Unverified Commit e1b93214 authored by alexpott's avatar alexpott
Browse files

Issue #2992631 by dww, swatichouhan012, tedbow, jungle, xjm: Update report...

Issue #2992631 by dww, swatichouhan012, tedbow, jungle, xjm: Update report incorrectly recommends security releases for old minors when a security update is needed and a secure version of the old minor is also available
parent e5b0277a
...@@ -709,9 +709,13 @@ public function securityUpdateAvailabilityProvider() { ...@@ -709,9 +709,13 @@ public function securityUpdateAvailabilityProvider() {
'expected_update_message_type' => static::UPDATE_NONE, 'expected_update_message_type' => static::UPDATE_NONE,
'fixture' => 'sec.8.x-1.2_8.x-2.2', 'fixture' => 'sec.8.x-1.2_8.x-2.2',
], ],
'8.x-2.0, 8.x-1.2 8.x-2.2' => [
'module_patch_version' => '8.x-2.0',
'expected_security_releases' => ['8.x-2.2'],
'expected_update_message_type' => static::SECURITY_UPDATE_REQUIRED,
'fixture' => 'sec.8.x-1.2_8.x-2.2',
],
// @todo In https://www.drupal.org/node/2865920 add test cases: // @todo In https://www.drupal.org/node/2865920 add test cases:
// - 8.x-2.0 using fixture 'sec.8.x-1.2_8.x-2.2' to ensure that 8.x-2.2
// is the only security update.
// - 8.x-3.0-beta1 using fixture 'sec.8.x-1.2_8.x-2.2' to ensure that // - 8.x-3.0-beta1 using fixture 'sec.8.x-1.2_8.x-2.2' to ensure that
// 8.x-2.2 is the only security update. // 8.x-2.2 is the only security update.
]; ];
......
...@@ -355,6 +355,14 @@ public function securityUpdateAvailabilityProvider() { ...@@ -355,6 +355,14 @@ public function securityUpdateAvailabilityProvider() {
'expected_update_message_type' => static::UPDATE_NONE, 'expected_update_message_type' => static::UPDATE_NONE,
'fixture' => 'sec.0.2-rc2', 'fixture' => 'sec.0.2-rc2',
], ],
// Ensure that 8.0.2 security release is not shown because it is earlier
// version than 1.0.
'1.0, 0.2 1.2' => [
'site_patch_version' => '1.0',
'expected_security_releases' => ['1.2', '2.0-rc2'],
'expected_update_message_type' => static::SECURITY_UPDATE_REQUIRED,
'fixture' => 'sec.0.2-rc2',
],
]; ];
$pre_releases = [ $pre_releases = [
'2.0-alpha1', '2.0-alpha1',
...@@ -365,24 +373,25 @@ public function securityUpdateAvailabilityProvider() { ...@@ -365,24 +373,25 @@ public function securityUpdateAvailabilityProvider() {
'2.0-rc2', '2.0-rc2',
]; ];
// If the site is on an alpha/beta/RC of an upcoming minor and none of the
// alpha/beta/RC versions are marked insecure, no security update should be
// required.
foreach ($pre_releases as $pre_release) { foreach ($pre_releases as $pre_release) {
// If the site is on an alpha/beta/RC of an upcoming minor and none of the
// alpha/beta/RC versions are marked insecure, no security update should
// be required.
$test_cases["Pre-release:$pre_release, no security update"] = [ $test_cases["Pre-release:$pre_release, no security update"] = [
'site_patch_version' => $pre_release, 'site_patch_version' => $pre_release,
'expected_security_releases' => [], 'expected_security_releases' => [],
'expected_update_message_type' => $pre_release === '2.0-rc2' ? static::UPDATE_NONE : static::UPDATE_AVAILABLE, 'expected_update_message_type' => $pre_release === '2.0-rc2' ? static::UPDATE_NONE : static::UPDATE_AVAILABLE,
'fixture' => 'sec.0.2-rc2-b', 'fixture' => 'sec.0.2-rc2-b',
]; ];
// If the site is on an alpha/beta/RC of an upcoming minor and there is
// an RC version with a security update, it should be recommended.
$test_cases["Pre-release:$pre_release, security update"] = [
'site_patch_version' => $pre_release,
'expected_security_releases' => $pre_release === '2.0-rc2' ? [] : ['2.0-rc2'],
'expected_update_message_type' => $pre_release === '2.0-rc2' ? static::UPDATE_NONE : static::SECURITY_UPDATE_REQUIRED,
'fixture' => 'sec.0.2-rc2',
];
} }
// @todo In https://www.drupal.org/node/2865920 add test cases:
// - For all pre-releases for 8.2.0 except 8.2.0-rc2 using the
// 'sec.0.2-rc2' fixture to ensure that 8.2.0-rc2 is the only security
// update.
// - For 8.1.0 using fixture 'sec.0.2-rc2' to ensure that only security
// updates are 8.1.2 and 8.2.0-rc2.
return $test_cases; return $test_cases;
} }
......
...@@ -390,13 +390,14 @@ function update_calculate_project_update_status(&$project_data, $available) { ...@@ -390,13 +390,14 @@ function update_calculate_project_update_status(&$project_data, $available) {
]; ];
} }
} }
// Other than the currently installed release, ignore unpublished, insecure,
// Otherwise, ignore unpublished, insecure, or unsupported releases. // or unsupported updates.
if ($release['status'] == 'unpublished' || elseif ($release['status'] == 'unpublished' ||
!$is_in_supported_branch($release['version']) || !$is_in_supported_branch($release['version']) ||
(isset($release['terms']['Release type']) && (isset($release['terms']['Release type']) &&
(in_array('Insecure', $release['terms']['Release type']) || (in_array('Insecure', $release['terms']['Release type']) ||
in_array('Unsupported', $release['terms']['Release type'])))) { in_array('Unsupported', $release['terms']['Release type'])))
) {
continue; continue;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment