Git Product home page Git Product logo

security-checker's Introduction

Enlightn

tests LGPLv3 Licensed Latest Stable Version Total Downloads Twitter Follow

A Laravel Tool To Boost Your App's Performance & Security

Enlightn

Introduction

Think of Enlightn as your performance and security consultant. Enlightn will "review" your code and server configurations, and give you actionable recommendations on improving performance, security and reliability!

The Enlightn OSS (open source software) version has 66 automated checks that scan your application code, web server configurations and routes to identify performance bottlenecks, possible security vulnerabilities and code reliability issues.

Enlightn Pro (commercial) is available for purchase on the Enlightn website and has an additional 64 automated checks (total of 131 checks).

Performance Checks (37 Automated Checks including 19 Enlightn Pro Checks)

  • ๐Ÿš€ Performance Quick Wins (In-Built In Laravel): Route caching, config caching, etc.
  • โณ Performance Bottleneck Identification: Middleware bloat, identification of slow, duplicate and N+1 queries, etc.
  • ๐Ÿฝ๏ธ Serving Assets: Minification, cache headers, CDN and compression headers.
  • ๐ŸŽ›๏ธ Infrastructure Tuning: Opcache, cache hit ratio, unix sockets for single server setups, etc.
  • ๐Ÿ›ธ Choosing The Right Driver: Choosing the right session, queue and cache drivers for your app.
  • ๐Ÿ† Good Practices: Separate Redis databases for locks, dont install dev dependencies in production, etc.

Security Checks (49 Automated Checks including 28 Enlightn Pro Checks)

  • ๐Ÿ”’ Basic Security: Turn off app debug in production, app key, CSRF protection, login throttling, hash strength, etc.
  • ๐Ÿช Cookie Security and Session Management: Cookie encryption, secure cookie attributes, session timeouts, etc.
  • ๐Ÿƒ Mass Assignment: Detection of mass assignment vulnerabilities, unguarded models, etc.
  • โ˜ข๏ธ SQL Injection Attacks: Detection of raw SQL injection, column name SQL injection, validation rule injection, etc.
  • ๐Ÿ“œ Security Headers: XSS, HSTS, clickjacking and MIME protection headers.
  • ๐Ÿ“ Unrestricted File Uploads and DOS Attacks: Detection of directory traversal, storage DOS, unrestricted file uploads, etc.
  • ๐Ÿ’‰ Injection and Phishing Attacks: Detection of command injection, host injection, object injection, open redirection, etc.
  • ๐Ÿ“ฆ Dependency Management: Backend and frontend vulnerability scanning, stable and up-to-date dependency checks, licensing, etc.

Reliability Checks (45 Automated Checks including 17 Enlightn Pro Checks)

  • ๐Ÿง Code Reliability and Bug Detection: Invalid function calls, method calls, offsets, imports, return statements, syntax errors, invalid model relations, etc.
  • ๐Ÿ’ช Health Checks: Health checks for cache, DB, directory permissions, migrations, disk space, symlinks, Redis, etc.
  • โš™๏ธ Detecting Misconfigurations: Cache prefix, queue timeouts, failed job timeouts, Horizon provisioning plans, eviction policy, etc.
  • ๐Ÿ‘ป Dead Routes and Dead Code: Detection of dead routes and dead/unreachable code.
  • ๐Ÿ… Good Practices: Cache busting, Composer scripts, env variables, avoiding globals and superglobals, etc.

Documentation

Each of the 131 checks available are well documented. You can find the complete documentation here.

Compatibility Matrix

Enlightn Laravel Larastan PHPStan
1.x 6.x-9.x 0.6x-1.x 0.12x-1.1x
2.x 9.x-11.x 2.x 1.4x+

Note: The same compatibility matrix applies for Enlightn Pro versions.

