Security Check For Symfony Component-Based Projects

Misunderstandings and clashes of cultures and worrying may end up in good. It maybe hard to see the outcome but in the end with some favor this is good.

On June 17, 2014 I received this surprising message from @fabpot, the symfony lead maintainer, I was very sad to see this in such a way. It really saddened me for a bit, and made me think about my commenting a bit, then I went back and recalled and really was acting in my best for asking the right questions. Yet for some reason culturally, maybe having a bad day or other reason, I got discouraged in such a way.

Then I thought why not jumping and continuing in the idea so to really get an answer rather than just stay crying because someone did not like your question. Then I took on the challenge!

So I went and saw a commit from @fabpot himself adding it to the security-checker repo then I sent a PR to my own fork https://github.com/cordoval/security-checker/pull/1/files enabling the checker to become finally a phar for everybody to generate.

After this I went and prepared a script on Gush to test this approach, created a release of the phar on github and created a script to download it and run it and plugged it into the bldr.io bldr.yml file in the Gush project:

// ./secure
#!/usr/bin/env bash

securitychecker=$(which security-checker)
 
if [ -x "$securitychecker" ] ; then
    $securitychecker security:check
else
    if [ ! -f ./security-checker.phar ]; then
        wget https://github.com/cordoval/security-checker/releases/download/v1.3.1/security-checker.phar
    fi
 
    chmod +x ./security-checker.phar
    ./security-checker.phar security:check
fi

and task added to bldr.yml:

+        secure:
 +            calls:
 +                -
 +                    type: exec
 +                    failOnError: true
 +                    executable: ./secure
 +                    arguments: []

Then we get travis-ci happy about our security:

Screenshot 2014-06-18 23.10.00

I like @fabpot but no matter who is telling you to stop, if it is a good thing and you are asking questions my advise is to keep working on them.

Encouragements!

3 thoughts on “Security Check For Symfony Component-Based Projects

  1. @Stof don’t take the comments like that seriously. When they have a lots of emails plumbing it will be hard for them to keep track.

    You are doing a good job to the open-source, so keep the good work. Give some time before you answer / ask.

    Thank you

  2. This feature definitely comes in handy especially
    if you are trying to trim down your weight.
    This will help eliminate the unconscious snacking that is so much
    a part of being overweight. Note that doing the daily cleaning routine cleaning work to prevent the production of
    dirt and found that dirt should be removed in time, do not let it form a old scale and
    thick dirt.

Leave a Reply to Irving Cancel reply

Your email address will not be published. Required fields are marked *