Path

projects / org / se7enxweb / sensiolabs-security-checker / git

Git

You can anonymously read the source code, study it's features and documentation by going to the GitHub repository directoy:

https://github.com/se7enxweb/sensiolabs-security-checker

You can anonymously check out the source code released by this project from its Git repository:

git clone https://github.com/se7enxweb/sensiolabs-security-checker.git

You may be able to anonymously check out the source code released by this project from its expected composer package:

composer require se7enxweb/sensiolabs-security-checker

To be able to commit changes to the project's repository, you need to be a member of the project.

Latest log messages

  • 09a3e8ef4a6db72ff6169a395ec55da6dbb324d6 on 24/08/2025 12:02 pm by 7x <info@se7enx.com> [GitHub Diff]
    Message:
  • 0441a3d3dc9a11cb8b951e250c3adba6cb5d0e7f on 24/08/2025 11:55 am by 7x <info@se7enx.com> [GitHub Diff]
    Message:
  • 789ae9a586bef6ec8261cad09c771627e57d13c2 on 14/01/2021 11:12 pm by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: Update README before archive
  • 4e0cea347f8971026b40c4444df339369a3d1643 on 14/07/2020 2:14 pm by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: minor #172 Add a note about the Github action (fabpot)

    This PR was merged into the 6.0-dev branch.

    Discussion
    ----------

    Add a note about the Github action

    Commits
    -------

    013d9f0 Add a note about the Github action
  • 013d9f09164f6a02a9c50af794f5d3a9600cfc43 on 14/07/2020 2:13 pm by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: Add a note about the Github action
  • 8e652a38ff7b0a96acad23c11774d0567bd909a6 on 01/01/2020 9:13 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: Bump license year
  • a576c01520d9761901f269c4934ba55448be4a54 on 01/11/2019 6:20 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: minor #168 Make security-checker compatible with Sf 5 (FabienSalles)

    This PR was merged into the 6.0-dev branch.

    Discussion
    ----------

    Make security-checker compatible with Sf 5

    Add return 0 when everything is fine on the security-checker command
    Add ^5.0 in composer.json for symfony dependencies
    #hackdayparis

    Commits
    -------

    8613e86 make security-checker compatible with Sf 5
  • 8613e86690ac8506ff99225bac75e53c4c9edfe3 on 30/10/2019 12:25 pm by FabienSalles <blacked19@gmail.com> [GitHub Diff]
    Message: make security-checker compatible with Sf 5

    Add return 0 when everything is fine
    Add ^5.0 in symfony dependencies
  • ce8d0552dcb8d3677ab9adb6d19a5837949bfec4 on 07/06/2019 11:46 pm by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: minor #164 Require ctype polyfill (BackEndTea)

    This PR was merged into the 6.0-dev branch.

    Discussion
    ----------

    Require ctype polyfill

    Fixes #163

    Commits
    -------

    d114d9b Require ctype polyfill
  • d114d9befa099f72ee933a8f8d5c5b1e8839df8e on 07/06/2019 5:11 am by Gert de Pagter <BackEndTea@users.noreply.github.com> [GitHub Diff]
    Message:
  • eb5141732b39ea852d2702fbdbc856344b99a12d on 04/06/2019 2:18 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: feature #155 Bootstrap version 6 (fabpot)

    This PR was merged into the 5.0-dev branch.

    Discussion
    ----------

    Bootstrap version 6

    closes #19
    closes #143
    closes #141

    Commits
    -------

    59de275 bootstrapped version 6
  • 59de275550ff3a3006db885752fff03945ddc8ed on 04/06/2019 2:17 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: bootstrapped version 6
  • 3de652566530d72e5515eeeafad6a3734956589a on 07/03/2019 3:19 pm by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: fixed CS
  • 46be3f58adac13084497961e10eed9a7fb4d44d1 on 19/12/2018 9:14 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: bug #146 Ignore case on HTTP header (HTTP/2 compatibility) - master branch (bytehead)

    This PR was merged into the 5.0-dev branch.

    Discussion
    ----------

    Ignore case on HTTP header (HTTP/2 compatibility) - master branch

    See #145

    As stated in the [RFC of HTTP/2](https://tools.ietf.org/html/rfc7540#section-8.1.2) header field names MUST be converted to lowercase.

