Help you do secure coding; detect security smell; prevent vulnerability from SDLC phase. It works only on Windows OS as for now.
Installation/Update rules:
- You must have Composer. If not, please download here (https://getcomposer.org/Composer-Setup.exe) and install
- Open CMD/terminal, copy-paste this command (to install/update detection rules [detect security smells]):
(IF EXIST "%userprofile%\AppData\Roaming\Composer\vendor\squizlabs\php_codesniffer\src\Standards\laravel_security_sniffer" (RMDIR /S /Q "%userprofile%\AppData\Roaming\Composer\vendor\squizlabs\php_codesniffer\src\Standards\laravel_security_sniffer") ELSE (echo "folder tidak ditemukan, but it's OK")) && composer global require "squizlabs/php_codesniffer=*" && cd %userprofile%\Downloads && curl -L "https://github.com/anghilmi/laravel_security_sniffer_rule/archive/main.tar.gz" | tar -xzf - && MOVE /Y %userprofile%\Downloads\laravel_security_sniffer_rule-main "%userprofile%\AppData\Roaming\Composer\vendor\squizlabs\php_codesniffer\src\Standards\laravel_security_sniffer"
Build extension:
cd /to/project/path
npm install
Windows Powershell >> run as administrator
Get-ExecutionPolicy
Set-ExecutionPolicy Unrestricted
a
vsce package
output: *.VSIX file
I tailored these 8 rules to prevent vulnerability on Laravel based web project; based on experiences, discussion with another devs, some refs like Laravel docs, OWASP Laravel cheat sheet, and so on. (And may be there are future update).
Laravuln: Website Perpustakaan Berbasis Laravel 9 yang sengaja dibuat rentan/vulnerable. Dipakai untuk edukasi, simulasi beragam jenis serangan dan antisipasinya.