Contrib.social

Include DrupalSecure Code Sniffs

Open on Drupal.org →
Created on 18 February 2023, about 2 years ago
Updated 18 May 2024, 11 months ago

Problem/Motivation

The DrupalSecure code sniffs add (basic) testing for common know security faults. They were suggested for inclusion in coder in the past but the issue was closed out when 7.x branch was discontinued, see #1844870: Security Sniffs

These sniffs provide for warning where security vulnerabilities may exist in a project (though they could use a few additions) and when enabled can help detect possible concerns.

The sniffs have been used for years as part of the pareview.sh project.

Proposed resolution

Include the DrupalSecure sniffs as part of coder, where they can be more easily used by the community and receive updates from the community along side the rest of the sniffs.

Remaining tasks

User interface changes

None

API changes

None

Data model changes

None

Feature request
Status

Active

Version

8.3

Component

Coder Sniffer

Created by

🇺🇸United States cmlara

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @cmlara
  • Comment 11 months ago
    solideogloria

    I think this is a good idea. The code for the DrupalSecure sniffs isn't being maintained right now, and there hasn't been a commit on the project in the last 11 years.

    If PAReview.sh is going to continue to use the sniffs, it'd be a good idea to move them to where they can be updated and maintained. The sniffs were written for PHP 5 and older versions of Drupal, so they could use some love.

  • Comment 11 months ago
    🇺🇸United States cmlara

    Removing “PAreview: security” tag as it is reserved for tracking applications that have detected a security vulnerability.

  • Comment 11 months ago
    🇺🇸United States cmlara
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024