Updating Silex to the latest version 2.3.0

- There are a number of outstanding Dependabot alerts on our symfony/*
dependencies from our current version of Silex. This update resolves
all of them.

- There are three outstanding SimpleSAMLPHP CVEs that we are unable to
address via simply upgrading to a fixed version. Therefor to remediate
these threats I've included patches that will be applied in the
pre-build step of RPM generation ( `open_xdmod/modules/xdmod/build.json`
). Below is a list of the CVE's, the corresponding fix in
SimpleSAMLPHP's github repo, the patch file to resolve the CVE and any
notes.
  - CVE-2020-5301: Information disclosure of source code in
    SimpleSAMLphp.
    - GitHub: simplesamlphp/simplesamlphp@47968d2
    - `open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5031.diff`
    - Notes: The file that is patched in the original commit does not
      exist in our version of the library so I identified the equivalent
      file in our library, `www/errorreport.php`, and updated that
      instead.
  - CVE-2020-5225: Log injection in SimpleSAMLphp
    - Github: simplesamlphp/simplesamlphp@4623851
    - `open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5225.diff`

- `open_xdmod/modules/xdmod/assets/setup.sh`
  - removing lines that are either no longer accurate ( echo ) or commented
    out ( composer install )
- `open_xdmod/modules/xdmod/build.json`
  - Since the build process happens twice during a CI build, once during the
    initial build and again during the qa tests for the build test, and we are
    patching files in vendor/simplesamlphp/simplesamlphp we need to make sure
    that we start fresh for each build.
- `tests/ci/qa-test-setup.sh`
  - Added some code to capture the `COMPOSER` env variable before changing it so
    that we can reset it to the original value after the qa setup process is
    done.

.circleci/config.yml

@@ -72,9 +72,8 @@ jobs:
             cp /etc/xdmod/portal_settings.ini ./configuration/portal_settings.ini
             cp /etc/xdmod/organization.json ./configuration/organization.json
       - run:
-          name: Setup & Run QA Tests
-          command: |
-            ./tests/ci/scripts/qa-test-setup.sh
+          name: backup project directory for testing.
+          command: tar -cf ./xdmod.tar.gz *
       - run:
           name: Clear out command-line PHP errors generated by composer installs
           command: >

.editorconfig

@@ -24,3 +24,6 @@ trim_trailing_whitespace = false
 
 [*.yml]
 indent_size = 2
+
+[*.yaml]
+indent_size = 2

classes/Rest/Controllers/BaseControllerProvider.php

@@ -8,7 +8,7 @@
 use Rest\Utilities\Authorization;
 use Silex\Application;
 use Silex\ControllerCollection;
-use Silex\ControllerProviderInterface;
+use Silex\Api\ControllerProviderInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\ResponseHeaderBag;

classes/Rest/XdmodApplicationFactory.php

@@ -7,7 +7,6 @@
 use Rest\Controllers\BaseControllerProvider;
 use Rest\Utilities\Authentication;
 use Silex\Application;
-use Silex\Provider\UrlGeneratorServiceProvider;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -64,7 +63,7 @@ public static function getInstance()
         $app['debug'] = filter_var(\xd_utilities\getConfiguration('general', 'debug_mode'), FILTER_VALIDATE_BOOLEAN);
 
         // REGISTER: a URL Generator.
-        $app->register(new UrlGeneratorServiceProvider());
+        $app->register(new \Silex\Provider\RoutingServiceProvider());
 
         // SET: the regex that will be used to filter the API_SYMBOL in a route.
         //      in this case we're using it as our base url.
@@ -74,14 +73,14 @@ public static function getInstance()
         // representing the latest version.
         $app['controllers']->value(self::API_SYMBOL, 'latest');
 
-        $app['logger.db'] = $app->share(function () {
+        $app['logger.db'] = function () {
             return \CCR\Log::factory('rest.logger.db', array(
                 'console' => false,
                 'file' => false,
                 'mail' => false,
                 'dbLogLevel' => \CCR\Log::INFO
             ));
-        });
+        };
 
         $app->before(function (Request $request, Application $app) {
             $request->attributes->set('timing.start', microtime(true));
@@ -226,7 +225,7 @@ public static function getInstance()
         }
 
         // SETUP: error handler
-        $app->error(function (\Exception $e, $code) use ($app) {
+        $app->error(function (\Exception $e, Request $request, $code) {
             if($code == 405 && strtoupper($_SERVER['REQUEST_METHOD']) === 'OPTIONS' && array_key_exists('HTTP_ORIGIN', $_SERVER)){
                 try {
                     $corsDomains = \xd_utilities\getConfiguration('cors', 'domains');

composer.json

@@ -16,7 +16,7 @@
         "phpmailer/phpmailer": "~6.9",
         "robrichards/xmlseclibs": "~3.0",
         "sencha/extjs-gpl": "3.4.*",
-        "silex/silex": "~1.2",
+        "silex/silex": "v2.3.0",
         "simplesamlphp/simplesamlphp": "^1.16",
         "symfony/polyfill-php56": "~1.11",
         "symfony/process": "~2.0",
@@ -30,7 +30,7 @@
         "kassner/log-parser": "~1.5",
         "geoip2/geoip2": "~2.0",
         "ua-parser/uap-php": "^3.9",
-        "mongodb/mongodb": "^1.14"
+        "mongodb/mongodb": "1.19.0"
     },
     "require-dev": {
         "phpunit/phpunit": "^9.0",
@@ -208,7 +208,8 @@
         "secure-http": false,
         "allow-plugins": {
             "composer/installers": true,
-            "simplesamlphp/composer-module-installer": true
+            "simplesamlphp/composer-module-installer": true,
+            "dealerdirect/phpcodesniffer-composer-installer": true
         }
     },
     "autoload": {