You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+11-9Lines changed: 11 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,8 @@
1
-
About
2
-
=====
1
+
phpcs-security-audit v2
2
+
=======================
3
3
4
+
About
5
+
-----
4
6
phpcs-security-audit is a set of [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) rules that finds vulnerabilities and weaknesses related to security in PHP code.
5
7
6
8
It currently has core PHP rules as well as Drupal 7 specific rules.
@@ -15,7 +17,7 @@ phpcs-security-audit is backed by [Floe design + technologies](https://floedesig
15
17
16
18
17
19
Install
18
-
=====
20
+
-------
19
21
20
22
Requires [PHP CodeSniffer](http://pear.php.net/package/PHP_CodeSniffer/) version 3.x with PHP 5.4 or higher.
21
23
@@ -30,14 +32,15 @@ composer install
30
32
The package is also on [Packagist](https://packagist.org/packages/pheromone/phpcs-security-audit):
31
33
```
32
34
composer require pheromone/phpcs-security-audit
35
+
sh vendor/pheromone/phpcs-security-audit/symlink.sh
If you want to integrate it all with Jenkins, go see http://jenkins-php.org/ for extensive help.
37
40
38
41
39
42
Usage
40
-
=====
43
+
-----
41
44
42
45
Simply point to any XML ruleset file and a folder:
43
46
```
@@ -63,8 +66,7 @@ FOUND 16 ERROR(S) AND 15 WARNING(S) AFFECTING 22 LINE(S)
63
66
64
67
```
65
68
66
-
Drupal details
67
-
--------------
69
+
#### Drupal note
68
70
69
71
For the Drupal AdvisoriesContrib you need to change your `/etc/php5/cli/php.ini` to have:
70
72
```
@@ -76,7 +78,7 @@ Please note that only Drupal modules downloaded from drupal.org are supported. I
76
78
77
79
78
80
Customize
79
-
=========
81
+
---------
80
82
As in normal PHP CodeSniffer rules, customization is provided in the XML files that are in the top folder of the project.
81
83
82
84
These global parameters are used in many rules:
@@ -89,7 +91,7 @@ In some case you can force the paranoia mode on or off with the parameter `force
89
91
90
92
91
93
Specialize
92
-
==========
94
+
----------
93
95
94
96
If you want to fork and help or just do your own sniffs you can use the utilities provided by phpcs-security-audit rules in order to facilitate the process.
95
97
@@ -120,7 +122,7 @@ If you implement any public cms/framework customization please make a pull reque
120
122
121
123
122
124
Annoyances
123
-
==========
125
+
----------
124
126
125
127
As any security tools, this one comes with it's share of annoyance. At first a focus on finding vulnerabilities will be done, but later it is planned to have a phase where efforts will be towards reducing annoyances, in particular with the number of false positives.
0 commit comments