-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsanctify-php.cabal
More file actions
124 lines (120 loc) · 3.56 KB
/
sanctify-php.cabal
File metadata and controls
124 lines (120 loc) · 3.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
cabal-version: 3.0
name: sanctify-php
version: 0.2.0
synopsis: Haskell-based PHP hardening and security analysis tool
description:
Sanctify-PHP transforms PHP code to be safer and more robust:
.
* Comprehensive PHP 8.2+ parser (readonly classes, DNF types, enums, attributes)
* Advanced security analysis (OWASP Top 10, ReDoS, SSRF, XXE, TOCTOU)
* WordPress-specific security checks (nonce, capabilities, AJAX, REST API)
* Automatic code transformations (sanitization, type hints, strict types)
* Multiple output formats (text, JSON, SARIF, HTML)
* Interactive fix mode and watch mode for development
* Infrastructure export (php.ini, nginx, Guix/Nix)
license: LicenseRef-PMPL-1.0-or-later
license-file: LICENSE
author: Jonathan D.A. Jewell
maintainer: j.d.a.jewell@open.ac.uk
category: Development, Security
build-type: Simple
extra-doc-files: README.adoc
common warnings
ghc-options: -Wall -Wcompat -Widentities -Wincomplete-record-updates
-Wincomplete-uni-patterns -Wmissing-export-lists
-Wmissing-home-modules -Wpartial-fields -Wredundant-constraints
library
import: warnings
exposed-modules:
Sanctify.Parser
Sanctify.AST
Sanctify.Analysis.Security
Sanctify.Analysis.Advanced
Sanctify.Analysis.Types
Sanctify.Analysis.Taint
Sanctify.Analysis.DeadCode
Sanctify.Transform.StrictTypes
Sanctify.Transform.TypeHints
Sanctify.Transform.Sanitize
Sanctify.Transform.Strict
Sanctify.WordPress.Constraints
Sanctify.WordPress.Hooks
Sanctify.WordPress.Security
Sanctify.Emit
Sanctify.Config
Sanctify.Report
Sanctify.Ruleset
other-modules:
Sanctify.Parser.Lexer
Sanctify.Parser.Token
build-depends:
base >=4.17,
text >=2.0,
containers >=0.6,
mtl >=2.3,
transformers >=0.6,
megaparsec >=9.0,
parser-combinators >=1.3,
aeson >=2.0,
yaml >=0.11,
filepath >=1.4,
directory >=1.3,
bytestring >=0.11,
vector >=0.13,
unordered-containers >=0.2,
prettyprinter >=1.7,
optparse-applicative >=0.18,
time >=1.12
hs-source-dirs: src
default-language: GHC2021
default-extensions:
OverloadedStrings
LambdaCase
DerivingStrategies
DeriveGeneric
DeriveAnyClass
executable sanctify
import: warnings
main-is: Main.hs
build-depends:
base >=4.17,
sanctify-php,
text,
containers,
mtl,
optparse-applicative,
filepath,
directory,
time,
aeson,
bytestring
hs-source-dirs: app
default-language: GHC2021
default-extensions:
OverloadedStrings
LambdaCase
test-suite sanctify-php-test
import: warnings
default-language: GHC2021
default-extensions:
OverloadedStrings
type: exitcode-stdio-1.0
hs-source-dirs: test
main-is: Spec.hs
other-modules:
ParserSpec
SecuritySpec
TransformSpec
build-depends:
base >=4.17,
sanctify-php,
hspec >=2.10,
hspec-discover >=2.10,
hspec-megaparsec >=2.2,
hspec-golden >=0.2,
text,
containers,
filepath,
directory
build-tool-depends:
hspec-discover:hspec-discover >=2.10