local-php-security-checker
Infection
Our great sponsors
local-php-security-checker | Infection | |
---|---|---|
5 | 10 | |
1,148 | 1,975 | |
- | 0.6% | |
2.9 | 8.3 | |
2 days ago | 11 days ago | |
Go | PHP | |
GNU Affero General Public License v3.0 | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
local-php-security-checker
-
What are some helpful tools every Laravel CI pipeline should have?
test -d local-php-security-checker || curl -L https://github.com/fabpot/local-php-security-checker/releases/download/v1.2.0/local-php-security-checker_1.2.0_linux_amd64 --output local-php-security-checker chmod +x local-php-security-checker ./local-php-security-checker
-
Unknown error running php bin/console security:check
The best alternative to use now is to download a local-security-checker binary (https://github.com/fabpot/local-php-security-checker/releases), saving it in the bin folder, and running that binary (via bin/local-php-security-checker).
-
PHP libraries and tools
Local PHP Security Checker: PHP security vulnerabilities checker
-
Laravel QR Code Generator Infected with Malware
It looks like they utilize this repo for advisories: https://github.com/FriendsOfPHP/security-advisories/ -- via https://symfony.com/blog/the-php-security-checker-as-a-docker-image
-
Why does validating a user require 14000 files?
https://github.com/fabpot/local-php-security-checker
I agree, composer is not perfect, but before it was worse.
Infection
-
Who tests the tests? Mutation testing with Infection in PHP
Obviously, we can not generate mutants manually. For that purpose, there are mutation testing utilities. For PHP, we have Infection.
-
PHP libraries and tools
Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit
Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit
-
I created a package to encourage developers in my team to write tests. What do you think? Any feedback? Thanks!
If you want to enforce testing automatically probably the best option is to rely on mutation testing, using Infection. That doesn't just check that the tests cover the code, it checks that if the code was different to what it is then the tests would (usually) fail.
-
Collecting line, branch, and path coverage with PHPUnit
IMO code coverage is a very flawed metric on its own. A high percentage doesn't guarantee that the tests actually test the right things, and it would be much more efficient if mutation testing was used (e.g. Infection). It still uses the generated code coverage reports, but only as a base for its own metrics.
-
Am I writing the right kinds of (unit) tests? See below for an example. Thanks!
For your last edit - you can also add infection which will infect your code with other values, like if you expect a positive number, it will try and inject a negative number - and see what happens - does your code break everything or something. Also it will try to inject false where you might expect a true and many many other things, and yes you will get some weird results from infection, but its a good thing to look at, and atleast check the logs and see why the infection failed at a test.
- I'm looking for "complex" or "advanced" topics that don't get enough coverage
-
Codewars Kata. It uses 100 random tests for a boolean.
The only one that I've used is infection for PHP.
-
Verify your true code coverage by removing lines of PHP code, see if it affects PHPUnit results
That's practically a light form of mutant testing. Have you checked Infection?
What are some alternatives?
SecurityAdvisories - :closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily
Pest - Pest is an elegant PHP testing Framework with a focus on simplicity, meticulously designed to bring back the joy of testing in PHP.
Spout - Read and write spreadsheet files (CSV, XLSX and ODS), in a fast and scalable way
rector-laravel - Rector upgrades rules for Laravel
ComposerRequireChecker - A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies
php-mysql-engine - A MySQL engine written in pure PHP
GrumPHP - A PHP code-quality tool
ParaTest - :computer: Parallel testing for PHPUnit
google-api-php-client-services
psalm-plugin-phpunit - A PHPUnit plugin for Psalm
google-api-php-client - A PHP client library for accessing Google APIs
churn-php - Discover files in need of refactoring.