Download the PHP package phith0n/chip without Composer
On this page you can find all versions of the php package phith0n/chip. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Vendor phith0n
Package chip
Short Description a simple tool to detect potential security threat in php code
License MIT
Homepage https://github.com/phith0n/chip
Package chip
Short Description a simple tool to detect potential security threat in php code
License MIT
Homepage https://github.com/phith0n/chip
FAQ
After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.
Example:
Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories.
In this case some credentials are needed to access such packages.
Please use the auth.json textarea to insert credentials, if a package is coming from a private repository.
You can look here for more information.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?
Informations about the package chip
Chip - 发现所有PHP动态特性安全隐患
工具介绍
用一些简单的问题来介绍Chip工具。
这个工具是做什么的?
PHP源代码静态分析,发掘所有可能由于动态特性导致的安全隐患。
什么是“动态特性”?
一段代码,其使用变量作为参数,且改变变量的值将可能导致这段代码发生功能上的变化,我将这种现象成为“PHP的动态特性”。
例如:
例如:
例如:
Chip是不是一个webshell检测工具?
不是。Chip只对扫描的代码提出安全建议,并不会判断这段代码是否是webshell。
Chip是不是一个自动化代码审计工具?
不是。Chip只对扫描的代码提出安全建议,不会分析上下文是否有用户输入,安全隐患点是否可控等。
Chip适合在哪些场景下使用?
- 在开发中,在持续集成阶段对开发者提交的代码进行安全性检查,并给出修改意见
- 在代码审计中,发现可能存在的代码活命令执行漏洞
- Wargame比赛中对流量、新的Web文件进行扫描
Chip不适合扫描哪些代码
- Web框架的库文件(不要扫描
/vendor/中的文件),原因是有的库使用了很多黑魔法,可能涉及到大量动态特性 - 业务中的确使用了很多动态特性的代码
安装与使用
命令行下使用
直接下载PHAR包,使用命令行调用:
生成html报告:
使用API调用
使用composer安装:
使用:
应该参考的项目
All versions of chip with dependencies
PHP Build Version
Package Version
Requires
php Version
>=7.1.4
ext-json Version *
ext-dom Version *
ext-libxml Version *
nikic/php-parser Version ^4.1
myclabs/php-enum Version ^1.6
symfony/finder Version ^4.2
php-di/php-di Version ^6.0
symfony/console Version ^4.2
twig/twig Version ^2.0
ext-json Version *
ext-dom Version *
ext-libxml Version *
nikic/php-parser Version ^4.1
myclabs/php-enum Version ^1.6
symfony/finder Version ^4.2
php-di/php-di Version ^6.0
symfony/console Version ^4.2
twig/twig Version ^2.0
The package phith0n/chip contains the following files
Loading the files please wait ....