Installing Enlightn OSS

You may install Enlightn into your project using the Composer package manager:

composer require enlightn/enlightn

After installing Enlightn, you may publish its assets using the vendor:publish Artisan command:

php artisan vendor:publish --tag=enlightn

Note: If you need to install Enlightn Pro, visit the documentation on the Enlightn website here.

Running Enlightn

After installing Enlightn, simply run the enlightn Artisan command to run Enlightn:

php artisan enlightn

You may add the --report flag, if you wish to view your reports in the Enlightn Web UI besides the terminal:

php artisan enlightn --report

If you wish to run specific analyzer classes, you may specify them as optional arguments:

php artisan enlightn Enlightn\\Enlightn\\Analyzers\\Security\\CSRFAnalyzer Enlightn\\EnlightnPro\\Analyzers\\Security\\DirectoryTraversalAnalyzer

Note that the class names should be fully qualified and escaped with double slashes as above.

Recommended to Run In Production

If you want to get the full Enlightn experience, it is recommended that you at least run Enlightn once in production. This is because several of Enlightn's checks are environment specific. So they may only be triggered when your app environment is production.

In case you don't want to run on production, you can simulate a production environment by setting your APP_ENV to production, setting up services and config as close to production as possible and running your production deployment script locally. Then run the Enlightn Artisan command.

View Detailed Error Messages

By default, the enlightn Artisan command highlights the file paths, associated line numbers and a message for each failed check. If you wish to display detailed error messages for each line, you may use the --details option:

php artisan enlightn --details

Usage in CI Environments

If you wish to integrate Enlightn with your CI, you can simply trigger the --ci option when running Enlightn in your CI/CD tool:

php artisan enlightn --ci

You may add the --report flag if you wish to view your CI reports in the Enlightn Web UI. Remember to add your project credentials to your config/enlightn.php file as explained here.

php artisan enlightn --ci --report

Enlightn pre-configures which analyzers can be run in CI mode for you. So, the above command excludes analyzers that need a full setup to run (e.g. analyzers using dynamic analysis).

For more information on CI integration, refer the Enlightn documentation.

Establishing a Baseline

Sometimes, especially in CI environments, you may want to declare the currently reported list of errors as the "baseline". This means that the current errors will not be reported in subsequent runs and only new errors will be flagged.

To generate the baseline automatically, you may run the enlightn:baseline Artisan command:

php artisan enlightn:baseline

If you wish to run this command in CI mode, you can use the --ci option:

php artisan enlightn:baseline --ci

For more information on establishing a baseline, refer the docs.

Web UI

Enlightn offers a beautiful Web UI dashboard where you can view your Enlightn reports triggered from your CI or scheduled command runs.

Enlightn Web UI Dashboard

The web UI is free for all users and includes the following:

  1. Statistics on pass percentages (overall and by category).
  2. All failed checks along with code snippets related to the checks (if any).
  3. Metrics on number of new and resolved issues (compared with the most recent report running on the same app URL, environment and project).

To get access to the Web UI, all you need to do is signup for free on the Enlightn website and follow the instructions mentioned here.

Scheduling Enlightn Runs

Besides integrating Enlightn with your CI/CD tool, it's a good practice to schedule an Enlightn run on a regular frequency (such as daily or weekly) like so:

// In your app/Console/Kernel.php file:

/**
 * Define the application's command schedule.
 *
 * @param  \Illuminate\Console\Scheduling\Schedule  $schedule
 * @return void
 */
protected function schedule(Schedule $schedule)
{
    $schedule->command('enlightn --report')->runInBackground()->daily()->at('01:00');
}

This will allow you to monitor Enlightn's dynamic analysis checks, which are typically excluded from CI. The reports can be viewed on the Enlightn Web UI.

GitHub Bot Integration

Enlightn offers a GitHub bot that can prepare a report highlighting failed checks and also add review comments for pull requests on the lines of code that introduce new issues.

Enlightn GitHub Bot Review Comments

To integrate with the Enlightn GitHub bot, refer the docs.

