TE-8136 / TE-8201 Initial commit

.editorconfig

@@ -0,0 +1,16 @@
+; This file is for unifying the coding style for different editors and IDEs.
+; More information at https://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.bat]
+end_of_line = crlf
+
+[composer.json]
+indent_size = 2

.gitattributes

@@ -0,0 +1,33 @@
+# Define the line ending behavior of the different file extensions
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text text=auto eol=lf
+
+# Denote all files that are truly binary and should not be modified.
+*.png binary
+*.jpg binary
+*.gif binary
+*.jpeg binary
+*.zip binary
+*.phar binary
+*.ttf binary
+*.woff binary
+*.woff2 binary
+*.eot binary
+*.ico binary
+*.mo binary
+*.pdf binary
+*.xsd binary
+*.ts binary
+*.exe binary
+
+# Remove files for archives generated using `git archive`
+codeception.yml export-ignore
+dependency.json export-ignore
+phpstan.json export-ignore
+phpstan.neon export-ignore
+tooling.yml export-ignore
+.coveralls.yml export-ignore
+.travis.yml export-ignore
+.editorconfig export-ignore
+.gitattributes export-ignore
+.gitignore export-ignore

.gitignore

@@ -0,0 +1,23 @@
+# IDE
+.idea/
+.project/
+nbproject/
+.buildpath/
+.settings/
+*.sublime-*
+
+# OS
+.DS_Store
+*.AppleDouble
+*.AppleDB
+*.AppleDesktop
+
+# grunt stuff
+.grunt
+.sass-cache
+/node_modules/
+
+# tooling
+vendor/
+composer.lock
+.phpunit.result.cache

.license

@@ -0,0 +1,4 @@
+/**
+ * Copyright © 2019-present Spryker Systems GmbH. All rights reserved.
+ * Use of this software requires acceptance of the Evaluation License Agreement. See LICENSE file.
+ */

CHANGELOG.md

@@ -0,0 +1,3 @@
+Security Checker Changelog
+
+[Release Changelog](https://github.com/spryker-sdk/security-checker/releases)

