├── .gitignore
├── LICENSE
├── README.md
├── composer.json
└── src
    ├── Console
        └── CheckCommand.php
    └── ServiceProvider.php


/.gitignore:
--------------------------------------------------------------------------------
1 | /bootstrap/compiled.php
2 | .env.*.php
3 | .env.php
4 | .env
5 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Laravel Security Checker
 2 | [![Latest Stable Version](https://poser.pugx.org/lowerends/laravel-security-checker/v/stable)](https://packagist.org/packages/lowerends/laravel-security-checker) [![Total Downloads](https://poser.pugx.org/lowerends/laravel-security-checker/downloads)](https://packagist.org/packages/lowerends/laravel-security-checker) [![Latest Unstable Version](https://poser.pugx.org/lowerends/laravel-security-checker/v/unstable)](https://packagist.org/packages/lowerends/laravel-security-checker) [![License](https://poser.pugx.org/lowerends/laravel-security-checker/license)](https://packagist.org/packages/lowerends/laravel-security-checker)
 3 | 
 4 | This package makes it easy to integrate the [Symfony Security Advisories Checker](https://security.sensiolabs.org/) into your Laravel project. It exposes an artisan command to check against the [Security Advisories Database](https://security.sensiolabs.org/database).
 5 | 
 6 | ## Installation
 7 | 
 8 | Require this package with composer:
 9 | 
10 | ```
11 | composer require lowerends/laravel-security-checker
12 | ```
13 | 
14 | Then, add the ServiceProvider to the providers array in `config/app.php`:
15 | 
16 | ```
17 | 'providers' => [
18 |    ...
19 |    'Lowerends\SecurityChecker\ServiceProvider',
20 | ```
21 | 
22 | ## Usage
23 | 
24 | You can now check your Laravel project for known security issues by running the following artisan command:
25 | 
26 | ```
27 | artisan security:check
28 | ```
29 | 
30 | A convenient way to use this command is to add it to the post-update scripts in your project's `composer.json` file (extracted from the default Laravel `composer.json` file):
31 | 
32 | ```
33 | ...
34 | "scripts": {
35 |     "post-install-cmd": [
36 |             "php artisan clear-compiled",
37 |             "php artisan optimize"
38 |         ],
39 |         "pre-update-cmd": [
40 |             "php artisan clear-compiled"
41 |         ],
42 |         "post-update-cmd": [
43 |             "php artisan optimize",
44 |             "php artisan security:check"
45 |         ],
46 |         "post-root-package-install": [
47 |             "php -r \"copy('.env.example', '.env');\""
48 |         ],
49 |         "post-create-project-cmd": [
50 |             "php artisan key:generate"
51 |         ]
52 | },
53 | ...
54 | ```
55 | 
56 | The output will tell you if there are known security issues and if so, list them in order for you to take the necessary actions.
57 | 
58 | ## License
59 | 
60 | The Laravel Security Checker is open-sourced software licensed under the [MIT license](http://opensource.org/licenses/MIT).
61 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "lowerends/laravel-security-checker",
 3 |     "description": "The Symfony Security Advisories Checker for Laravel",
 4 |     "keywords": ["laravel", "symfony", "security", "advisories", "checker", "cli"],
 5 |     "license": "MIT",
 6 |     "require": {
 7 |         "php": ">=5.5.9",
 8 |         "illuminate/support": "5.1.*",
 9 |         "sensiolabs/security-checker": "3.x"
10 |     },
11 |     "autoload": {
12 |         "psr-4": {
13 |             "Lowerends\\SecurityChecker\\": "src/"
14 |         }
15 |     },
16 |     "minimum-stability": "dev"
17 | }
18 | 


--------------------------------------------------------------------------------
/src/Console/CheckCommand.php:
--------------------------------------------------------------------------------
 1 | <?php namespace Lowerends\SecurityChecker\Console;
 2 | 
 3 | use Illuminate\Console\Command;
 4 | use SensioLabs\Security\SecurityChecker;
 5 | use SensioLabs\Security\Exception\RuntimeException;
 6 | 
 7 | class CheckCommand extends Command
 8 | {
 9 |     protected $name = 'security:check';
10 | 
11 |     protected $description = 'Check your Laravel project for known security advisories';
12 | 
13 |     public function __construct()
14 |     {
15 |         parent::__construct();
16 |     }
17 | 
18 |     public function fire()
19 |     {
20 |         $checker = new SecurityChecker();
21 | 
22 |         try
23 |         {
24 |             $alerts = $checker->check(base_path() . '/composer.lock');
25 | 
26 |             if (!empty($alerts))
27 |             {
28 |                 foreach ($alerts as $package => $alert)
29 |                 {
30 |                     $this->error('Security advisories found!');
31 | 
32 |                     $this->info('======================');
33 | 
34 |                     $this->info('Package: ' . $package);
35 | 
36 |                     foreach ($alert['advisories'] as $advisory)
37 |                     {
38 |                         $this->info('Version: ' . $alert['version']);
39 | 
40 |                         $this->info('Title: ' . $advisory['title']);
41 | 
42 |                         $this->info('Link: ' . $advisory['link']);
43 | 
44 |                         if($advisory['cve'] != "")
45 |                         {
46 |                             $this->info('CVE: ' . $advisory['cve']);
47 |                         }
48 |                     }
49 |                 }
50 | 
51 |             }
52 |             else
53 |             {
54 |                 $this->info('No security advisories found!');
55 |             }
56 |         }
57 |         catch (RuntimeException $e)
58 |         {
59 |             $this->error('Security check failed: ' . $e->getMessage());
60 |         }
61 |     }
62 | }
63 | 


--------------------------------------------------------------------------------
/src/ServiceProvider.php:
--------------------------------------------------------------------------------
 1 | <?php namespace Lowerends\SecurityChecker;
 2 | 
 3 | class ServiceProvider extends \Illuminate\Support\ServiceProvider
 4 | {
 5 |     /**
 6 |      * Indicates if loading of the provider is deferred.
 7 |      *
 8 |      * @var bool
 9 |      */
10 |     protected $defer = false;
11 | 
12 |     /**
13 |      * Register the service provider.
14 |      *
15 |      * @return void
16 |      */
17 |     public function register()
18 |     {
19 |         $this->app['command.security-checker.check'] = $this->app->share(
20 |             function ($app) {
21 |                 return new Console\CheckCommand();
22 |             }
23 |         );
24 | 
25 |         $this->commands(['command.security-checker.check']);
26 |     }
27 | 
28 |     /**
29 |      * Get the services provided by the provider.
30 |      *
31 |      * @return array
32 |      */
33 |     public function provides()
34 |     {
35 |         return ['command.security-checker.check'];
36 |     }
37 | }
38 | 


--------------------------------------------------------------------------------