Failed Checks

All checks that fail will include a description of why they failed along with the associated lines of code (if applicable) and a link to the documentation for the specific check.

Enlightn Failed Check

Report Card

Finally, after all the checks have run, the enlightn Artisan command will output a report card, which contains information on how many and what percentage of checks passed, failed or were skipped.

Enlightn Report Card

The checks indicated as "Not Applicable" were not applicable to your specific application and were skipped. For instance, the CSRF analyzer is not applicable for stateless applications.

The checks reported under the "Error" row indicate the analyzers that failed with exceptions during the analysis. Normally, this should not happen but if it does, the associated error message will be displayed and may have something to do with your application.

How Frequently Should I Run Enlightn?

A good practice would be to run Enlightn every time you are deploying code or pushing a new release. It is recommended to integrate Enlightn with your CI/CD tool so that it is triggered for every push or new release.

Besides the automated CI checks, you should also run Enlightn on a regular frequency using a scheduled console command as described above. This will allow you to monitor the dynamic analysis checks, which are typically excluded from CI.

Featured On

Laravel News ย ย ย  OWASP ย ย ย  NIST

Flagship OSS Projects Using Enlightn

Laravel.io ย ย ย  Akaunting

OS Compatibility

Only MacOS and Linux systems are supported for Enlightn. Windows is currently not supported.

Contribution Guide

Thank you for considering contributing to Enlightn! The contribution guide can be found here.

Support Policy

Our support policy can be found in the Enlightn documentation.

License

The Enlightn OSS (on this GitHub repo) is licensed under the LGPL v3 (or later) license.

Enlightn Pro is licensed under a commercial license.

security-checker's People

Contributors

ajgarlag avatar chris8934 avatar jleonardolemos avatar kbond avatar m1guelpf avatar paras-malhotra avatar thomasderoo4 avatar tobias47n9e avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

helturkey sysource thomasderoo4 crazyjoe1291 aidotno whoami15 alexr3 dziamid-harbatsevich kbond imranayari hamedrajabpour eppak jhonne mglaman anthnyrys-dev sankethiyer ribafs arjenschol alefinvest nagyist serjio-dev tobias47n9e thecaliskan maxdgt

security-checker's Issues

feature request: add a way to whitelist security issues

Sometimes the real world happens, and you want to whitelist a security issue. There are multiple valid reasons for doing this like
for example the code path with the vulnerability isn't reachable

i would think something like would work,
--whitelist identifier where identifier could be a CVE or GHSA or other ID

Allow all supported symfony versions

Currently, this package is not compatbile with Symfony <5.2 because it requires symfony/yaml:^5.2

I think it should be compatible with any supported Symfony version: currently ^3.4|^4.4|^5.2

What do you think?

Unzip problems with v1.8.0+

Hi,

This change has broken this tool for me.

I am using the php:7.1-fpm-alpine Docker image and trying to run the security-checker fails with the following error:

image

v1.7.0 works fine:

image

I presume the problem is that the version of unzip within BusyBox cannot handle the zip file:

image

Because it works fine on the unzip command in my host OS (Ubuntu 20.04

Cheers!

Dan

cannot delete old /tmp/php_security_advisories/security-advisories-master/.editorconfig Permission denied

jorijn/laravel-security-checker#45 (comment)

it should create temporary files inside ~/tmp not /tmp

that result in permission denied:

The command "'unzip' '-qq' '-o' '/tmp/php_security_advisories.zip' '-d' '/tmp/php_security_advisories'" failed.

