phppro/audit-lib

PHPPRO Audit Lib

1.1.0 2014-07-08 22:42 UTC

README

Build Status

This library provide support for handling with auditing source code It is basically a tool to define list of tools to execute (composed of steps) with support for various existing audit tools (mainly for PHP world). The library is generic and basic, but it provide several presets audit as well

The "audit pipeline" is composed of several steps :

  • init
  • grab
  • tag
  • analyze
  • parse
  • compute
  • aggregate
  • rank
  • summarize
  • alert
  • historize
  • generate
  • package
  • backup
  • publish
  • clean

These steps are executed in that specific order. By default, no actions are done in each steps, you must add specific actions by your own, depending on the type of audit your are doing. Predefined types of audits exist, for you to load an entire audit strategy.

This library provides you with the ability to define specific plugin to execute in each of these steps, either by adding an existing/provided plugin or by creating a new one :

$audit = new Audit();

$audit->addGrabber(new Grabber\Filesystem\CurrentDirectory());

$audit->addParser(new Parser\Size());

$audit->addGenerator(new Generator\File\Csv());

$audit->run();

Of course, for each steps, you can add multiple plugins :

...
$audit->addGrabber(new Grabber\Filesystem\Directory('src'));
$audit->addGrabber(new Grabber\Filesystem\Directory('test'));
...
$audit->addPublisher(new Publisher\Http('http://someurl', 'get'));
$audit->addPublisher(new Publisher\Email('olivier@phppro.fr', "The result of your audit", "...", array(new Artifact('audit-report.pdf'))));
...

Several predefined sets of configuration are available, and named "types". You can load an entire predefined configuration by adding a type :

$audit = new Audit();

$audit->addType(new Type\Php\Basic());

$audit->addPublisher(new Publisher\Email('olivier@phppro.fr', "The result of your audit", "...", array(new Artifact('report.csv')));

$audit->run();

You can add extra source parser to your audit, even if your already loaded an existing audit type :

$audit = new Audit();

$audit->addType(new Type\Php\Basic());

$audit->addParser(new My\ExoticParser());

...

$audit->run();

As each step are optional (i.e. are executed but can contain no plugins), you can retrieve the "result" of the audit without doing publishing at the end :

$audit = new Audit();

...

$result = $audit->run();