SensioLabs Security Check
Infection
SensioLabs Security Check | Infection | |
---|---|---|
4 | 11 | |
2,012 | 1,983 | |
0.4% | 0.7% | |
7.8 | 8.5 | |
10 days ago | 22 days ago | |
PHP | PHP | |
The Unlicense | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SensioLabs Security Check
-
PHP libraries and tools
Local PHP Security Checker: PHP security vulnerabilities checker
-
Laravel Security Alerts
We use snyk, but I have found symfonys security checker to be the quickest to catch vulns: https://github.com/fabpot/local-php-security-checker
- Is Laravel still simple?
-
Typosquatting Malware Found in Composer Repository
Yeah, see github https://github.com/FriendsOfPHP/security-advisories/issues/587. The source is also removed from https://github.com/robotchanchan/
Infection
-
PHP: testing, "Attention please!"
consider adding mutation tests
-
Who tests the tests? Mutation testing with Infection in PHP
Obviously, we can not generate mutants manually. For that purpose, there are mutation testing utilities. For PHP, we have Infection.
-
PHP libraries and tools
Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit
Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit
-
I created a package to encourage developers in my team to write tests. What do you think? Any feedback? Thanks!
If you want to enforce testing automatically probably the best option is to rely on mutation testing, using Infection. That doesn't just check that the tests cover the code, it checks that if the code was different to what it is then the tests would (usually) fail.
-
Collecting line, branch, and path coverage with PHPUnit
IMO code coverage is a very flawed metric on its own. A high percentage doesn't guarantee that the tests actually test the right things, and it would be much more efficient if mutation testing was used (e.g. Infection). It still uses the generated code coverage reports, but only as a base for its own metrics.
-
Am I writing the right kinds of (unit) tests? See below for an example. Thanks!
For your last edit - you can also add infection which will infect your code with other values, like if you expect a positive number, it will try and inject a negative number - and see what happens - does your code break everything or something. Also it will try to inject false where you might expect a true and many many other things, and yes you will get some weird results from infection, but its a good thing to look at, and atleast check the logs and see why the infection failed at a test.
- I'm looking for "complex" or "advanced" topics that don't get enough coverage
-
Codewars Kata. It uses 100 random tests for a boolean.
The only one that I've used is infection for PHP.
-
Verify your true code coverage by removing lines of PHP code, see if it affects PHPUnit results
That's practically a light form of mutant testing. Have you checked Infection?
What are some alternatives?
HTML Purifier - Standards compliant HTML filter written in PHP
Pest - Pest is an elegant PHP testing Framework with a focus on simplicity, meticulously designed to bring back the joy of testing in PHP.
ZAP - The ZAP core project
rector-laravel - Rector upgrades rules for Laravel
PHP IDS - PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application
php-mysql-engine - A MySQL engine written in pure PHP
PHP SSH - An experimental object oriented SSH api in PHP
ParaTest - :computer: Parallel testing for PHPUnit
IniScan - A php.ini scanner for best security practices
psalm-plugin-phpunit - A PHPUnit plugin for Psalm
AntiXSS - ㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
churn-php - Discover files in need of refactoring.