Files

Yutaka Kurosaki 62a4d499ae Update repository URLs to Gitea

- Change all URLs from github.com to opensource.rogarithm.net
- Update Docker image references to local build (php-security-linter:latest)
- Fix Gitea Issues URL in CONTRIBUTING.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-02 12:07:21 +09:00

2.3 KiB

Raw Permalink Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.0.1 - 2024-01-31

Added

Core Features

Recursive taint analysis for tracking user input through function calls
Multi-language support (Japanese/English)
Syntax highlighting in terminal output
Multiple output formats: text, JSON, HTML, SARIF, Markdown
Docker support for easy deployment
Configuration file support (.security-lint.json)

Vulnerability Detection

XSS (Cross-Site Scripting)

Blade {!! !!} raw output detection
JavaScript context XSS
Event handler attribute XSS
URL context XSS (javascript: URLs)
Style injection
Template injection
Escape bypass function detection
Dangerous hardcoded HTML detection

SQL Injection

Laravel Query Builder raw methods
PDO/MySQLi direct queries
String concatenation in queries
Sanitizer bypass detection

Command Injection

Shell execution functions (exec, shell_exec, system, etc.)
Code execution functions (eval, create_function, etc.)
Dynamic file includes
Symfony Process usage

Path Traversal

File operation functions
Laravel Storage operations
File download/upload

Authentication Security

Weak hash algorithms (MD5, SHA1)
Hardcoded credentials detection
Timing-vulnerable comparisons

CSRF/Session Security

Missing CSRF tokens
Insecure session configuration
Session fixation

Configuration Security

Debug output (phpinfo, var_dump, dd)
Insecure unserialize
Sensitive information logging

Laravel-Specific Security

Mass Assignment (missing $fillable/$guarded)
Raw SQL injection (DB::raw, whereRaw without bindings)
CSRF protection (forms without @csrf)
File upload validation (extensions-only without mimes)
Route authentication middleware
Rate limiting for auth routes

Security

Safe pattern recognition for Laravel helpers (route(), url(), action())
Value-based credential detection to reduce false positives
Escape function recognition (htmlspecialchars, e(), etc.)

2.3 KiB Raw Permalink Blame History