrade will be
+                     #    performed). Within that ticket explain this (new) vulnerability.
diff --git a/config/pimcore/grumphp.yml b/config/pimcore/grumphp.yml
@@ -8,3 +8,7 @@ parameters:
   # Disable PHPCS (which is enabled by default) in favour of PHP CS Fixer
   phpcs.enabled: false
   phpcsfixer.enabled: true
+
+#  securitychecker.allow_list:
+#    - CVE-2002-0121 # Add a jira ticket indicating when this vulnerability will be fixed (update/upgrade will be
+                     #    performed). Within that ticket explain this (new) vulnerability.
