-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsanctify-php.cabal
More file actions
148 lines (143 loc) · 4.07 KB
/
sanctify-php.cabal
File metadata and controls
148 lines (143 loc) · 4.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
cabal-version: 3.0
name: sanctify-php
version: 0.2.0
synopsis: Haskell-based PHP hardening and security analysis tool
description:
Sanctify-PHP transforms PHP code to be safer and more robust:
.
* Comprehensive PHP 8.2+ parser (readonly classes, DNF types, enums, attributes)
* Advanced security analysis (OWASP Top 10, ReDoS, SSRF, XXE, TOCTOU)
* WordPress-specific security checks (nonce, capabilities, AJAX, REST API)
* Automatic code transformations (sanitization, type hints, strict types)
* Multiple output formats (text, JSON, SARIF, HTML)
* Interactive fix mode and watch mode for development
* Infrastructure export (php.ini, nginx, Guix/Nix)
license: LicenseRef-PMPL-1.0-or-later
license-file: LICENSE
author: Jonathan D.A. Jewell
maintainer: j.d.a.jewell@open.ac.uk
category: Development, Security
build-type: Simple
extra-doc-files: README.adoc
common warnings
ghc-options: -Wall -Wcompat -Widentities -Wincomplete-record-updates
-Wincomplete-uni-patterns -Wmissing-export-lists
-Wmissing-home-modules -Wpartial-fields -Wredundant-constraints
library
import: warnings
exposed-modules:
Sanctify.Parser
Sanctify.AST
Sanctify.Analysis.Security
Sanctify.Analysis.Advanced
Sanctify.Analysis.Types
Sanctify.Analysis.Taint
Sanctify.Analysis.DeadCode
Sanctify.Transform.StrictTypes
Sanctify.Transform.TypeHints
Sanctify.Transform.Sanitize
Sanctify.Transform.Strict
Sanctify.WordPress.Constraints
Sanctify.WordPress.Hooks
Sanctify.WordPress.Security
Sanctify.Emit
Sanctify.Config
Sanctify.Report
Sanctify.Ruleset
other-modules:
Sanctify.Parser.Lexer
Sanctify.Parser.Token
build-depends:
base >=4.17,
text >=2.0,
containers >=0.6,
mtl >=2.3,
transformers >=0.6,
megaparsec >=9.0,
parser-combinators >=1.3,
aeson >=2.0,
yaml >=0.11,
filepath >=1.4,
directory >=1.3,
bytestring >=0.11,
vector >=0.13,
unordered-containers >=0.2,
prettyprinter >=1.7,
optparse-applicative >=0.18,
time >=1.12
hs-source-dirs: src
default-language: GHC2021
default-extensions:
OverloadedStrings
LambdaCase
DerivingStrategies
DeriveGeneric
DeriveAnyClass
executable sanctify
import: warnings
main-is: Main.hs
build-depends:
base >=4.17,
sanctify-php,
text,
containers,
mtl,
optparse-applicative,
filepath,
directory,
time,
aeson,
bytestring
hs-source-dirs: app
default-language: GHC2021
default-extensions:
OverloadedStrings
LambdaCase
test-suite sanctify-php-test
import: warnings
default-language: GHC2021
default-extensions:
OverloadedStrings
type: exitcode-stdio-1.0
hs-source-dirs: test
main-is: Spec.hs
other-modules:
ParserSpec
SecuritySpec
TransformSpec
E2ESpec
PropertySpec
AspectSpec
build-depends:
base >=4.17,
sanctify-php,
hspec >=2.10,
hspec-discover >=2.10,
hspec-megaparsec >=2.2,
hspec-golden >=0.2,
QuickCheck >=2.14,
text,
containers,
filepath,
directory,
bytestring,
transformers
build-tool-depends:
hspec-discover:hspec-discover >=2.10
benchmark sanctify-php-bench
default-language: GHC2021
default-extensions:
OverloadedStrings
type: exitcode-stdio-1.0
hs-source-dirs: bench
main-is: Main.hs
build-depends:
base >=4.17,
sanctify-php,
criterion >=1.6,
text,
filepath
ghc-options:
-O2
-rtsopts
-with-rtsopts=-N