raffaelecarelle / php-security-scanner
A PHP security code analyzer that finds vulnerabilities and suggests fixes
Installs: 0
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 0
Forks: 0
Open Issues: 0
Type:project
Requires
- php: >=7.4
- nikic/php-parser: ^4.15
- symfony/console: ^5.4
- symfony/finder: ^5.4
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.84
- phpunit/phpunit: ^9.5
This package is auto-updated.
Last update: 2025-07-29 15:24:18 UTC
README
A command-line tool that analyzes PHP code for security vulnerabilities and suggests how to fix them.
Features
- Detects common security vulnerabilities in PHP code:
- SQL Injection
- Cross-Site Scripting (XSS)
- Command Injection
- Provides detailed information about each vulnerability:
- File path and line number
- Code snippet
- Description of the vulnerability
- Severity level
- Suggestions on how to fix the vulnerability
- Supports multiple output formats:
- Text (console-friendly with colors)
- JSON
- Can analyze individual files or entire directories recursively
- Can save reports to a file
Requirements
- PHP 7.4 or higher
- Composer
Installation
Via Composer (recommended)
composer require security/code-analyzer
Manual Installation
- Clone the repository:
git clone https://github.com/yourusername/php-security-code-analyzer.git
cd php-security-code-analyzer
- Install dependencies:
composer install
- Make the executable file executable:
chmod +x bin/security-analyzer
Usage
Basic Usage
Analyze a single file:
./bin/security-analyzer analyze path/to/file.php
Analyze a directory recursively:
./bin/security-analyzer analyze path/to/directory
Output Formats
By default, the tool outputs a text report to the console. You can change the output format using the --format
or -f
option:
./bin/security-analyzer analyze path/to/file.php --format=json
Supported formats:
text
(default): Console-friendly text output with colorsjson
: JSON output
Save Report to File
You can save the report to a file using the --output
or -o
option:
./bin/security-analyzer analyze path/to/file.php --output=report.txt
Specify File Extensions
By default, the tool analyzes files with the .php
extension. You can specify additional file extensions using the --extensions
or -e
option:
./bin/security-analyzer analyze path/to/directory --extensions=php,phtml,inc
Full Command Reference
Description:
Analyze PHP code for security vulnerabilities
Usage:
analyze [options] [--] <path>
Arguments:
path Path to the file or directory to analyze
Options:
-f, --format=FORMAT Output format (text, json) [default: "text"]
-o, --output=OUTPUT Output file (if not specified, output to stdout)
-e, --extensions=EXTENSIONS Comma-separated list of file extensions to analyze [default: "php"]
-h, --help Display help for the given command
Examples
Analyze a Single File
./bin/security-analyzer analyze src/login.php
Analyze a Directory with Custom Extensions
./bin/security-analyzer analyze src --extensions=php,phtml,inc
Generate a JSON Report and Save to File
./bin/security-analyzer analyze src --format=json --output=security-report.json
Architecture
The tool follows SOLID principles and Clean Code practices:
- Single Responsibility Principle: Each class has a single responsibility
- Open/Closed Principle: The tool is open for extension (new scanners, reporters) but closed for modification
- Liskov Substitution Principle: Subtypes can be substituted for their base types
- Interface Segregation Principle: Clients only depend on the interfaces they use
- Dependency Inversion Principle: High-level modules depend on abstractions, not concrete implementations
The main components are:
- Vulnerability: Represents a security vulnerability found in the code
- Scanner: Scans code for specific types of vulnerabilities
- Analyzer: Coordinates the scanning process
- Reporter: Generates reports in different formats
Contributing
Contributions are welcome! Here's how you can contribute:
- Fork the repository
- Create a feature branch:
git checkout -b feature/my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin feature/my-new-feature
- Submit a pull request
Testing
Run the tests using PHPUnit:
composer test
License
This project is licensed under the MIT License - see the LICENSE file for details.