PHP code example of laramint / php-security-scanner

1. Go to this page and download the library: Download laramint/php-security-scanner library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php. 
    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

laramint / php-security-scanner example snippets


// @php-security-ignore
echo $userHtml;                         // this line is suppressed

echo $safe; // @php-security-ignore     // end-of-line form, same effect

// @php-security-ignore-start
echo $a;                                // suppressed
echo $b;                                // suppressed
// @php-security-ignore-end
echo $c;                                // NOT suppressed

// @php-security-ignore-start xss.echo
echo $a;                                // XSS suppressed; SQL rules still active
// @php-security-ignore-end

// @php-security-ignore xss.echo       // rule-scoped single-line
echo $d;


use LaraMint\PhpSecurityScanner\Extension\Extension;
use LaraMint\PhpSecurityScanner\Rules\RuleRegistry;
use LaraMint\PhpSecurityScanner\Taint\{SourceRegistry, SinkRegistry, SanitizerRegistry};

final class MyExtension implements Extension
{
    public function name(): string { return 'my-framework'; }

    public function register(
        RuleRegistry $rules,
        SourceRegistry $sources,
        SinkRegistry $sinks,
        SanitizerRegistry $sanitizers,
    ): void {
        $sources->addMethod('App\\Http\\MyRequest', ['raw', 'all']);
        $sanitizers->addFunction('my_escape', ['html']);
        $rules->register(new MyCustomRule());
    }
}

bash
curl -fsSL https://github.com/laramint/php-security-scanner/releases/latest/download/php-security-scanner.phar \
    -o /usr/local/bin/php-security-scanner
chmod +x /usr/local/bin/php-security-scanner
php-security-scanner scan src/

bash
php-security-scanner scan [paths...] [options]

  --format=pretty|json|sarif|junit          (default: pretty)
  --severity-threshold=low|medium|high|critical  (suppress below)
  --fail-on=critical|high|medium|low|none   (CI gate; default: high)
  --config=PATH                             (.yaml, .yml, or .php; auto-discovers
                                             php-security-scanner.yaml/.yml/.php)
  --exclude=GLOB                            (repeatable)
  --rule=ID                                 (run only these; repeatable)
  --skip-rule=ID                            (skip these; repeatable)
  --baseline=baseline.json
  --update-baseline
  --output=PATH
  --extension=Fqcn\\To\\Extension           (repeatable)
  --no-progress
  --no-audit                                (skip composer.lock CVE audit)
  --audit-offline                           (use cached advisories only)
  --explain                                 (emit INFO notes for sinks the
                                             scanner considered but kept silent,
                                             naming the sanitizer/cast/method
                                             that cleared the taint)

php-security-scanner list-rules

json
"extra": {
    "php-security-scanner": {
        "extension": "MyVendor\\MyPackage\\MyExtension"
    }
}


$ php-security-scanner scan src/ --explain

[INFO] Considered XSS sink echo: silent — taint cleared by htmlspecialchars() sanitizer.
  src/Http/Controllers/UserController.php:42  (xss.echo, confidence: high, CWE-79)

[INFO] Considered SQL sink mysqli_query(): silent — taint cleared by (int) cast.
  src/Legacy/Reports.php:114  (sql.injection, confidence: high, CWE-89)

bash
git clone https://github.com/laramint/php-security-scanner.git
cd php-security-scanner
composer install
composer test          # PHPUnit
composer test:types    # PHPStan