Check your PHP dependencies for vulnerabilities

Feb 4, 2021 by Thibault Debatty | 3539 views

PHP

https://cylab.be/blog/126/check-your-php-dependencies-for-vulnerabilities

Enlightn Security Checker is a composer tool that uses the Security Advisories Database to check your dependencies for known vulnerabilities. It is actually the same database that is used by GitHub Action "PHP Security Checker". Here is how you can use it locally or with GitLab.

Installation and usage

Installation is a classical composer require:

composer require --dev enlightn/security-checker

To check your dependencies:

./vendor/bin/security-checker security:check [path/to/composer.lock]

If no vulnerability was found in your dependencies, the tool will simply return with an exit code 0 (and show nothing). However, if one or more vulnerabilities are found it will list the vulnerabilities in json format, and return with an exit code 1.

GitLab

Here is a job you can add to your .gitlab-ci.yaml:

test:dependencies:
  image: cylab/php72
  script:
    # in cylab/php72, security-checker is already installed...
    - ~/.composer/vendor/bin/security-checker security:check composer.lock

Obviously, new vulnerabilities may be discovered at any time, not only when you push changes to your repository. So you should add a job schedule for your project pipeline in CI / CD > Schedules:

This blog post is licensed under CC BY-SA 4.0

Use phpunit to test your PHP project
So you are developing some PHP code? Beter make sure it works as expected! In this blog post we will show how to quickly get started with phpunit to automatically test your code...
Mar 17, 2024 | 823 views
Fully customizable emails using Laravel 9
With the release of Laravel 9, the Swift Mailer (that is no longer maintained) has been replaced by the Symfony Mailer. You can already find some useful information about this change along all the other ones in the Upgrade Guide from Laravel 8.x to 9.0. However this guide does not contain enough information if you want to send fully customized emails. This blog post proposes you a solution coming directly from the Symfony documentation!
Feb 1, 2023 | 2853 views
SQL injection with SQLMap
Code injection is one of the most critical web application vulnerabilities. Indeed, the consequences of code injection can be dramatic (impact). Moreover, still today a lot of web applications are vulnerable to code injection (frequency). Finally, some tools like SQLMap allow to automatically detect and use these vulnerabilities (exploitation). For this reason, the vulnerability is listed in the top 10 published by the Open Web Application Security Project (OWASP) [1]. In this blog post, we will present one type of code injection, called SQL injection, and we will show how to perform a SQL injection attack with SQLMap.
Jan 11, 2023 | 2205 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept