violinist-dev/symfony-cloud-security-checker

symfony cli 安全检查器的包装器

维护者

详细信息

github.com/violinist-dev/symfony-cloud-security-checker

源代码

问题

安装量: 164,886

依赖者: 0

建议者: 0

安全: 0

星标: 0

关注者: 2

分支: 0

开放问题: 0

2.0.0 2022-08-17 17:39 UTC

Requires

Requires (Dev)

MIT 123e826b8a31b27dce8b808e05a66a5800210a86

  • Eirik S. Morland <eirik.woop@morland.no>

This package is auto-updated.

Last update: 2024-09-10 18:13:53 UTC

README

Test Coverage Status Violinist enabled

包装 symfony 命令,以便我们可以使用本地缓存来检查安全更新。

为什么?

因为如果你尝试使用像 sensiolabs 安全检查器(https://github.com/sensiolabs/security-checker / https://security.symfony.com/)这样的服务,它有一个速率限制。symfony 命令使用本地缓存。

安装

composer require violinist-dev/symfony-cloud-security-checker

你还需要下载 symfony 客户端 并将其添加到你的 $PATH 环境变量中。

使用方法

$checker = new \Violinist\SymfonyCloudSecurityChecker\SecurityChecker();
$directory = '/my/project/directory/with/composer/lock/file';
try {
    $result = $checker->checkDirectory($directory);
    // Result will now be an array keyed with projects that has security advisories. Like so, for the example in the
    // tests (dompdf/dompdf):
    //array (
    //    'dompdf/dompdf' =>
    //        array (
    //            'version' => 'v0.6.0',
    //            'advisories' =>
    //                array (
    //                    0 =>
    //                        array (
    //                            'title' => 'PHP remote file inclusion vulnerability in dompdf.php',
    //                            'link' => 'https://github.com/dompdf/dompdf/releases/tag/v0.6.2',
    //                            'cve' => 'CVE-2010-4879',
    //                        ),
    //                    1 =>
    //                        array (
    //                            'title' => 'Arbitrary file read in dompdf',
    //                            'link' => 'https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/',
    //                            'cve' => 'CVE-2014-2383',
    //                        ),
    //                    2 =>
    //                        array (
    //                            'title' => 'Information Disclosure',
    //                            'link' => 'https://github.com/dompdf/dompdf/releases/tag/v0.6.2',
    //                            'cve' => 'CVE-2014-5011',
    //                        ),
    //                    3 =>
    //                        array (
    //                            'title' => 'Denial Of Service Vector',
    //                            'link' => 'https://github.com/dompdf/dompdf/releases/tag/v0.6.2',
    //                            'cve' => 'CVE-2014-5012',
    //                        ),
    //                    4 =>
    //                        array (
    //                            'title' => 'Remote Code Execution (complement of CVE-2014-2383)',
    //                            'link' => 'https://github.com/dompdf/dompdf/releases/tag/v0.6.2',
    //                            'cve' => 'CVE-2014-5013',
    //                        ),
    //                ),
    //        ),
    //)
}
catch (Exception $e) {
    // This can happen if you do not have the symfony command installed, and available in your PATH.
    // It can also happen if the command itself creates unexpected output. Like it probably would if you ran it for the
    // first time without an internet connection, for example.
}