Make HtaccessTest composer fixtures valid json to avoid breaking tooling

Created on 21 May 2020, about 4 years ago
Updated 17 February 2023, over 1 year ago

HtaccessTest includes a number of empty file fixtures used to detect if the htaccess file is correctly configured - among those are composer.json and composer.lock.

There are many security, compliance, license policy and other tools that recursively scan for package management manifests (since they need to work in a variety of environments and on tools with multiple/nested software stacks).

Having an empty file can break these tools - for example Trivy fails with failed to get libraries: error with var/www/html/html/core/modules/system/tests/fixtures/HtaccessTest/composer.lock: EOF. Composer (which may be called with composer outdated --minor-only for example) with "./composer.json" does not contain valid JSON.

Having files exist that breaks tooling raises the barrier for adoption and leads to workarounds - adding 2 characters to each file doesn't affect the function of HtaccessTest.

πŸ› Bug report
Status

Fixed

Version

10.1 ✨

Component
SystemΒ  β†’

Last updated 1 day ago

No maintainer
Created by

πŸ‡ΊπŸ‡ΈUnited States Owen Barton

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024