SecurityAdvisory: highlight all advisories which match a version

src/Packagist/WebBundle/Controller/ApiController.php

@@ -255,12 +255,12 @@ class ApiController extends Controller
      *     methods={"GET", "POST"}
      * )
      */
-    public function securityAdvisoryAction(Request $request)
+    public function securityAdvisoryAction(Request $request): JsonResponse
     {
         $packageNames = array_values(array_filter(array_map(function (string $packageName) {
             return trim($packageName);
         }, explode(',', $request->get('packages')))));
-        $updatedSince = $request->query->get('updatedSince', 0);
+        $updatedSince = $request->query->getInt('updatedSince', 0);
 
         /** @var array[] $advisories */
         $advisories = $this->getDoctrine()->getRepository(SecurityAdvisory::class)->searchSecurityAdvisories($packageNames, $updatedSince);

src/Packagist/WebBundle/Controller/PackageController.php

@@ -1134,23 +1134,35 @@ class PackageController extends Controller
      *      requirements={"name"="([A-Za-z0-9_.-]+/[A-Za-z0-9_.-]+?|ext-[A-Za-z0-9_.-]+?)"}
      * )
      */
-    public function securityAdvisoriesAction(Request $req, $name)
+    public function securityAdvisoriesAction(Request $request, $name)
     {
-        $page = max(1, (int) $req->query->get('page', 1));
-
         /** @var SecurityAdvisoryRepository $repo */
         $repo = $this->getDoctrine()->getRepository(SecurityAdvisory::class);
         $securityAdvisories = $repo->getPackageSecurityAdvisories($name);
         $advisoryCount = count($securityAdvisories);
 
         $paginator = new Pagerfanta(new FixedAdapter($advisoryCount, $securityAdvisories));
-        $paginator->setMaxPerPage(100);
-        $paginator->setCurrentPage($page, false, true);
-
         $data['securityAdvisories'] = $paginator;
         $data['count'] = $advisoryCount;
         $data['name'] = $name;
 
+        $data['matchingAdvisories'] = [];
+        if ($versionId = $request->query->getInt('version')) {
+            $version = $this->getDoctrine()->getRepository(Version::class)->findOneBy([
+                'name' => $name,
+                'id' => $versionId,
+            ]);
+            if ($version) {
+                foreach ($securityAdvisories as $advisory) {
+                    $versionParser = new VersionParser();
+                    $affectedVersionConstraint = $versionParser->parseConstraints($advisory['affectedVersions']);
+                    if (!isset($data['hasVersionSecurityAdvisories'][$version->getId()]) && $affectedVersionConstraint->matches(new Constraint('=', $version->getNormalizedVersion()))) {
+                        $data['matchingAdvisories'] = $advisory['id'];
+                    }
+                }
+            }
+        }
+
         return $this->render('PackagistWebBundle:package:security_advisories.html.twig', $data);
     }
 

src/Packagist/WebBundle/Resources/public/css/main.css

@@ -1100,10 +1100,18 @@ input:focus:invalid:focus, textarea:focus:invalid:focus, select:focus:invalid:fo
 .package .package-aside i:hover {
   color: #a5aab0;
 }
-.package .package-aside i.advisory-alert {
-    color: #ff4533;
+.package .package-aside a.advisory-alert {
     margin-left: -20px;
 }
+.package .package-aside a.advisory-alert:hover, .package .package-aside a.advisory-alert:active {
+    text-decoration: none;
+}
+.package .package-aside a.advisory-alert i {
+    color: #ff4533;
+}
+.package .package-aside a.advisory-alert:hover i {
+    color: #cd3729;
+}
 
 .package .details-toggler.open, .package .details-toggler.open a, .package .details-toggler.open i {
   background: #f28d1a;

src/Packagist/WebBundle/Resources/translations/messages.en.yml

@@ -64,6 +64,8 @@ packages:
     suggesters: suggesters
     suggesters_title: Suggesters Packages
     from: "Packages from %vendor%"
+    security_advisory_title: Security Advisories
+    security_advisories: Security Advisories
 
 browse:
     packages: Packages

src/Packagist/WebBundle/Resources/views/package/security_advisories.html.twig

@@ -23,7 +23,7 @@
             {% if securityAdvisories|length %}
                 <ul class="packages list-unstyled">
                     {% for advisory in securityAdvisories %}
-                        <li class="row">
+                        <li class="row {% if advisory.id in matchingAdvisories %}selected{% endif %}">
                             <div class="col-xs-12 package-item">
                                 <div class="row">
                                     <div class="col-sm-8 col-lg-9">

src/Packagist/WebBundle/Resources/views/package/version_list.html.twig

@@ -11,7 +11,9 @@
                 </a>
 
                 {% if hasVersionSecurityAdvisories[version.id]|default(false) %}
-                    <i class="glyphicon glyphicon-alert advisory-alert" title="Version has security advisories"></i>
+                    <a class="advisory-alert" href="{{ path('view_package_advisories', {name: package.name, version: version.id}) }}">
+                        <i class="glyphicon glyphicon-alert " title="Version has security advisories"></i>
+                    </a>
                 {% endif %}
 
                 {% if deleteVersionCsrfToken is defined and deleteVersionCsrfToken is not empty %}