Don't use this piece of software anymore as the underlying web service will stop working at the end of January 2021. Instead, use the Open-Source CLI tool that does the same locally, or use the Symfony CLI tool.
This extension provides a way to automatically or manually check your installed vendor extensions and the Contao core against the open vulnerability database at FriendsOfPHP/security-advisories.
--
Features included:
- Perform the check regularly.
- Get an E-Mail if the audit failed in any way. (Or always get an email if a check was performed. Your choice.)
- Start the check manually.
- Suppress notifications for manually started checks.
--
Note: A clean check does not imply that there are no security problems present, it just means that the test against the underlying database reveiled nothing.
Perform the following steps to install and use the basic functionality of the OneupUploaderBundle:
- Download the ContaoSecurityCheckerBundle using Composer
- Enable the bundle
- Configure the bundle
Add OneupUploaderBundle to your composer.json using the following construct:
$ composer require oneup/contao-security-checker-bundle "^0.4"
Composer will install the bundle to your project's vendor/oneup/contao-security-checker-bundle
directory.
Enable the bundle in the kernel:
<?php
// app/AppKernel.php
public function registerBundles()
{
$bundles = [
// ...
new Oneup\Bundle\ContaoSecurityCheckerBundle\OneupContaoSecurityCheckerBundle(),
];
}
Enable the bundles api route:
# app/config/routing.yml
oneup_contao_security_checker:
prefix: /security-advisories
resource: "@OneupContaoSecurityCheckerBundle/Resources/config/routing.yml"
# ...
Add this little configuration to your app/config/config.yml
and adjust it to your needs.
# app/config/config.yml
# OneupContaoSecurityChecker configuration
oneup_contao_security_checker:
enable_notifications: true
suppress_manual_audits: false
notify_only_failed_audits: true
notification_email: [email protected]
cron_cycle: daily
enable_cron: true
enable_api: false
api_key: ~
- Version 0.4.0 Added an API endpoint, per default disabled (see #7)
- Version 0.3.0 Added Contao Manager Plugin
- Version 0.2.0 Renamed Bundle (update/check your
app/config/config.yml
) - Version 0.1.0 Initial release
This bundle is under the MIT license. See the complete license in the bundle.
Issues and feature requests are tracked in the Github issue tracker.
When reporting a bug, it may be a good idea to reproduce it in a basic project built using the Contao Standard Edition to allow developers of the bundle to reproduce the issue by simply cloning it and following some steps.