Exit Code: 50(Unknown error)

Working directory: /home/quizloyal/public_html/quizloyal

Output:
================


Error Output:
================
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/.editorconfig
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/.github/workflows/php.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/.gitignore
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/3f/pygmentize/2017-05-15.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/LICENSE
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/README.md
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/adodb/adodb-php/2018-03-06.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/adodb/adodb-php/CVE-2016-4855.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/alterphp/easyadmin-extension-bundle/2018-10-02.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/amphp/artax/2017-05-09.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/amphp/artax/CVE-2016-5385.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/amphp/http-client/2020-06-16.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/amphp/http/2018-03-15.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2020-13665.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2020-13666.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2020-13667.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2020-13668.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2020-13669.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2020-13670.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2020-13671.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2020-13672.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2021-33829.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2022-25275.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2022-25277.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/core/CVE-2022-25278.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2018-10-17-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2018-10-17-2.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2018-10-17-3.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2018-10-17-4.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2018-10-17-5.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2019-12-18-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2019-12-18-2.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2019-12-18-3.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2019-12-18-4.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2020-03-18.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2020-05-20-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2020-11-25.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/2021-05-26.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3162.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3163.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3164.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3165.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3166.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3167.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3168.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3169.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3170.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-3171.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-5385.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-6211.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/drupal/drupal/CVE-2016-6212.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/erusev/parsedown/CVE-2018-1000162.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/erusev/parsedown/CVE-2019-10905.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/demobundle/2020-04-21-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ez-support-tools/2020-12-01-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezdemo-ls-extension/2020-04-21-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezfind-ls/2019-05-23-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezplatform-admin-ui-assets/2019-07-04-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezplatform-admin-ui-assets/2020-08-07-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezplatform-admin-ui/2019-04-03-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezplatform-admin-ui/CVE-2019-12139.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezplatform-kernel/2020-05-20-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezplatform-user/2019-04-03-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezplatform/2019-06-27-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezplatform/2019-09-03-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezplatform/2019-09-03-2.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-kernel/2018-11-21-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-kernel/2020-03-03-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-kernel/2020-05-20-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-legacy/2017-09-11-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-legacy/2018-02-26-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-legacy/2018-10-31-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-legacy/2018-11-01-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-legacy/2018-11-21-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-legacy/2020-03-03-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-legacy/2020-10-05-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/platform-ui-assets-bundle/2020-08-07-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezsystems/repository-forms/2018-11-20-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezyang/htmlpurifier/CVE-2010-2479.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ezyang/htmlpurifier/CVE-2010-4183.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/facade/ignition/CVE-2021-3129.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/firebase/php-jwt/2015-04-02.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/firebase/php-jwt/CVE-2021-46743.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/fixpunkt/fp-masterquiz/CVE-2022-47407.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/fixpunkt/fp-newsletter/CVE-2022-47408.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/fooman/tcpdf/CVE-2018-17057.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/fossar/tcpdf-parser/CVE-2018-17057.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/frappant/frp-form-answers/CVE-2023-26091.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/friendsofsymfony/oauth2-php/2020-03-03-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/friendsofsymfony/rest-bundle/2014-01-22-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/friendsofsymfony/user-bundle/2012-07-10-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/friendsofsymfony/user-bundle/2012-07-10-2.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/friendsofsymfony/user-bundle/2014-09-04-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/friendsofsymfony/user-bundle/CVE-2013-5750.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/friendsoftypo3/mediace/CVE-2020-15086.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/fuel/core/2016-06-29-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/fuel/core/2018-04-14-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/gos/web-socket-bundle/2020-07-06-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/gree/jose/2016-08-30.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/gregwar/rst/2016-10-31.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/guzzlehttp/guzzle/CVE-2016-5385.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/guzzlehttp/guzzle/CVE-2022-29248.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/guzzlehttp/guzzle/CVE-2022-31042.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/guzzlehttp/guzzle/CVE-2022-31043.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/guzzlehttp/guzzle/CVE-2022-31090.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/guzzlehttp/guzzle/CVE-2022-31091.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/guzzlehttp/psr7/CVE-2022-24775.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/guzzlehttp/psr7/CVE-2023-29197.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/auth/2014-04-15.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/auth/CVE-2017-14775.