    Commits
    -------

    a6fd4f8 ignore case on HTTP header (HTTP/2 compatibility, see #145)
  • a6fd4f857f70e36956a487577e5363b9c6a54a48 on 19/12/2018 12:31 am by David Greminger <david.greminger@1up.io> [GitHub Diff]
    Message:
  • 8ac0f700027b2cd38a9fa5230f84f5cbbde9d1b6 on 18/12/2018 8:17 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message:
  • 1f8fa1595c3836919486f8949228071b422735b7 on 18/12/2018 8:16 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: added a tip about using the Symfony CLI tool instead of the PHP version
  • 728f9fb0fe815003b3bcfd331d33106c0d8a6b1e on 09/12/2018 10:08 pm by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message:
  • ed737e08d69b500edd70bc32a0b40204d6a14996 on 09/12/2018 10:07 pm by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: fixed support for --no--ansi
  • 9ea927417c949039a9cfb0d92af76fd1c538d9e9 on 16/10/2018 3:30 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: bug #129 Fix empty error (fabpot)

    This PR was merged into the 5.0-dev branch.

    Discussion
    ----------

    Fix empty error

    Commits
    -------

    f679330 fixed empty error
  • f679330f99862b4a00d6b4591ac3ff6e0e0eaa3b on 15/10/2018 5:50 pm by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: fixed empty error
  • b0a9f44a22073352052c999b90f97e10181dfba8 on 10/10/2018 3:13 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: minor #127 Use HTTPS links (stof)

    This PR was merged into the 5.0-dev branch.

    Discussion
    ----------

    Use HTTPS links

    Commits
    -------

    4c4924e Use HTTPS links
  • 4c4924ebd3bc152f8da749bf0cf9786bbbd95ff0 on 10/10/2018 2:34 am by Christophe Coevoet <stof@notk.org> [GitHub Diff]
    Message:
  • 61a5c92f382e5b57e72d3e02d8cb2c158886df81 on 06/10/2018 5:35 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: fixed URL
  • df4625e39868ecf4e868355caf45352f566791db on 04/09/2018 12:02 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: Merge branch '4.1'

    * 4.1:
    moved to PSR-4
  • c7f90997cc505909ee9ec6c889dd675cd2f4e3ca on 04/09/2018 12:01 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: moved to PSR-4
  • 190703411bb90b82559061a6059132286ba3c5a3 on 12/07/2018 6:18 am by Fabien Potencier <fabien@potencier.org> [GitHub Diff]
    Message: feature #120 Set default crawler (maxhelias)

    This PR was merged into the 5.0-dev branch.

    Discussion
    ----------

    Set default crawler

    Set the default crawler if it is not defined in the constructor of SecurityChecker

    Commits
    -------

    b6baa79 Add default crawler
  • b6baa790a9b5e1f1368dcc29dcdd852430ab6aad on 11/07/2018 3:57 pm by Maxime Helias <maximehelias16@gmail.com> [GitHub Diff]
    Message: Add default crawler
  • b716e684413d776568c15446ae7f6b280ed30f7b on 28/02/2018 2:24 pm by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: feature #108 Remove cURL support (fabpot)

    This PR was squashed before being merged into the 5.0-dev branch (closes #108).

    Discussion
    ----------

    Remove cURL support

    cURL does not work anyway for our needs, so let's simplify everything and let's drop it.

    Commits
    -------

    f464dc5 fixed CS
    41e88e5 removed cURL support
  • f464dc5e2ccd2ad85fbf657ad322ca13284d46cb on 28/02/2018 2:23 pm by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: fixed CS
  • 41e88e5f25c6cfe49205e0dcd9e193bde41cfa49 on 28/02/2018 2:20 pm by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: removed cURL support
  • b71c81579fb7b49b133c0c1de3053bc72655eff4 on 28/02/2018 2:11 pm by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: merged 4.1
  • dc270d5fec418cc6ac983671dba5d80ffaffb142 on 28/02/2018 2:10 pm by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: bug #107 Add the possibility to force the used transport using an env var (tgalopin)

    This PR was merged into the 4.1 branch.

    Discussion
    ----------

    Add the possibility to force the used transport using an env var

    There are some issues with the cURL crawler due to a bug in cURL on old systems (https://github.com/curl/curl/pull/60). It would be nice to be able to force the usage of file_get_contents if needed.

