Skip to content

/ local-php-security-checker

PHP security vulnerabilities checker

github.com/friendsofphp/security-advisories
AGPL-3.0 License
425 stars 17 forks
Star
Watch
main
1 branch 1 tag
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

@fabpot
fabpot bug #2 Handle path prefixed with tilde sign `~` (HazemNoor)
556ccf8 Feb 1, 2021
bug #2 Handle path prefixed with tilde sign `~` (HazemNoor) 
This PR was merged into the main branch.

Discussion
----------

Handle path prefixed with tilde sign `~`

Expands the path to include the home directory if the path is prefixed with `~`

If we pass path parameter including tilde sign `~` it won't work
`local-php-security-checker --path=~/path/to/php/project`

So we have to use the full path
`local-php-security-checker --path=/home/user/path/to/php/project`
or use this form instead
`local-php-security-checker --path ~/path/to/php/project`

This PR makes this form possible
`local-php-security-checker --path=~/path/to/php/project`

Commits
-------

52e29c4 Handle path prefixed with tilde sign `~`
556ccf8

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
Add initial set of files
Jan 15, 2021
security
Handle path prefixed with tilde sign `~`
Jan 16, 2021
.gitignore
Add initial set of files
Jan 15, 2021
.goreleaser.yml
Add initial set of files
Jan 15, 2021
LICENSE
Add initial set of files
Jan 15, 2021
README.md
Add initial set of files
Jan 15, 2021
go.mod
Handle path prefixed with tilde sign `~`
Jan 16, 2021
go.sum
Handle path prefixed with tilde sign `~`
Jan 16, 2021
main.go
Add initial set of files
Jan 15, 2021

README.md

Local PHP Security Checker

The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with known security vulnerabilities. It uses the Security Advisories Database behind the scenes.

Download a binary from the Releases page on Github, rename it to local-php-security-checker and make it executable.

From a directory containing a PHP project that uses Composer, check for known vulnerabilities by running the binary without arguments or flags:

$ local-php-security-checker

You can also pass a --path to check a specific directory:

$ local-php-security-checker --path=/path/to/php/project
$ local-php-security-checker --path=/path/to/php/project/composer.lock

By default, the output is optimized for terminals, change it via the --format flag (supported formats: ansi, markdown, json, and yaml):

$ local-php-security-checker --format=json

When running the command, it checks for an updated vulnerability database and downloads it from Github if it changed since the last run. If you want to avoid the HTTP round-trip, use --local. To force a database update without checking for a project, use --update-cache.

About

PHP security vulnerabilities checker

github.com/friendsofphp/security-advisories

Topics

php security packagist composer

Resources

Readme

License

AGPL-3.0 License

Releases 1

v1.0.0 Latest
Jan 15, 2021

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 2

Languages