Psalm Security Rules - 1.1
Description
This extension provides a dedicated set of quality rules that have been designed to check your PHP source code for user input security defects or violations. These quality rules are based on the user input security checks provided by the open source static analysis tool called Psalm (see https://psalm.dev/) and are in addition to the PHP quality rules provided by com.castsoftware.php (this is a dependent extension and the Psalm Security Rules extension will run its quality rules against the results of the PHP Analyzer analysis).
The following Psalm user input security checks are supported by this extension:
- https://psalm.dev/docs/running_psalm/issues/TaintedCallable/
- https://psalm.dev/docs/running_psalm/issues/TaintedCookie/
- https://psalm.dev/docs/running_psalm/issues/TaintedEval/
- https://psalm.dev/docs/running_psalm/issues/TaintedFile/
- https://psalm.dev/docs/running_psalm/issues/TaintedHeader/
- https://psalm.dev/docs/running_psalm/issues/TaintedInclude/
- https://psalm.dev/docs/running_psalm/issues/TaintedLdap/
- https://psalm.dev/docs/running_psalm/issues/TaintedShell/
- https://psalm.dev/docs/running_psalm/issues/TaintedSql/
- https://psalm.dev/docs/running_psalm/issues/TaintedSSRF/
- https://psalm.dev/docs/running_psalm/issues/TaintedTextWithQuotes/
- https://psalm.dev/docs/running_psalm/issues/TaintedUnserialize/
- https://psalm.dev/docs/running_psalm/issues/TaintedXpath/
- https://psalm.dev/docs/running_psalm/issues/TaintedSleep/
- https://psalm.dev/docs/running_psalm/issues/TaintedExtract/
A detailed explanation of the security checks provided by Psalm can be seen in https://psalm.dev/docs/security_analysis/ with a dedicated section about avoiding false-positives .
Transactions
Transaction support is derived from metamodel concepts used to build CAST Imaging Blueprint and structural transaction flows. Entry Points start transactions; Exit Points include both output/boundary concepts and Data Entities manipulated by transactions.
| Role | Support | Breakdown |
|---|---|---|
| Entry Point | No direct concept type details | |
| Exit Point | No direct concept type details |
Data version: 1.1.0-funcrel
ISO 5055 Structural Rules
Quality support is based on ISO 5055 structural rules available for the selected extension version. Counts are grouped by ISO 5055 characteristic.
| Reliability | Maintainability | Security | Performance Efficiency |
|---|---|---|---|
Data version: 1.1.0-funcrel
Dependencies with other extensions
Some CAST extensions require the presence of other CAST extensions in order to function correctly. The Psalm Security Rules extension requires that the following other CAST extensions are also installed:
- com.castsoftware.php (in order to get the objects to attach violations to)
- com.castsoftware.php.runtime82 (in order to have an executable launch Psalm)
Note that any dependent extensions are automatically downloaded and installed.
Download and installation instructions
The extension will not be automatically downloaded and installed.If you need to use it, you should manually install the extension.