Created by James Hurrell on Jan 11, 2023
This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.


1.0.1-funcrel

Other Updates

Details
Fixes the missing dependency issue. An app was failing while installing extension throwing the error "Plugin selection error”.
Rules documentation has been improved.

1.0.0-funcrel

Other Updates

Details
An update has been implemented to ensure that the extension is disabled when no PHP source code is delivered for analysis.
File names with non UTF-8 characters are now correctly handled.
Fixes an issue causing (for some violations) the main bookmark to be incorrectly set on the second-to-last step of the violation

Performance Improvements

Summary
A change has been implemented based on the recommendations provided in https://psalm.dev/docs/running_psalm/command_line_usage/#running-psalm-faster.

1.0.0-beta2

Other Updates

Details
This extension has now been configured to use the PHP runtime provided by the com.castsoftware.php.runtime82 extension (see https://doc.castsoftware.com/display/TECHNOS/PHP+Runtime82+-+1.0), which is auto installed when com.castsoftware.php.security is installed.
Violations are now attached to PHP functions, methods and constructors in addition to PHP sections.
The Psalm tool embedded in the extenion has been upgraded from version 4.30.0 to 5.12.0.
All violations generated by this extension are now declared as "critical".
Code snippets with non UTF-8 characters are now correctly handled.
Psalm configuration is now written to the %PROGRAMDATA%/CAST/CAST/CASTMS/LISA folder instead of using the %PROGRAMDATA%\CAST\CAST\Extensions folder.
Remove bookmarks to Psalm stubs for core generic functions.

1.0.0-beta1

Note

Initial release of the extension providing a dedicated set of quality rules that have been designed to check your PHP source code for user input security defects or violations. These quality rules are based on the user input security checks provided by the open source static analysis tool called Psalm (see https://psalm.dev/) and are in addition to the PHP quality rules provided by the PHP Analyzer.

Rules

Rule IdNew RuleDetails
1034000TRUEAvoid SQL injection (PHP)
1034002TRUEAvoid cookie injection (PHP)
1034004TRUEAvoid LDAP injection (PHP)
1034006TRUEAvoid OS command injection (PHP)
1034008TRUEAvoid PHP Remote File Inclusion (PHP)
1034010TRUEAvoid eval injection (PHP)
1034012TRUEAvoid code injection (PHP)
1034014TRUEAvoid file path manipulation (PHP)
1034016TRUEAvoid reflected cross-site scripting (PHP)
1034018TRUEAvoid deserialization injection (PHP)
1034020TRUEAvoid improper neutralization of HTTP headers (PHP)
1034022TRUEAvoid server-side request forgery (PHP)