phpcs-security-audit icon indicating copy to clipboard operation
phpcs-security-audit copied to clipboard

verified publisher icon FloeDesignTechnologies

Metadata

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

Results 28 phpcs-security-audit issues
Sort by recently updated
recently updated
newest added

Create abcd

rijubasak avatar rijubasak

file_put_contents warning about dynamic parameter

I get phpcs: PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem: Filesystem function file_put_contents() detected with dynamic parameter with this: file_put_contents('test.txt', 1, FILE_APPEND); So FILE_APPEND is a dynamic parameter? If its the content or filename, i would...

tebulrich avatar tebulrich

Callback functions warnings

Hi! Is it ok that the ruleset complains about every `array_filter`, `array_map`, `array_reduce` call? What's wrong with functions supporting callbacks when those callbacks are explicitly passed as closures?

GinoPane avatar GinoPane

Add support for native function imports

The following code fails to scan due to line 6 (use function usort). ````php

smrhoney avatar smrhoney

Installation instructions not working

1 comment

From a fresh build of Ubuntu 20 LTS with 7.4, running `composer install` after cloning produces: ``` Loading composer repositories with package information Updating dependencies Your requirements could not be...

foreground-randall avatar foreground-randall

Potential vulnerabilities are being hidden with concatenation

Variables, constants and function calls are not included in the report if concatenated with something which has already been included. Is there any way to override this behaviour other than...

carlnewton avatar carlnewton

Composer: update PHPCS Composer plugin dependency

1 comment

The DealerDirect Composer plugin has just released version `0.7.0`. This new version includes support for Composer 2.0.0 (upcoming) and allows for installation of the plugin in combination with PHP 8...

jrfnl avatar jrfnl

Update security rulesets

Hello. It is possible, to update security rules? I found in the example_base_ruleset.xml two rules: ``` ``` Could you update or send any recommendations - how to update? :) Only...

karol-bialkowski avatar karol-bialkowski

Travis: add build against PHP 8.0

1 comment

PHP 8.0 has been branched off two months ago, so `nightly` is now PHP 8.1 and in the mean time PHP 8.0 was released last week. As of today, there...

jrfnl avatar jrfnl

Create new release to fix deprecation warnings

8 comment

Anyone installing phpcs-security-audit via Composer now gets warnings like this: > Deprecation Notice: Class PHPCS_SecurityAudit\Sniffs\Drupal8\CVE20132110Sniff located in ./vendor/pheromone/phpcs-security-audit/Security/Sniffs/CVE/20132110Sniff.php does not comply with psr-4 autoloading standard. It will not autoload anymore...

danepowell avatar danepowell

Metadata

702
Stars
86
Forks
Watchers

Owner

verified publisher icon FloeDesignTechnologies

Metadata

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

Back