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/auth/CVE-2017-9303.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/cookie/2018-08-08-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/cookie/2020-07-27-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/database/2014-05-20.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/database/2021-01-21.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/database/2021-04-28.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/database/CVE-2020-24940.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/database/CVE-2021-21263.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/encryption/2018-03-30-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/view/2020-03-13-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/illuminate/view/CVE-2021-43808.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/in2code/femanager/CVE-2022-44543.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/in2code/femanager/CVE-2023-25013.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/in2code/femanager/CVE-2023-45023.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/in2code/femanager/CVE-2023-50459.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/in2code/ipandlanguageredirect/CVE-2023-35782.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/in2code/lux/CVE-2022-35628.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/ivankristianto/phpwhois/CVE-2015-5243.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/james-heinrich/getid3/CVE-2014-2053.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/joomla/archive/CVE-2021-26028.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/joomla/archive/CVE-2022-23793.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/joomla/filesystem/CVE-2022-23794.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/joomla/filter/CVE-2022-23800.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/joomla/input/CVE-2022-23799.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/joomla/session/CVE-2015-8566.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/jsmitty12/phpwhois/CVE-2015-5243.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/kazist/phpwhois/CVE-2015-5243.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/klaviyo/magento2-extension/2021-05-25-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/knplabs/knp-snappy/CVE-2023-28115.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/knplabs/knp-snappy/CVE-2023-41330.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/kreait/firebase-php/CVE-2018-1000025.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/la-haute-societe/tcpdf/CVE-2018-17057.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laminas/laminas-diactoros/CVE-2022-31109.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/fortify/CVE-2022-25838.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/2014-04-15.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/2014-05-20.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/2018-03-30-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/2018-08-08-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/2020-03-13-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/2020-07-27-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/2020-08-06-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/2021-01-21.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/2021-04-28.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/CVE-2017-14775.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/CVE-2017-9303.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/CVE-2021-21263.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/CVE-2021-43617.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/laravel/framework/CVE-2021-43808.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-7942.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-7944.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-7945.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-7947.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-7950.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-7951.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8090.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8092.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8093.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8107.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8108.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8109.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8110.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8111.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8112.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8113.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8114.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8115.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8116.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8117.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8118.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8119.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8120.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8121.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8122.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8123.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8124.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8126.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8127.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8128.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8129.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8130.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8131.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8132.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8133.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8134.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8135.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8136.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8137.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8138.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8139.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8140.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8141.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8142.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8143.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8144.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8145.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8146.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8147.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8148.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8149.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8150.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8151.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8152.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8153.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8154.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8156.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8157.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8158.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/magento/product-community-edition/CVE-2019-8159.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/matyhtf/framework/CVE-2021-43676.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mautic/core/CVE-2020-35124.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mautic/core/CVE-2020-35125.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mautic/core/CVE-2021-27908.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mautic/core/CVE-2021-27909.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mautic/core/CVE-2021-27910.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mautic/core/CVE-2021-27911.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mautic/core/CVE-2021-27912.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mautic/core/CVE-2021-27913.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mautic/core/CVE-2021-3142.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2018-0503.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2018-0504.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2018-0505.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2018-13258.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-12466.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-12467.