SensioLabs Security Check
Safe
| SensioLabs Security Check | Safe | |
|---|---|---|
| 4 | 7 | |
| 2,012 | 2,306 | |
| 0.4% | 0.4% | |
| 7.8 | 0.0 | |
| 10 days ago | 5 days ago | |
| PHP | PHP | |
| The Unlicense | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SensioLabs Security Check
-
PHP libraries and tools
Local PHP Security Checker: PHP security vulnerabilities checker
-
Laravel Security Alerts
We use snyk, but I have found symfonys security checker to be the quickest to catch vulns: https://github.com/fabpot/local-php-security-checker
- Is Laravel still simple?
-
Typosquatting Malware Found in Composer Repository
Yeah, see github https://github.com/FriendsOfPHP/security-advisories/issues/587. The source is also removed from https://github.com/robotchanchan/
Safe
-
PHP libraries and tools
thecodingmachine/safe: All PHP functions, rewritten to throw exceptions instead of returning false
-
Oh boy here we go again…
There are workarounds with some third party libraries, but yeah, it's a pain.
- Which inconsistences of PHP annoy you the most?
-
Any ideas about why json_encode would return empty for a request on local dev, but not empty on server?
- try not to use the built-in json_encode, as it doesnt have proper error handling. Use instead this: https://github.com/thecodingmachine/safe and Safe\json_encode()
-
Native defer & errdefer
Not what you asked for, in modern codebases it's advised to use things like https://github.com/thecodingmachine/safe
-
Use namespaced functions to replace native functions - github.com/rezen/proxyz
The goal of https://github.com/thecodingmachine/safe is different than proxyz. My goal is a method proxy that allows you to override or watch the behaviour of a function from the "global namespace" effortlessly.
-
preg_last_error() and json_last_error()
Safe-PHP redeclares all core PHP functions (in a new namespace) to throw exceptions properly. I use this on almost every project now.
What are some alternatives?
HTML Purifier - Standards compliant HTML filter written in PHP
PHP Dotenv - Loads environment variables from `.env` to `getenv()`, `$_ENV` and `$_SERVER` automagically.
ZAP - The ZAP core project
Symfony VarDumper - Provides mechanisms for walking through any arbitrary PHP variable
PHP IDS - PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application
Expose - A beautiful, fully open-source, tunneling service - written in pure PHP
PHP SSH - An experimental object oriented SSH api in PHP
phpstan-safe-rule - A PHPStan rule to be used with the thecodingmachine/safe package
IniScan - A php.ini scanner for best security practices
Symfony Dotenv - Registers environment variables from a .env file
AntiXSS - ㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
Yo! Symfony TOML - A PHP parser for TOML