CONTRIBUTING.md

@@ -0,0 +1,46 @@
+CODE CONTRIBUTION LICENSE AGREEMENT
+
+BY DISPLAYING, PUBLISHING, UPLOADING OR PROMOTING (COLLECTIVELY, “POSTING”) SOURCE CODE (“SOURCE CODE”)
+TO SPRYKER SYSTEMS GMBH, REGISTERED WITH THE COMMERCIAL REGISTER OF THE LOWER COURT OF HAMBURG UNDER
+HRB 134310 (“WE”, “US” OR ”SPRYKER”), YOU AGREE TO THIS CODE CONTRIBUTION LICENSE AGREEMENT (THE “AGREEMENT”).
+
+You grant us and our affiliates an irrevocable, perpetual, worldwide, royalty-free, non-exclusive, unrestricted
+license and right to use, reproduce and store, disseminate and otherwise exploit, modify, delete from, add to,
+create derivative works of, publicly perform, publicly display, reproduce, exchange parts of Source Code or combine them with
+other Source Code, use in data networks and distribute with or without consideration and without limitations as to the
+number of items via all distribution channels (and to sublicense the foregoing rights through multiple tiers of licensees)
+of such Source Code and any other copyright protected material for any reason and in connection with advertising and
+promoting our software and/or our products in any media formats and through any channels now existing or developed in
+the future. The transfer and assignment of rights covers any usage and exploitation rights for any unknown types of use
+as well as with regard to any known types of use the right to unrestrictedly make publicly available and publish,
+irrespective of the medium including any editions and versions and grant simple or exclusive usage, exploitation or
+adaptation rights to third parties.
+
+Spryker may reject, refuse to post or delete any Source Code for any or no reason, including, without limitation.
+
+From time to time, we may remove the Source Code permanently or temporarily, provided that even if we do remove such
+Source Code, we shall have no obligation to cease our other uses of the Source Code as permitted above.
+
+You agree to be fully responsible for and to pay any and all royalties, fees, and any other monies owing any person or
+entity by reason of any Source Code posted by you.
+
+Spryker respects the intellectual property of others, and requires that you do the same. Your postings and the Source Code
+must not infringe any copyright, patent, trademark, trade secret or other proprietary rights or other rights of any person
+or entity and you may not upload, embed, post, email, transmit or otherwise make available Source Code, software or any other
+material that that infringes such rights.
+
+YOU GUARANTEE THAT: (I) YOU OWN THE SOURCE CODE POSTED BY YOU OR OTHERWISE HAVE THE RIGHT TO GRANT THE LICENSES AND RIGHTS
+SET FORTH ABOVE, AND (II) THE POSTING OF YOUR SOURCE CODE DOES NOT VIOLATE THE PRIVACY RIGHTS, PUBLICITY RIGHTS, CONTRACT RIGHTS,
+INTELLECTUAL PROPERTY OR ANY OTHER RIGHTS OF ANY PERSON OR ENTITY OR ANY APPLICABLE LAW.
+
+YOU AGREE TO INDEMNIFY AND HOLD SPRYKER, ITS SUBSIDIARIES, AND AFFILIATES, AND THEIR RESPECTIVE OFFICERS, AGENTS, PARTNERS
+AND EMPLOYEES, HARMLESS FROM ANY LOSS, LIABILITY, COST, EXPENSE, CLAIM OR DEMAND, INCLUDING WITHOUT LIMITATION, REASONABLE
+ATTORNEYS’ FEES, DUE OR RELATING TO OR ARISING OUT OF THE USE OF YOUR SOURCE CODE IN VIOLATION OF THIS AGREEMENT AND/OR
+ARISING FROM A BREACH OF ANY TERMS OF THIS AGREEMENT AND/OR ANY BREACH OF YOUR REPRESENTATIONS AND WARRANTIES SET FORTH IN
+THIS AGREEMENT AND/OR ARISING OUT OF OR RELATING TO ANY SOURCE CODE THAT YOU POST.
+
+This Agreement shall be governed by the laws of Germany to the exclusion of IPR (International Law) and the United Nations Convention
+on Contracts for the International Sale of Goods (CISG). The parties consent to the jurisdiction of the courts in Berlin (Germany).
+
+This Agreement constitutes the entire agreement between you and us concerning Spryker’s use of the Source Code. This Agreement
+supersedes any prior verbal understanding between the parties. This Agreement may be amended only in a writing signed by an authorized officer of Spryker.

LICENSE

@@ -0,0 +1,40 @@
+SPRYKER SYSTEMS GMBH EVALUATION LICENSE AGREEMENT
+
+SPRYKER SYSTEMS GMBH, REGISTERED WITH THE COMMERCIAL REGISTER OF THE LOWER COURT OF HAMBURG UNDER HRB 134310
+(“WE” OR ”SPRYKER”)GRANTS YOU (THE “LICENSEE”) THE RIGHT TO USE THE SOFTWARE (AS DEFINED BELOW)
+UNDER THE PROVISIONS OF THIS EVALUATION LICENSE AGREEMENT (THE “AGREEMENT”).
+
+The “Software” includes any software owned and distributed by Spryker under this Agreement. The Software
+contains elements of open source components, to which different license terms apply respectively.
+These open source components are needed to be installed separately.
+
+Spryker grants to Licensee, during the 45-calendar-day period (the “Evaluation Period”) following the download of the Software,
+the nontransferable, nonexclusive limited, free of charge license to permit Licensee’s employees to internally use the Software
+to test and evaluate the Software in connection with potentially purchasing non-evaluation licenses to the Software.
+
+Licensee shall not (i) use the Software to set up a productive live system, for development purposes or any other purposes apart
+from evaluating the Software; (ii) copy any part of the Software except to make one copy for back-up purposes; (iii) distribute,
+disclose, market, rent, lease, or transfer the Software or act as a service bureau with respect to the Software; (iv) export the
+Software or install it in multiple locations; (v) disclose any confidential information provided by Spryker; (vi) modify or make
+derivative works of the Software; or (vii) allow others to make or obtain copies of the Software.
+
+THE SOFTWARE IS PROVIDED “AS-IS” AND WITHOUT WARRANTY OF ANY KIND. SPRYKER DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING
+BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, TITLE, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. SPRYKER WILL NOT
+BE LIABLE FOR ANY DAMAGES ASSOCIATED WITH THE SOFTWARE, INCLUDING WITHOUT LIMITATION ORDINARY, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL
+DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO DAMAGES RELATING TO LOST DATA OR LOST PROFITS, EVEN IF SPRYKER HAS BEEN ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGES.
+
+Licensee's license to use the Software shall terminate on the earlier of (i) the expiration of the Evaluation Period, or (ii) the date
+both parties enter into a definitive agreement for the provision by Spryker to Licensee of a non-evaluation license to the Software.
+Upon termination of the license as provided above, Licensee shall promptly destroy the Software and any back-up copy of the Software
+made during the Evaluation Period if Spryker and the Licensee have not agreed a non-evaluation license to the Software.
+
+This Agreement shall be governed by the laws of Germany to the exclusion of IPR (International Law) and the United Nations Convention
+on Contracts for the International Sale of Goods (CISG). The parties consent to the jurisdiction of the courts in Berlin (Germany).
+
+This Agreement is not assignable or transferable by Licensee and any attempt to do so is null and void.
+
+This Agreement constitutes the entire agreement between the parties concerning Licensee’s use of the Software. This Agreement supersedes
+any prior verbal understanding between the parties and any Licensee purchase order or other ordering document, regardless of whether such
+document is received by Spryker before or after execution of this Agreement. This Agreement may be amended only in a writing signed by
+an authorized officer of Spryker.

