Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 7 additions & 12 deletions src/Commands/WardenAuditCommand.php
Original file line number Diff line number Diff line change
Expand Up @@ -184,17 +184,10 @@ protected function runSequentialAudits(bool $isMachineOutput = false): int

protected function processResults(array $allFindings, array $abandonedPackages, bool $hasFailures): int
{
$totalBeforeFilter = count($allFindings);
$severityOption = $this->option('severity');

if ($severityOption && is_string($severityOption)) {
$validLevels = ['low', 'medium', 'high', 'critical'];
if (!in_array($severityOption, $validLevels, true)) {
$this->error(sprintf('Invalid severity level: %s. Valid levels: %s', $severityOption, implode(', ', $validLevels)));
return 2;
}

$allFindings = $this->filterBySeverity($allFindings, $severityOption);
// Apply severity filtering if specified
if ($this->option('severity')) {
$severityOption = $this->option('severity');
$allFindings = $this->filterBySeverity($allFindings, (string) $severityOption);
}

$this->handleAbandonedPackages($abandonedPackages);
Expand Down Expand Up @@ -319,7 +312,9 @@ protected function initializeAuditServices(): array
*/
protected function handleAuditFailure(object $service): void
{
$serviceName = method_exists($service, 'getName') ? $service->getName() : 'Unknown service';
$serviceName = $service instanceof \Dgtlss\Warden\Services\Audits\AbstractAuditService || $service instanceof CustomAuditWrapper
? $service->getName()
: 'Unknown service';
$this->error($serviceName . ' audit failed to run.');
if ($service instanceof ComposerAuditService) {
$findings = $service->getFindings();
Expand Down
3 changes: 2 additions & 1 deletion src/Services/Audits/DebugModeAuditService.php
Original file line number Diff line number Diff line change
Expand Up @@ -108,9 +108,10 @@ private function getInstalledPackages(): array
private function hasExposedTestingRoutes(): bool
{
$routeCollection = \Route::getRoutes();
$routes = iterator_to_array($routeCollection, false);

// Check debugbar routes separately as they're allowed when APP_DEBUG is true
foreach ($routeCollection as $route) {
foreach ($routes as $route) {
$uri = $route->uri();
if (str_starts_with($uri, '_debugbar')) {
// Only flag debugbar routes as exposed if APP_DEBUG is false and there's no protective middleware
Expand Down