1. Go to this page and download the library: Download vartroth/php-security-lint library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
vartroth / php-security-lint example snippets
use PhpSecurityLint\SecurityLinter;
$linter = new SecurityLinter();
// Set custom exclude patterns
$linter->setExcludePatterns(['*/vendor/*', '*/cache/*']);
// Enable strict mode
$linter->setStrictMode(true);
// Add custom insecure function
$linter->addInsecureFunction('my_debug_function', 'Custom debug function');
// Lint a directory
$result = $linter->lint('/path/to/project');
// Check results
if ($result->hasIssues()) {
foreach ($result->getViolations() as $violation) {
echo $violation->getMessage() . "\n";
}
}
// security-lint-config.php
return [
'exclude_patterns' => [
'*/vendor/*',
'*/cache/*',
'*/storage/logs/*',
],
'custom_functions' => [
'dd' => 'Laravel debug function - should not be used in production',
'dump' => 'Symfony debug function - should not be used in production',
],
'strict_mode' => false,
];
bash
composer global
bash
# Scan a directory
./vendor/bin/php-security-lint /path/to/your/project
# Scan a single file
./vendor/bin/php-security-lint /path/to/file.php
+----------------+------+----------+----------+--------------------------------------------------+
| File | Line | Function | Severity | Reason |
+----------------+------+----------+----------+--------------------------------------------------+
| example.php | 15 | var_dump | MEDIUM | Debug function that should not be used in prod.. |
| another.php | 23 | eval | HIGH | Code evaluation function - high security risk |
+----------------+------+----------+----------+--------------------------------------------------+
Summary: 7 violations in 3 files