Hi, I have been working on a few security rules for SonarPHP. Those rules might not perform as well as the ones used in SAST software (no taint or call flow analyses) but they help enforcing security good practices. Some rules have been designed for Drupal 7 & Drupal 8 codebase. Here is a list o…

Hello Pierre-Loup, I can recognize just by looking at the title some rules similar to the ones we are working on at SonarSource for PHP but also for other languages. Do you have a public repository where I can look at your implementation to get more details about what these rules are catching, the…

Hello @Alexandre_Gigleux , I have no public repository yet but I will publish the source code in the next days on my company’s GitHub. I’ll keep you informed. I had a look at the new security rules visible on SonarPHP source code on GitHub. I noticed this pull request : https://github.com/SonarS…

Hello, I believe the best is to open one thread on the “Suggest new features” in this forum. One thread for one rule to keep things clean. For “Rule S4721: Executing OS commands is security-sensitive”, we are going to adjust the implementation, no need to do an extra post. Thanks

Hello, [image] Alexandre_Gigleux: Do you have a public repository where I can look at your implementation to get more details about what these rules are catching, then we could decide to provide similar feature natively in SonarPHP. Also, if you have a way to provide explanations what is the r…

SonarPHP security good practices

SonarQube Server / Community Build Writing rules

Topic		Replies	Views
Create PHP plugin to detect RCE Writing rules php	3	845	June 14, 2018
No issue detected in "Damn Vulnerable Web App" SonarQube Server / Community Build php	1	1697	December 19, 2018
SonarLint missing PHP exec() security vulnerability (command injection) VS Code vscode , security , php8	2	1401	May 13, 2022
Php/SQL injection in variables SonarQube Server / Community Build php	1	1540	February 5, 2021
Sonar-way default profile not detecting Python vulnerabilities SonarQube Cloud	6	523	May 1, 2023

SonarPHP security good practices

Related topics