austinheap/php-security-txt

A package for manipulating `security.txt` documents in PHP 7+, based on configuration settings.

v0.4.0 2017-11-22 18:36 UTC

README

php-security-txt banner from the documentation

License Current Release Total Downloads Build Status Dependency Status Scrutinizer CI StyleCI Maintainability Test Coverage SensioLabs

A package for manipulating security.txt documents in PHP 7+, based on configuration settings.

The purpose of this project is to create a set-it-and-forget-it package that can manipulate documents following the current security.txt spec. It is therefore highly opinionated but built for configuration.

security.txt is a draft "standard" which allows websites to define security policies. This "standard" sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of robots.txt, but for security issues.

There is documentation for php-security-txt online, the source of which is in the docs/ directory. The most logical place to start are the docs for the SecurityTxt class.

Table of Contents

Installation

Step 1: Composer

Via Composer command line:

$ composer require austinheap/php-security-txt

Or add the package to your composer.json:

{
    "require": {
        "austinheap/php-security-txt": "0.3.*"
    }
}

Step 2: Manipulate a security.txt document

To programatically create a security.txt document, you could do:

require_once 'vendor/autoload.php';

$writer = new \AustinHeap\Security\Txt\Writer;

print $writer->setContact('me@austinheap.com')
             ->setEncryption('http://some.url/pgp.key')
             ->setDisclosure('full')
             ->setAcknowledgement('http://some.url/acks')
             ->getText();

Which should output:

# Our security address
Contact: me@austinheap.com

# Our PGP key
Encryption: http://some.url/pgp.key

# Our disclosure policy
Disclosure: Full

# Our public acknowledgement
Acknowledgement: http://some.url/acks

#
# Generated by "php-security-txt" v0.3.2 (https://github.com/austinheap/php-security-txt/releases/tag/v0.3.2)
# in 0.041008 seconds on 2017-10-26 20:31:25.
#

Unit Tests

This package has aggressive unit tests built with PHPUnit.

There are code coverage reports for php-security-txt available online.

References

Credits

This is a fork of austinheap/laravel-security-txt, which was a fork of InfusionWeb/laravel-robots-route, which was a fork of ellisthedev/laravel-5-robots, which was a fork of jayhealey/Robots, which was based on earlier work.

License

The MIT License (MIT). Please see License File for more information.