README.md

@@ -0,0 +1,6 @@
+# Security Checker
+
+[![Build Status](https://github.com/spryker-sdk/security-checker/workflows/CI/badge.svg?branch=master)](https://github.com/spryker-sdk/security-checker/actions?query=workflow%3ACI+branch%3Amaster)
+[![Minimum PHP Version](https://img.shields.io/badge/php-%3E%3D%207.3-8892BF.svg)](https://php.net/)
+[![PHPStan](https://img.shields.io/badge/PHPStan-level%208-brightgreen.svg?style=flat)](https://phpstan.org/)
+

composer.json

@@ -0,0 +1,35 @@
+{
+    "name": "spryker-sdk/security-checker",
+    "type": "library",
+    "description": "A security checker for your composer.lock",
+    "license": "proprietary",
+    "require": {
+        "php": ">=7.3"
+    },
+    "require-dev": {
+        "phpstan/phpstan": "^0.12.18",
+        "slevomat/coding-standard": "^6.2",
+        "spryker/code-sniffer": "^0.15.6",
+        "squizlabs/php_codesniffer": "^3.5"
+    },
+    "autoload": {
+        "psr-4": {
+            "SecurityChecker\\": "src/SecurityChecker/"
+        }
+    },
+    "minimum-stability": "dev",
+    "prefer-stable": true,
+    "extra": {
+        "branch-alias": {
+            "dev-master": "1.0.x-dev"
+        }
+    },
+    "config": {
+        "sort-packages": true
+    },
+  "scripts": {
+    "cs-check": "phpcs --colors -p -s --extensions=php --standard=vendor/spryker/code-sniffer/Spryker/ruleset.xml --ignore=/tests/_data/,/_support/ src/ tests/",
+    "cs-fix": "phpcbf --colors -p --extensions=php --standard=vendor/spryker/code-sniffer/Spryker/ruleset.xml --ignore=/tests/_data/,/_support/ src/ tests/",
+    "stan": "phpstan analyze -l 8 src/",
+  }
+}

phpstan-bootstrap.php

@@ -0,0 +1,3 @@
+<?php
+
+define('ROOT_DIR', __DIR__);

phpstan.json

@@ -0,0 +1,3 @@
+{
+    "defaultLevel": 8
+}

phpstan.neon

@@ -0,0 +1,5 @@
+parameters:
+    checkMissingIterableValueType: false
+
+    bootstrapFiles:
+        - phpstan-bootstrap.php

src/SecurityChecker/Command/SecurityCheckerCommand.php

@@ -0,0 +1,12 @@
+<?php
+declare(strict_types=1);
+/**
+ * Copyright © 2019-present Spryker Systems GmbH. All rights reserved.
+ * Use of this software requires acceptance of the Evaluation License Agreement. See LICENSE file.
+ */
+namespace Brancho\SecurityChecker;
+
+class SecurityCheckerCommand
+{
+
+}

tooling.yml

@@ -0,0 +1,5 @@
+architecture-sniffer:
+    priority: 2
+
+code-sniffer:
+    level: 2