Page MenuHomePhabricator
Create Task
Maniphest T221477

Develop "security testing toolboxes" (PHP) for manual security reviews
Closed, ResolvedPublic
Actions

Description

These are simple "toolboxes" for developers to easily run security-related tooling, mostly to capture low-hanging fruit and provide baseline analyses. These are not in any way to be thought of as capable of performing exhaustive security reviews by themselves. They are in various states of development and I've been using some of them during security reviews. The goal here is to polish these and eventually push to wikimedia/security/tooling. Currently:

Details

SubjectRepoBranchLines +/-
Small improvements to php-security-tools grep scriptswikimedia/security/toolingmaster+205 -209
PHP-Security-Toolswikimedia/security/toolingmaster+1 K -0
Customize query in gerrit

Related Objects

Event Timeline

sbassett created this task.Apr 19 2019, 7:27 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 19 2019, 7:27 PM
sbassett triaged this task as Low priority.Apr 19 2019, 7:27 PM
sbassett updated the task description. (Show Details)
sbassett mentioned this in T218091: Security Team quarterly check in for April - June 2019.
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)Apr 19 2019, 8:12 PM
sbassett moved this task from Incoming to In Progress on the Security-Team board.Jun 11 2019, 7:24 PM
sbassett added a project: user-sbassett.Jun 26 2019, 7:32 PM
sbassett moved this task from Backlog to In Progress on the user-sbassett board.
sbassett moved this task from In Progress to Backlog on the user-sbassett board.Jul 10 2019, 9:10 PM
sbassett moved this task from Backlog to In Progress on the user-sbassett board.
sbassett removed a project: Security-Team.Sep 23 2019, 4:46 PM
gerritbot added a comment.Sep 25 2019, 10:12 PM

Change 539205 had a related patch set uploaded (by SBassett; owner: SBassett):
[wikimedia/security/tooling@master] PHP-Security-Tools

https://gerrit.wikimedia.org/r/539205

gerritbot added a project: Patch-For-Review.Sep 25 2019, 10:12 PM
sbassett removed a project: Patch-For-Review.Sep 25 2019, 10:14 PM
gerritbot added a comment.Nov 1 2019, 6:29 PM

Change 539205 merged by jenkins-bot:
[wikimedia/security/tooling@master] PHP-Security-Tools

https://gerrit.wikimedia.org/r/539205

sbassett raised the priority of this task from Low to Medium.Nov 1 2019, 6:38 PM
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)
sbassett moved this task from In Progress to Postponed on the user-sbassett board.Nov 1 2019, 7:07 PM
gerritbot added a comment.Nov 4 2019, 11:21 PM

Change 548546 had a related patch set uploaded (by SBassett; owner: SBassett):
[wikimedia/security/tooling@master] Small improvements to php-security-tools grep scripts

https://gerrit.wikimedia.org/r/548546

gerritbot added a project: Patch-For-Review.Nov 4 2019, 11:21 PM
gerritbot added a comment.Nov 5 2019, 3:31 PM

Change 548546 merged by jenkins-bot:
[wikimedia/security/tooling@master] Small improvements to php-security-tools grep scripts

https://gerrit.wikimedia.org/r/548546

sbassett renamed this task from Develop "security testing toolboxes" for manual security reviews, push to wikimedia/security/tooling repo to Develop "security testing toolboxes" (PHP) for manual security reviews.Nov 12 2019, 11:13 PM
sbassett closed this task as Resolved.
sbassett removed projects: Patch-For-Review, user-sbassett.
sbassett updated the task description. (Show Details)
sbassett added a project: Security-Team.
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.
sbassett mentioned this in T238167: Develop "security testing toolboxes" (Node/JS) for manual security reviews.Nov 12 2019, 11:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL