Psalm Security Rules - 1.1

Extension ID

com.castsoftware.php.security

What’s new?

See Psalm Security Rules - 1.1 - Release Notes.

Description

This extension provides a dedicated set of quality rules that have been designed to check your PHP source code for user input security defects or violations. These quality rules are based on the user input security checks provided by the open source static analysis tool called Psalm (see https://psalm.dev/) and are in addition to the PHP quality rules provided by com.castsoftware.php (this is a dependent extension and the Psalm Security Rules extension will run its quality rules against the results of the PHP Analyzer analysis).

The following Psalm user input security checks are supported by this extension:

A detailed explanation of the security checks provided by Psalm can be seen in https://psalm.dev/docs/security_analysis/external link with a dedicated section about avoiding false-positivesexternal link

Function Point, Quality and Sizing support

This extension provides the following support:

  • Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
  • Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Item Supported
Function Points (transactions)
Quality and Sizing ✔️

Compatibility

CAST Imaging Core release Supported
8.3.x ✔️

Dependencies with other extensions

Some CAST extensions require the presence of other CAST extensions in order to function correctly. The Psalm Security Rules extension requires that the following other CAST extensions are also installed:

Note that when using CAST Console to download and install the extension, any dependent extensions are automatically downloaded and installed.

Download and installation instructions

The extension will not be automatically downloaded and installed in CAST Console. If you need to use it, you should manually install the extension using the Application - Extensions interface.

What analysis results can you expect?

Structural rules

Release Link
1.1.0-beta2 https://technologies.castsoftware.com/rules?sec=srs_php.security&ref=||1.1.0-beta2external link
1.1.0-beta1 https://technologies.castsoftware.com/rules?sec=srs_php.security&ref=||1.1.0-beta1external link
1.1.0-alpha3 https://technologies.castsoftware.com/rules?sec=srs_php.security&ref=||1.1.0-alpha3external link
1.1.0-alpha2 https://technologies.castsoftware.com/rules?sec=srs_php.security&ref=||1.1.0-alpha2external link
1.1.0-alpha1 https://technologies.castsoftware.com/rules?sec=srs_php.security&ref=||1.1.0-alpha1external link