Download the PHP package psecio/iniscan without Composer

On this page you can find all versions of the php package psecio/iniscan. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package iniscan

Scanner for PHP.ini

Build Status Total Downloads

SensioLabsInsight

The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it is only for use on the command line and reports the results back to the display for both Pass and Fail on each test.

Installation

Using Composer

The only current dependency is the Symfony console.

Global Composer installation

Additionally, you can install it outside of a project with the global functionality Composer provides. From any directory you can use:

Using a single Phar file

First make sure you run composer.phar install

This should result in a iniscan.phar file being created in the root folder. Instead of using vendor/bin/iniscan in the examples use ./iniscan.phar instead.

Example

NOTE: When the scan runs, if it cannot find a setting in the php.ini given, it will use ini_get to pull the current setting (possibly the default).

Command line usage

Iniscan offers a few commands for both checking and showing the contents of your php.ini.

Scan

The scan command will be the most used - it runs the rules checks against the given ini file and reports back the results. For example:

If the path is omitted, iniscan will try to find it based off the current configuration (a "php -i" call). By default, this reports back both the pass and fail results of the checks. If you'd like to only return the failures, you can use the fail-only argument:

The scan command will return an exit code based on the results:

Scan Level Threshold

You can request the only scan for rules that are on or above a threshold:

There are 3 levels you can use:

Show

The show command lists out the contents of your php.ini file with a bit of extra formatting.

List

The list-tests command shows a listing of the current rules being checked and their related php.ini key.

Output formats

By default iniscan will output information directly to the console in a human-readable result. You can also specify other output formats that may be easier to parse programatically (like JSON). Use the --format option to change the output:

the list-tests command also supports JSON output:

NOTE: Currently, only the scan command supports alternate output formats - console, JSON, XML and HTML.

The HTML output option requires an --output option of the directory to write the file:

The result will be written to a file named something like iniscan-output-20131212.html

Contexts

The scanner also supports the concept of "contexts" - environments you may be executing the scanner in. For example, in your development environment, it may be okay to have display_errors on. In production, however, this is a bad idea. The scanner's default assumes you're using it in prod, so it uses the strictest checks unless you tell it otherwise. To do so, use the context command line option:

In this case, we've told it we're running in dev, so anything that specifically mentions "prod" isn't executed.

Deprecated reporting

As the scanner runs, it will compare the configuration key to a list of deprecated items. If the version is at or later than the version defined in the rules, an error will be shown in the output. For example, in the console, you'd see:

This is default behavior and does not need to be enabled.

@author Chris Cornutt [email protected]

Bitdeli Badge


All versions of iniscan with dependencies

PHP Build Version
Package Version
Requires php Version >=5.5.9
symfony/console Version ~3.0.2
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package psecio/iniscan contains the following files

Loading the files please wait ....