    Commits
    -------

    7cf6c8c Add the possibility to force the used transport using an env var
  • 7cf6c8c197679f40334c9bd3c01e4fc9211c862a on 28/02/2018 2:07 pm by Titouan Galopin <galopintitouan@gmail.com> [GitHub Diff]
    Message: Add the possibility to force the used transport using an env var
  • b63b03efe98367d5d863cf5315f48752ebc8a479 on 10/01/2018 10:07 pm by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: Merge branch '4.1'

    * 4.1:
    Enable lazy loading of security:check command
  • d539ccba2b4dce515de04f16b7ed7ae5b9eeb434 on 10/01/2018 9:54 pm by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: minor #102 Enable lazy loading of security:check command (Tobion)

    This PR was merged into the 4.1 branch.

    Discussion
    ----------

    Enable lazy loading of security:check command

    Similar to https://github.com/symfony/recipes/pull/339 but this also lazy loads the command with console >=3.4 if someone does not use flex.

    Commits
    -------

    711d3c1 Enable lazy loading of security:check command
  • 711d3c1b858f051c936e92f0fb7d0b6e5585fb64 on 10/01/2018 2:52 pm by Tobias Schultze <webmaster@tubo-world.de> [GitHub Diff]
    Message:
  • dbb74ccad89a81b7bef96b4b8afffae7574c16ec on 29/10/2017 11:49 am by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: Merge branch '4.1'

    * 4.1:
    allowed Console 4.0
  • 387b6a3b723ba35588b33d5f8d14e28ed608bd30 on 29/10/2017 11:48 am by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: allowed Console 4.0
  • 1f607717efe88a8293135526d72a99aafc491e5d on 22/08/2017 3:21 pm by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: Merge branch '4.1'

    * 4.1:
    Fix setting certificate locations
  • 55553c3ad6ae2121c1b1475d4c880d71b31b8f68 on 22/08/2017 3:18 pm by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: bug #98 Fix setting certificate locations (David Arenas)

    This PR was submitted for the master branch but it was merged into the 4.1 branch instead (closes #98).

    Discussion
    ----------

    Fix setting certificate locations

    `CaBundle::getSystemCaRootBundlePath()` can return either the CA path or file.

    `CURLOPT_CAINFO` expects a file so when passing a path security-checker command fails.

    This is my system cert locations:

    ```
    $ php -r 'print_r(openssl_get_cert_locations());'
    Array
    (
    [default_cert_file] => /usr/lib/ssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /usr/lib/ssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /usr/lib/ssl/private
    [default_default_cert_area] => /usr/lib/ssl
    [ini_cafile] =>
    [ini_capath] => /usr/lib/ssl/certs
    )
    ```

    If I run `vendor/bin/security-checker -vvv security:check composer.lock`

    When using `CurlCrawler` I get the following error:
    > An error occurred: error setting certificate verify locations:
    > CAfile: /usr/lib/ssl/certs
    > CApath: /etc/ssl/certs.

    When using `FileGetContentsCrawler` I get the following error:
    > An error occurred: file_get_contents(https://security.sensiolabs.org/check_lock): failed to open stream: operation failed.

    Usage section of composer/ca-bundle recommends checking with is_dir:
    > https://github.com/composer/ca-bundle

    Commits
    -------

    824bb9e Fix setting certificate locations
  • 824bb9ed231279a71eeaad6a4484e5479dbe5f55 on 22/08/2017 3:18 pm by David Arenas <david.arenas@worldfirst.com> [GitHub Diff]
    Message: Fix setting certificate locations
  • 076b5f19e86ed85224e4cf9f51bf37ac4f7ff019 on 14/08/2017 11:49 am by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: Merge branch '4.1'

    * 4.1:
    added proper error when server sends back garbage
    fixed support for older composer.lock format
  • 72f4238707071459a6680854c8c74a0ebb999549 on 14/08/2017 11:42 am by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: bug #97 Add proper error when server sends back garbage (fabpot)

    This PR was merged into the 4.1 branch.

    Discussion
    ----------

    Add proper error when server sends back garbage

    Commits
    -------

    43be78b added proper error when server sends back garbage
  • 43be78b250265c066488657aad1749defc1c6e26 on 14/08/2017 11:19 am by Fabien Potencier <fabien.potencier@gmail.com> [GitHub Diff]
    Message: added proper error when server sends back garbage

Useful Git links