DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-12 06:17:28 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

codeql sa

Browse source
This commit is contained in:
Maciej Domanski 2022-03-17 12:10:44 +01:00
parent 44d5b589bb
commit e09516d69b
8 changed files with 0 additions and 180 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/SA-codeql.yml vendored
View file

@ -1,21 +1,9 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: CodeQL Security Scan
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
# schedule:
# - cron: '15 17 * * 1'

36
.github/workflows/SA-phpstan.yml vendored
View file

@ -1,36 +0,0 @@
# This workflow runs PHPStan security analysis tool
# More information: https://github.com/phpstan/phpstan
name: PHPStan Security Scan
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
phpstan-security-scan:
name: PHPStan Security Scan
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v2
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.0'
#coverage: none
ini-values: "memory_limit=-1"
#extensions: mbstring, intl
- name: Download deps
run: composer update --no-interaction --no-progress
- name: Download PHPStan
run: composer require --dev phpstan/phpstan
- name: Download Larastan v1 # (Laravel Framework 6.20.44), v2 is for Laravel >=9
run: composer require nunomaduro/larastan:^1.0 --dev
- name: Download mcrypt helper
run: wget https://raw.githubusercontent.com/JetBrains/phpstorm-stubs/master/mcrypt/mcrypt.php -O _mcrypt_helper.php
- name: Delete conflicting file
run: rm -f database/migrations/2015_11_05_183749_image.php
- name: Execute PHPStan
run: vendor/bin/phpstan analyze app config routes --no-progress --error-format=github -l 5
env:
APP_KEY: APP_KEY_CREATED_FOR_PHPSTAN_SDLC

57
.github/workflows/SA-psalm.yml vendored
View file

@ -1,57 +0,0 @@
name: Psalm Security Scan
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
psalm-security-scan-basic:
name: Psalm Security Scan
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v2
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.0'
coverage: none
ini-values: "memory_limit=-1"
extensions: mbstring, intl
- name: Download deps
run: composer update --no-interaction --no-progress
- name: Install laravel-ide-helper
run: composer require --dev barryvdh/laravel-ide-helper
- name: Download Psalm
run: composer require --dev vimeo/psalm
- name: PHPDoc generation for Laravel Facades
run: php artisan ide-helper:generate
- name: Download mcrypt helper
run: wget https://raw.githubusercontent.com/JetBrains/phpstorm-stubs/master/mcrypt/mcrypt.php -O _mcrypt_helper.php
- name: Execute Psalm
run: ./vendor/bin/psalm --long-progress --output-format=github --no-cache
psalm-security-scan-taint-analysis:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v2
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.0'
coverage: none
ini-values: "memory_limit=-1"
extensions: mbstring, intl
- name: Download deps
run: composer update --no-interaction --no-progress
- name: Install laravel-ide-helper
run: composer require --dev barryvdh/laravel-ide-helper
- name: Download Psalm
run: composer require --dev vimeo/psalm
- name: Download mcrypt helper
run: wget https://raw.githubusercontent.com/JetBrains/phpstorm-stubs/master/mcrypt/mcrypt.php -O _mcrypt_helper.php
- name: PHPDoc generation for Laravel Facades
run: php artisan ide-helper:generate
- name: Execute Psalm (Taint Analysis)
run: ./vendor/bin/psalm --long-progress --output-format=github --taint-analysis

29
.github/workflows/SA-semgrep.yml vendored
View file

@ -1,29 +0,0 @@
name: Semgrep Security Scan
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
permissions:
contents: read
jobs:
semgrep-security-scan:
name: Semgrep Security Scan
runs-on: ubuntu-latest
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
# Fetch project source
- uses: actions/checkout@v2
- uses: returntocorp/semgrep-action@v1
with:
config: >- # more at semgrep.dev/explore
p/security-audit
p/secrets
p/phpcs-security-audit
env:
SEMGREP_TIMEOUT: 9900

9
dotenv.php
View file

@ -1,9 +0,0 @@
<?php
use Dotenv\Dotenv;
require __DIR__ . '/vendor/autoload.php';
$dotenv = Dotenv::create(dirname(__DIR__), 'snipe-it/.env.testing');
$dotenv->load(__DIR__.'/.env');
?>

14
phpstan.neon
View file

@ -1,14 +0,0 @@
includes:
- ./vendor/nunomaduro/larastan/extension.neon
parameters:
reportUnmatchedIgnoredErrors: false
bootstrapFiles:
# - dotenv.php
- c3.php
- _mcrypt_helper.php
ignoreErrors:
- '#PHPDoc tag .#'
excludePaths:
- tests/*
- vendor/*
- database/*

23
psalm.xml
View file

@ -1,23 +0,0 @@
<?xml version="1.0"?>
<psalm
errorLevel="7"
resolveFromConfigFile="true"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://getpsalm.org/schema/config"
xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
>
<projectFiles>
<directory name="app" />
<ignoreFiles>
<directory name="vendor" />
<directory name="tests" />
</ignoreFiles>
</projectFiles>
<stubs>
<file name="_ide_helper.php" />
<file name="_mcrypt_helper.php" />
</stubs>
<issueHandlers>
<UndefinedDocblockClass errorLevel="suppress" />
</issueHandlers>
</psalm>

BIN
public/js/plugins/chartjs/Chart.bundle.js
View file

Binary file not shown.