From 04540c50dc912bad6f6ff75205e189cff24bb276 Mon Sep 17 00:00:00 2001 From: lastlink Date: Mon, 11 Oct 2021 13:48:59 -0400 Subject: [PATCH 1/3] php code scan --- .github/workflows/pslam.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/pslam.yml diff --git a/.github/workflows/pslam.yml b/.github/workflows/pslam.yml new file mode 100644 index 0000000..c42d65d --- /dev/null +++ b/.github/workflows/pslam.yml @@ -0,0 +1,24 @@ +name: Psalm Security Scan + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + +jobs: + psalm: + name: Psalm + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Psalm Security Scan + uses: docker://ghcr.io/psalm/psalm-security-scan + + - name: Upload Security Analysis results to GitHub + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif \ No newline at end of file From f9d81d18cf44a003511527fd936cbcb814c8037c Mon Sep 17 00:00:00 2001 From: lastlink Date: Mon, 11 Oct 2021 13:58:03 -0400 Subject: [PATCH 2/3] cleanup --- .github/workflows/pslam.yml | 4 ++ .../snyk-infrastructure-analysis.yml | 42 ------------------- 2 files changed, 4 insertions(+), 42 deletions(-) delete mode 100644 .github/workflows/snyk-infrastructure-analysis.yml diff --git a/.github/workflows/pslam.yml b/.github/workflows/pslam.yml index c42d65d..0533c39 100644 --- a/.github/workflows/pslam.yml +++ b/.github/workflows/pslam.yml @@ -17,6 +17,10 @@ jobs: - name: Psalm Security Scan uses: docker://ghcr.io/psalm/psalm-security-scan + with: + security_analysis: true + report_file: results.sarif + composer_require_dev: true - name: Upload Security Analysis results to GitHub uses: github/codeql-action/upload-sarif@v1 diff --git a/.github/workflows/snyk-infrastructure-analysis.yml b/.github/workflows/snyk-infrastructure-analysis.yml deleted file mode 100644 index 43e05d5..0000000 --- a/.github/workflows/snyk-infrastructure-analysis.yml +++ /dev/null @@ -1,42 +0,0 @@ -# A sample workflow which checks out your Infrastructure as Code Configuration files, -# such as Kubernetes, Helm & Terraform and scans them for any security issues. -# The results are then uploaded to GitHub Security Code Scanning -# -# For more examples, including how to limit scans to only high-severity issues -# and fail PR checks, see https://github.com/snyk/actions/ - -name: Snyk Infrastructure as Code - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '42 7 * * 4' - -jobs: - snyk: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Run Snyk to check configuration files for security issues - # Snyk can be used to break the build when it detects security issues. - # In this case we want to upload the issues to GitHub Code Scanning - continue-on-error: true - uses: snyk/actions/iac@master - env: - # In order to use the Snyk Action you will need to have a Snyk API token. - # More details in https://github.com/snyk/actions#getting-your-snyk-token - # or you can signup for free at https://snyk.io/login - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - # Add the path to the configuration file that you would like to test. - # For example `deployment.yaml` for a Kubernetes deployment manifest - # or `main.tf` for a Terraform configuration file - file: your-file-to-test.yaml - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: snyk.sarif From 96176a46fb14d0292b1640055c0132c1e3fc458c Mon Sep 17 00:00:00 2001 From: lastlink Date: Mon, 11 Oct 2021 14:05:53 -0400 Subject: [PATCH 3/3] fix taint --- view/login.php | 2 +- view/registration.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/view/login.php b/view/login.php index 5c33a43..a14fef3 100644 --- a/view/login.php +++ b/view/login.php @@ -33,7 +33,7 @@ Passwords must be at least 8 characters and contain at least 1 number, 1 capital letter, and 1 special character
- required> + required>
diff --git a/view/registration.php b/view/registration.php index 814436c..0bc667b 100644 --- a/view/registration.php +++ b/view/registration.php @@ -34,7 +34,7 @@ Passwords must be at least 8 characters and contain at least 1 number, 1 capital letter, and 1 special character
- pattern="(?=^.{8,}$)(?=.*\d)(?=.*\W+)(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" required> + pattern="(?=^.{8,}$)(?=.*\d)(?=.*\W+)(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" required>