austinheap/php-security-txt

This package is abandoned and no longer maintained. No replacement package was suggested.

A package for manipulating `security.txt` documents in PHP 7+, based on configuration settings.

Maintainers

Details

github.com/austinheap/php-security-txt

Homepage

Source

Issues

Installs: 206

Dependents: 1

Suggesters: 0

Security: 0

Stars: 8

Watchers: 1

Forks: 0

Open Issues: 0

v0.4.0 2017-11-22 18:36 UTC

Requires

  • php: >=7.0.0

Requires (Dev)

MIT d2967acf6df9f45291a52212ef0080b026ec0b96

routesecuritysecurity.txt

This package is auto-updated.

Last update: 2021-04-29 00:57:11 UTC

README

php-security-txt banner from the documentation

License Current Release Total Downloads Build Status Dependency Status Scrutinizer CI StyleCI Maintainability Test Coverage SensioLabs

A package for manipulating security.txt documents in PHP 7+, based on configuration settings.

The purpose of this project is to create a set-it-and-forget-it package that can manipulate documents following the current security.txt spec. It is therefore highly opinionated but built for configuration.

security.txt is a draft "standard" which allows websites to define security policies. This "standard" sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of robots.txt, but for security issues.

There is documentation for php-security-txt online, the source of which is in the docs/ directory. The most logical place to start are the docs for the SecurityTxt class.

Table of Contents

Installation

Step 1: Composer

Via Composer command line:

$ composer require austinheap/php-security-txt

Or add the package to your composer.json:

{
    "require": {
        "austinheap/php-security-txt": "0.3.*"
    }
}

Step 2: Manipulate a security.txt document

To programatically create a security.txt document, you could do:

require_once 'vendor/autoload.php';

$writer = new \AustinHeap\Security\Txt\Writer;

print $writer->setContact('me@austinheap.com')
             ->setEncryption('http://some.url/pgp.key')
             ->setDisclosure('full')
             ->setAcknowledgement('http://some.url/acks')
             ->getText();

Which should output:

# Our security address
Contact: me@austinheap.com

# Our PGP key
Encryption: http://some.url/pgp.key

# Our disclosure policy
Disclosure: Full

# Our public acknowledgement
Acknowledgement: http://some.url/acks

#
# Generated by "php-security-txt" v0.3.2 (https://github.com/austinheap/php-security-txt/releases/tag/v0.3.2)
# in 0.041008 seconds on 2017-10-26 20:31:25.
#

Unit Tests

This package has aggressive unit tests built with PHPUnit.

There are code coverage reports for php-security-txt available online.

References

Credits

This is a fork of austinheap/laravel-security-txt, which was a fork of InfusionWeb/laravel-robots-route, which was a fork of ellisthedev/laravel-5-robots, which was a fork of jayhealey/Robots, which was based on earlier work.

License

The MIT License (MIT). Please see License File for more information.