Add PHP Analyzer Plugin and Composer Lock Data Handling

- Implemented the PhpAnalyzerPlugin to analyze PHP projects. - Created ComposerLockData class to represent data from composer.lock files. - Developed ComposerLockReader to load and parse composer.lock files asynchronously. - Introduced ComposerPackage class to encapsulate package details. - Added PhpPackage class to represent PHP packages with metadata and evidence. - Implemented PhpPackageCollector to gather packages from ComposerLockData. - Created PhpLanguageAnalyzer to perform analysis and emit results. - Added capability signals for known PHP frameworks and CMS. - Developed unit tests for the PHP language analyzer and its components. - Included sample composer.lock and expected output for testing. - Updated project files for the new PHP analyzer library and tests.
2025-11-22 14:02:49 +02:00
parent a7f3c7869a
commit b6b9ffc050
158 changed files with 16272 additions and 809 deletions
--- a/src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/InlinePolicyEvaluationServiceTests.cs
+++ b/src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/InlinePolicyEvaluationServiceTests.cs
@@ -36,6 +36,11 @@ public sealed class InlinePolicyEvaluationServiceTests
            "policy-sha",
            "affected",
            7.1m,
+            null,
+            null,
+            null,
+            null,
+            1,
            new JsonObject { ["deprecated"] = "true" },
            Guid.NewGuid(),
            null,
@@ -68,6 +73,11 @@ public sealed class InlinePolicyEvaluationServiceTests
            "policy-sha",
            "accepted_risk",
            3.4m,
+            null,
+            null,
+            null,
+            null,
+            1,
            new JsonObject { ["runtime"] = "contained" },
            Guid.NewGuid(),
            "explain://existing",
--- a/src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/LedgerProjectionReducerTests.cs
+++ b/src/Findings/__Tests/StellaOps.Findings.Ledger.Tests/LedgerProjectionReducerTests.cs
@@ -32,6 +32,11 @@ public sealed class LedgerProjectionReducerTests
        var evaluation = new PolicyEvaluationResult(
            "triaged",
            6.5m,
+            null,
+            null,
+            null,
+            null,
+            1,
            (JsonObject)payload["labels"]!.DeepClone(),
            payload["explainRef"]!.GetValue<string>(),
            new JsonArray(payload["explainRef"]!.GetValue<string>()));
@@ -62,6 +67,11 @@ public sealed class LedgerProjectionReducerTests
            "policy-v1",
            "affected",
            5.0m,
+            null,
+            null,
+            null,
+            null,
+            1,
            new JsonObject(),
            Guid.NewGuid(),
            null,
@@ -82,6 +92,11 @@ public sealed class LedgerProjectionReducerTests
        var evaluation = new PolicyEvaluationResult(
            "accepted_risk",
            existing.Severity,
+            null,
+            null,
+            null,
+            null,
+            existing.RiskEventSequence,
            (JsonObject)existing.Labels.DeepClone(),
            null,
            new JsonArray());
@@ -110,6 +125,11 @@ public sealed class LedgerProjectionReducerTests
            "policy-v1",
            "triaged",
            7.1m,
+            null,
+            null,
+            null,
+            null,
+            1,
            labels,
            Guid.NewGuid(),
            null,
@@ -133,6 +153,11 @@ public sealed class LedgerProjectionReducerTests
        var evaluation = new PolicyEvaluationResult(
            "triaged",
            existing.Severity,
+            null,
+            null,
+            null,
+            null,
+            existing.RiskEventSequence,
            (JsonObject)payload["labels"]!.DeepClone(),
            null,
            new JsonArray());