Static code analysis for Laravel

Jun 30, 2020 by Thibault Debatty | 3002 views

PHP Laravel

https://cylab.be/blog/82/static-code-analysis-for-laravel

In a previous blog post we presented PHPStan, a static code analyzer for PHP. If you are developing a Laravel application, you can of course use PHPStan to validate your code. However, Laravel has a lot of subtleties and auto-magic that make static code analysis challenging. This is where Larastan comes into play: a wrapper around PHPStan that adds support specifically for Laravel.

Installation

As usual, with composer:

composer require --dev nunomaduro/larastan

Then you have to create a configuration file called phpstan.neon :

includes:
    - ./vendor/nunomaduro/larastan/extension.neon

parameters:
    paths:
        - app

    level: 5

This file uses neon syntax, which is actually pretty similar to yaml.

Usage

You are now all set to use phpstan for your Laravel project.

vendor/bin/phpstan analyze

Larastan

Levels, rules and GitLab integration

There is a lot that can be configured in PHPStan. You can find all details in our previous blog post on PHPStan.

Fully customizable emails using Laravel 9
With the release of Laravel 9, the Swift Mailer (that is no longer maintained) has been replaced by the Symfony Mailer. You can already find some useful information about this change along all the other ones in the Upgrade Guide from Laravel 8.x to 9.0. However this guide does not contain enough information if you want to send fully customized emails. This blog post proposes you a solution coming directly from the Symfony documentation!
SQL injection with SQLMap
Code injection is one of the most critical web application vulnerabilities. Indeed, the consequences of code injection can be dramatic (impact). Moreover, still today a lot of web applications are vulnerable to code injection (frequency). Finally, some tools like SQLMap allow to automatically detect and use these vulnerabilities (exploitation). For this reason, the vulnerability is listed in the top 10 published by the Open Web Application Security Project (OWASP) [1]. In this blog post, we will present one type of code injection, called SQL injection, and we will show how to perform a SQL injection attack with SQLMap.
Filter USB devices with udev (and some PHP code)
USB devices can be a liability : they can be used to exfiltrate data from a computer or server, to plug a hardware keylogger, or to plant a malware. Hence on a managed computer, USB devices should be filtered and whitelisted. In this blog post we show how this can be achieved thanks to udev, and some PHP code.
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept