Last active
July 31, 2017 12:21
-
-
Save DavidGarciaCat/104c3fdca2a7b1c626bc to your computer and use it in GitHub Desktop.
SensioLabs Insight - What We Analyze: "Based on the experience of the SensioLabs Audit team, we established a list of 108 control points to make sure an application is safe, reliable, maintainable, that it follows standards and good practices."
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| # CRITICAL - SECURITY | |
| # Projects must not depend on dependencies with known security issues | |
| composer.security_issue_in_composer: | |
| enabled: true | |
| # Database queries should use parameter binding | |
| doctrine.database_query_contains_string_and_variable_concatenation: | |
| enabled: true | |
| # PHP debug statements found | |
| php.debug_statements: | |
| enabled: true | |
| # eval() should never be used | |
| php.use_php_eval_function: | |
| enabled: true | |
| # Confidential parameters should not be committed to the repository | |
| symfony.app.confidential_parameters_file_present_in_repository: | |
| enabled: true | |
| # Sensitive data should not be present in non-parameter configuration files | |
| symfony.app.sensitive_data_found_in_application_configuration: | |
| enabled: true | |
| # Exceptions should not be enabled in production | |
| symfony.exceptions_enabled_in_production: | |
| enabled: true | |
| # Symfony2 secret should be changed | |
| symfony.obvious_csrf_key: | |
| enabled: true | |
| # Twig auto-escaping must be enabled. | |
| twig.disabled_escaper: | |
| enabled: true | |
| # Website should be protected against XSSVulnerability | |
| twig.xss_vulnerability: | |
| enabled: true | |
| # CRITICAL - BUGRISK | |
| # Dependencies not installable | |
| composer.dependencies_not_installable: | |
| enabled: true | |
| # PHP files should not contain syntax errors | |
| php.php_syntax_error: | |
| enabled: true | |
| # YAML files should not contain syntax error | |
| symfony.configuration.yaml_syntax_error: | |
| enabled: true | |
| # The Symfony version should be maintained | |
| symfony.version.end_of_life: | |
| enabled: true | |
| # Twig templates should not have syntax errors | |
| twig.twig_syntax_error: | |
| enabled: true | |
| # XML files should not contain syntax error | |
| xml.syntax_error: | |
| enabled: true | |
| # CRITICAL - PERFORMANCE | |
| # Logging should not be verbose in production | |
| symfony.verbose_logging_in_production: | |
| enabled: true | |
| # MAJOR - SECURITY | |
| # Files should not be executable | |
| php.too_permissive_file_permissions: | |
| enabled: true | |
| allowed_dirs: | |
| - bin | |
| - scripts | |
| # Strong password hashing algorithm should be used for password | |
| symfony.security.insecure_password_hashing_algorithm: | |
| enabled: true | |
| # Public directory should not contain PHP files | |
| symfony.web.contains_php_files: | |
| enabled: true | |
| # Symfony applications should not contain a config.php file | |
| symfony.web_config_should_not_be_present: | |
| enabled: true | |
| # Twig templates should not use the debug tag | |
| twig.debug_enabled: | |
| enabled: true | |
| # MAJOR - BUGRISK | |
| # The composer.json file should be valid | |
| composer.invalid_file: | |
| enabled: true | |
| # The Doctrine schema should be valid. | |
| doctrine.invalid_schema: | |
| enabled: true | |
| # Logical operators should be avoided | |
| php.boolean_statement: | |
| enabled: true | |
| # PHP configuration should not be changed dynamically | |
| php.dynamically_change_configuration: | |
| enabled: true | |
| # Missing use statement should be avoided | |
| php.missing_use_statement: | |
| enabled: true | |
| # Static method should not contain $this reference | |
| php.static_method_should_not_use_this: | |
| enabled: true | |
| # exit() and die() functions should be avoided | |
| php.use_exit_function: | |
| enabled: true | |
| ignore_files: | |
| - web/config.php | |
| # POSIX regex functions should never be used | |
| php.use_php_ereg_function: | |
| enabled: true | |
| # A Symfony2 application should be bootable | |
| symfony.application_not_bootable: | |
| enabled: true | |
| # The response should be redirected after posting data to an action | |
| symfony.controller.missing_redirect_after_post: | |
| enabled: true | |
| # Absolute path constants __DIR__ and __FILE__ should not be used | |
| symfony.dependency_injection.use_dir_file_constant: | |
| enabled: true | |
| # The request service should never be injected | |
| symfony.inject_request_service: | |
| enabled: true | |
| # Method Request::createFromGlobals should not be used | |
| symfony.request.use_create_from_globals: | |
| enabled: true | |
| # Symfony applications should not throw AccessDeniedHttpException | |
| symfony.security.throw_access_denied_http_exception: | |
| enabled: true | |
| # Sessions should not be saved in the cache directory | |
| symfony.sessions_in_cache_directory: | |
| enabled: true | |
| # The Twig service should be bootable | |
| symfony.twig_not_bootable: | |
| enabled: true | |
| # PHP response functions should not be used | |
| symfony.use_php_response_function: | |
| enabled: true | |
| # PHP session functions should not be used | |
| symfony.use_php_session_function: | |
| enabled: true | |
| # PHP super globals should never be used | |
| symfony.use_super_globals: | |
| enabled: true | |
| # The Symfony version should be maintained | |
| symfony.version.out_of_maintenance: | |
| enabled: true | |
| # Web bundles/ folder should not be present in repository | |
| symfony.web.web_bundle_folder_present_in_repository: | |
| enabled: true | |
| # Source code should not contain FIXME comments | |
| task_fixme_comment: | |
| enabled: true | |
| # Twig should not use strict variables | |
| twig.disabled_strict_variable: | |
| enabled: true | |
| # Files should be encoded in UTF-8 | |
| web.non_utf8_encoding: | |
| enabled: true | |
| # MAJOR - PERFORMANCE | |
| # The EntityManager should not be flushed within a loop | |
| doctrine.use_flush_in_loop: | |
| enabled: true | |
| # Folders should not have too many files for performance | |
| php.too_many_files_per_folder_for_performance: | |
| enabled: true | |
| max_count: 10000 | |
| # sleep() should not be used | |
| php.use_php_sleep_function: | |
| enabled: true | |
| # Twig should not use auto reload | |
| twig.auto_reload_enabled: | |
| enabled: true | |
| # Web applications should contain a favicon | |
| web.missing_favicon: | |
| enabled: true | |
| # Web applications should contain a robots.txt file | |
| web.missing_robots_txt: | |
| enabled: true | |
| # MAJOR - ARCHITECTURE | |
| # Third party component licenses should be compatible with project license | |
| php.contaminant_third_party_component_license: | |
| enabled: true | |
| # Global variable or function should never be used | |
| php.use_global_variable_or_function: | |
| enabled: true | |
| # A GET action should not modify an existing resource | |
| symfony.controller.get_action_mutates_resource: | |
| enabled: true | |
| # Public methods in controller classes should only be actions | |
| symfony.controller.non_action_public_method_in_controller_class: | |
| enabled: true | |
| # Controllers should contain a small set of actions | |
| symfony.controller.too_many_actions_per_controller: | |
| enabled: true | |
| max_count: 10 | |
| threshold: 5 | |
| # Print statements found | |
| symfony.print_statements: | |
| enabled: true | |
| # PHP database functions should not be used | |
| symfony.use_php_database_function: | |
| enabled: true | |
| # Twig templates should not contain business logic | |
| twig.template_too_complex: | |
| enabled: true | |
| max_depth: 5 | |
| # MAJOR - DEADCODE | |
| # Your project should not contain the AcmeDemoBundle example bundle | |
| symfony.acme_bundle_found: | |
| enabled: true | |
| # Routes should reference existing actions | |
| symfony.routing.route_references_non_existent_action: | |
| enabled: true | |
| # MAJOR - READABILITY | |
| # Symfony controller action method should not be too long | |
| symfony.controller.action_method_too_long: | |
| enabled: true | |
| max_length: 20 | |
| threshold: 10 | |
| # MINOR - SECURITY | |
| # Default session cookie's name should be changed. | |
| symfony.request.session_cookie_default_name: | |
| enabled: true | |
| # MINOR - BUGRISK | |
| # Version of dependencies should be fixed | |
| composer.unfixed_dependency_version: | |
| enabled: true | |
| # No absolute path should be hard-coded | |
| php.absolute_path_present: | |
| enabled: true | |
| allowed_paths: | |
| - /dev | |
| - /etc | |
| - /proc | |
| # PHPUnit should be able to run all PHP tests | |
| php.neglected_tests: | |
| enabled: true | |
| # Object parameters should be type hinted | |
| php.object_parameter_not_type_hinted: | |
| enabled: true | |
| # Error silenced by the at sign (@) | |
| php.silenced_error: | |
| enabled: true | |
| function_whitelist: | |
| - unlink | |
| - fopen | |
| - fwrite | |
| - fclose | |
| - rename | |
| - chmod | |
| - mkdir | |
| - rmdir | |
| - file_put_contents | |
| - move_uploaded_file | |
| - chgrp | |
| - lchgrp | |
| - chown | |
| - lchown | |
| - touch | |
| - symlink | |
| - highlight_file | |
| - ftp_get | |
| - ftp_close | |
| - ftp_size | |
| - ftp_chdir | |
| - ftp_delete | |
| - ftp_rmdir | |
| - ftp_put | |
| - ftp_mkdir | |
| - ftp_chmod | |
| - ftp_nlist | |
| # Boolean should be compared strictly | |
| php.strict_boolean_comparison_should_be_used: | |
| enabled: true | |
| # Avoid using deprecated PHP functions | |
| php.use_deprecated_function: | |
| enabled: true | |
| # The Symfony version should be the latest stable one | |
| symfony.version.latest_stable: | |
| enabled: true | |
| # MINOR - PERFORMANCE | |
| # Usage of a function in loops should be avoided | |
| php.for_loop_uses_test_function: | |
| enabled: true | |
| # The boot method in a bundle should be empty | |
| symfony.bundle_boot_method_should_be_empty: | |
| enabled: true | |
| # There should not be too many ESI inclusions | |
| symfony.templating.too_many_esi_inclusions: | |
| enabled: true | |
| # MINOR - ARCHITECTURE | |
| # HTML links should not contain javascript | |
| html.html_link_contains_javascript: | |
| enabled: true | |
| # Code should not be duplicated | |
| php.duplicated_code: | |
| enabled: true | |
| # Template should not have too many variables | |
| symfony.controller.too_many_template_variables: | |
| enabled: true | |
| max_count: 6 | |
| threshold: 5 | |
| # The Symfony Dependency Injection Container should not be passed as an argument | |
| symfony.dependency_injection.no_container_as_parameter: | |
| enabled: true | |
| # The Doctrine Entity Manager should not be passed as an argument | |
| symfony.dependency_injection.no_entity_manager_as_parameter: | |
| enabled: true | |
| # Include statements should not be used | |
| symfony.include_statement_used: | |
| enabled: true | |
| # Source code should not contain TODO comments | |
| task_todo_comment: | |
| enabled: true | |
| # Source code should not contain XXX comments | |
| task_xxx_comment: | |
| enabled: true | |
| # MINOR - DEADCODE | |
| # Commented code should not be committed | |
| php.commented_out_code: | |
| enabled: true | |
| # PHP code should not contain unreachable code | |
| php.unreachable_code: | |
| enabled: true | |
| # Unused method, property, variable or parameter | |
| php.unused_local_variable_or_private_member: | |
| enabled: true | |
| # Unused use statement should be avoided | |
| php.unused_use_statement: | |
| enabled: true | |
| # Cache or log files should not be committed | |
| symfony.app.cache_or_log_file_in_repository: | |
| enabled: true | |
| # MINOR - READABILITY | |
| # PHP classes should be short | |
| php.class_too_long: | |
| enabled: true | |
| max_length: 500 | |
| threshold: 5 | |
| # PHP methods should not contain too much logic | |
| php.method_too_long: | |
| enabled: true | |
| max_length: 50 | |
| threshold: 5 | |
| # MINOR - CODESTYLE | |
| # User specific files should not appear in .gitignore | |
| git.user_specific_ignored_file: | |
| enabled: true | |
| # Boolean property should not be prefixed by "is" | |
| php.bad_mutator_method_name_for_boolean_property: | |
| enabled: true | |
| # Form types should be in Form/Type folders | |
| symfony.form.form_type_not_in_type_form_folder: | |
| enabled: true | |
| # Templates should not be too long | |
| twig.template_too_long: | |
| enabled: true | |
| max_length: 200 | |
| threshold: 5 | |
| # INFO - SECURITY | |
| # Symfony error pages should be customised | |
| symfony.configuration.error_pages_should_be_customised: | |
| enabled: true | |
| # A route should always have a valid HTTP method | |
| symfony.routing.action_not_restricted_by_method: | |
| enabled: true | |
| # Default favicon should be changed | |
| web.default_favicon: | |
| enabled: true | |
| # INFO - BUGRISK | |
| # The composer.lock is not up to date. | |
| composer.outdated_lock_file: | |
| enabled: true | |
| # The composer.json file should not raise warnings | |
| composer.warning: | |
| enabled: true | |
| # PHP short tags should not be used | |
| php.use_php_short_open_tag: | |
| enabled: true | |
| # INFO - PERFORMANCE | |
| # .htaccess should be avoided | |
| web.apache_config: | |
| enabled: true | |
| # INFO - ARCHITECTURE | |
| # Deprecated class usage found | |
| third_party.use_deprecated_class: | |
| enabled: true | |
| # Deprecated class found in service definition | |
| third_party.use_deprecated_service: | |
| enabled: true | |
| # INFO - CODESTYLE | |
| # Project files should not mix end of lines | |
| invalid_e_o_l: | |
| enabled: true | |
| eol: unix | |
| # Text files should end with a newline character | |
| missing_e_o_l: | |
| enabled: true | |
| # Class should be unique per PHP file | |
| php.file_contains_more_than_one_class: | |
| enabled: true | |
| # Interfaces names should end with "Interface" | |
| php.interface_has_no_interface_suffix: | |
| enabled: true | |
| interface_name_pattern: /(Interface|Exception|able)$/ | |
| # PHP code should follow PSR-1 basic coding standard | |
| php.psr1: | |
| enabled: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment