phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code. It currently has core PHP rules as well as Drupal 7-specific rules. The tool also checks for CVE issues and security advisories related to the CMS/framework. This enables you to follow the versioning of components during static code analysis. The main reason for this project being an extension of PHP_CodeSniffer is to have easy integration into continuous integration systems. It also allows for finding security bugs that are not detected with some object-oriented analysis (such as PHPMD). phpcs-security-audit in its beginning was backed by Pheromone (later on named Floe Design + Technologies) and written by Jonathan Marcil. Requires PHP CodeSniffer version 3.1.0 or higher with PHP 5.4 or higher.
Features
- Requires PHP CodeSniffer version 3.1.0 or higher with PHP 5.4 or higher
- Simply set the standard to Security or point to any XML ruleset file and to a folder to scan
- ParanoiaMode: set to 0 to reduce false positive. set to 1 (default) to be a lot more verbose
- As with the normal PHP CodeSniffer rules, customization is provided in the XML files
- It currently has core PHP rules as well as Drupal 7 specific rules
- The tool also checks for CVE issues and security advisories related to the CMS/framework
Project Samples
