php-security-linter

3 Commits 1 Branch 1 Tag

Author	SHA1	Message	Date
Yutaka Kurosaki	30f2983102	Reduce XSS false positives for safe URL helpers and model IDs Skip XSS detection for: - Safe URL helpers: route(), url(), asset(), secure_asset(), secure_url(), static_url(), action(), mix(), vite() - Null coalesce with safe helpers: $var ?? url(...) - Model ID patterns: $model->id (typically safe integers) These patterns are unlikely to be user-controllable and create noise that obscures real vulnerabilities. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 18:50:41 +09:00
Yutaka Kurosaki	b1cbddfa76	Fix: handle missing values for options like -s, -f, -o, -l, -d When options that require values (e.g., -s, -f) are followed by another flag (e.g., -s -c), the parser set them to boolean true instead of their expected string value, causing TypeError. Now these options properly fall back to defaults when no value is provided. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 15:24:30 +09:00
Yutaka Kurosaki	6280290898	Initial commit: PHP/Laravel Security Linter v1.0.0 A static security analysis tool for PHP and Laravel applications with recursive taint analysis capabilities. Features: - Comprehensive vulnerability detection (XSS, SQL Injection, Command Injection, Path Traversal, CSRF, Authentication issues) - Recursive taint analysis across function calls - Blade template analysis with context-aware XSS detection - Smart escape detection and escape bypass detection - Syntax highlighting in terminal output - Multi-language support (Japanese/English) - Docker support for easy deployment - Multiple output formats (text, JSON, HTML, SARIF, Markdown) - CI/CD integration ready (GitHub Actions, GitLab CI) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 15:18:53 +09:00

Author

SHA1

Message

Date

Yutaka Kurosaki

30f2983102

Reduce XSS false positives for safe URL helpers and model IDs

Skip XSS detection for:
- Safe URL helpers: route(), url(), asset(), secure_asset(),
  secure_url(), static_url(), action(), mix(), vite()
- Null coalesce with safe helpers: $var ?? url(...)
- Model ID patterns: $model->id (typically safe integers)

These patterns are unlikely to be user-controllable and create
noise that obscures real vulnerabilities.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 18:50:41 +09:00

Yutaka Kurosaki

b1cbddfa76

Fix: handle missing values for options like -s, -f, -o, -l, -d

When options that require values (e.g., -s, -f) are followed by
another flag (e.g., -s -c), the parser set them to boolean true
instead of their expected string value, causing TypeError.

Now these options properly fall back to defaults when no value
is provided.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 15:24:30 +09:00

Yutaka Kurosaki

6280290898

Initial commit: PHP/Laravel Security Linter v1.0.0

A static security analysis tool for PHP and Laravel applications
with recursive taint analysis capabilities.

Features:
- Comprehensive vulnerability detection (XSS, SQL Injection,
  Command Injection, Path Traversal, CSRF, Authentication issues)
- Recursive taint analysis across function calls
- Blade template analysis with context-aware XSS detection
- Smart escape detection and escape bypass detection
- Syntax highlighting in terminal output
- Multi-language support (Japanese/English)
- Docker support for easy deployment
- Multiple output formats (text, JSON, HTML, SARIF, Markdown)
- CI/CD integration ready (GitHub Actions, GitLab CI)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 15:18:53 +09:00