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-12468.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-12469.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-12470.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-12471.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-12472.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-12473.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-12474.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-16738.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2019-19709.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2020-10959.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2020-10960.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2020-25812.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2020-25813.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2020-25814.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2020-25815.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2020-25827.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mediawiki/core/CVE-2020-25828.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/microweber/microweber/CVE-2023-6566.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/monolog/monolog/2014-12-29-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/mustache/mustache/CVE-2022-0323.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/namshi/jose/2015-02-19.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/namshi/jose/2015-03-10.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/flow/2012-03-28.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/flow/2015-11-23.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/flow/2016-11-01.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/flow/2017-04-12.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/flow/CVE-2013-7082.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/form/CVE-2021-32697.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/neos/2015-03-28.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/neos/2015-11-23.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/neos/2019-06-17.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/neos/CVE-2022-30429.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/neos/swiftmailer/2017-01-06.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/nette/application/CVE-2020-15227.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/nette/nette/CVE-2020-15227.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/nyholm/psr7/2023-04-17.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/nystudio107/craft-seomatic/2020-04-28-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/nzo/url-encryptor-bundle/2020-05-03.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/onelogin/php-saml/2017-02-28.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/onelogin/php-saml/CVE-2016-1000253.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/oneup/uploader-bundle/CVE-2020-5237.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/openid/php-openid/CVE-2013-4701.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/oro/crm/2015-07-08.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/oro/platform/2015-07-08.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/padraic/humbug_get_contents/CVE-2016-5385.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/pagarme/pagarme-php/2017-11-20.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/paragonie/random_compat/2016-03-16.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/passbolt/passbolt_api/2019-02-11-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/passbolt/passbolt_api/2019-02-11-2.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/passbolt/passbolt_api/2019-02-11-3.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/passbolt/passbolt_api/2019-08-07-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/passbolt/passbolt_api/2019-08-07-2.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/passbolt/passbolt_api/2019-08-07-3.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/passbolt/passbolt_api/CVE-2017-1000442.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/paypal/merchant-sdk-php/CVE-2017-6099.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/pear/archive_tar/CVE-2018-1000888.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/pear/archive_tar/CVE-2020-28949.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/pear/archive_tar/CVE-2020-36193.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpbb/phpbb/CVE-2020-8226.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmailer/phpmailer/CVE-2015-8476.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmailer/phpmailer/CVE-2016-10033.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmailer/phpmailer/CVE-2016-10045.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmailer/phpmailer/CVE-2017-11503.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmailer/phpmailer/CVE-2017-5223.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmailer/phpmailer/CVE-2018-19296.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmailer/phpmailer/CVE-2020-36326.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmailer/phpmailer/CVE-2021-34551.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmailer/phpmailer/CVE-2021-3603.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmyadmin/phpmyadmin/CVE-2020-26934.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmyadmin/phpmyadmin/CVE-2020-26935.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpoffice/phpexcel/CVE-2018-19277.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpoffice/phpspreadsheet/CVE-2018-19277.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpoffice/phpspreadsheet/CVE-2019-12331.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpoffice/phpspreadsheet/CVE-2020-7776.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpseclib/phpseclib/CVE-2021-30130.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpseclib/phpseclib/CVE-2023-27560.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpseclib/phpseclib/CVE-2023-49316.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpunit/phpunit/CVE-2017-9841.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpwhois/phpwhois/CVE-2015-5243.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpxmlrpc/extras/2017-10-29.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpxmlrpc/phpxmlrpc/2022-11-28-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/phpxmlrpc/phpxmlrpc/2022-11-28-2.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/propel/propel/2018-02-14.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/propel/propel1/2018-02-14.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/pusher/pusher-php-server/2015-05-13.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/react/http/CVE-2022-36032.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/react/http/CVE-2023-26044.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/rmccue/requests/CVE-2021-29476.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/robrichards/xmlseclibs/2018-09-27.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/robrichards/xmlseclibs/CVE-2019-3465.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/rudloff/alltube/CVE-2022-0692.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/rudloff/alltube/CVE-2022-0768.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/rudloff/alltube/CVE-2022-24739.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/sabberworm/php-css-parser/CVE-2020-13756.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/sabre/dav/CVE-2013-1939.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/sabre/dav/CVE-2014-2055.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/scheb/two-factor-bundle/2018-07-08.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/scheb/two-factor-bundle/2019-12-19.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/sensiolabs/connect/2018-06-08-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/serluck/phpwhois/CVE-2015-5243.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/shopware/shopware/2017-01-24.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/shopware/shopware/2017-01-25.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/shopware/shopware/2017-06-22.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/shopware/shopware/2018-01-22.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/shopware/shopware/CVE-2016-3109.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/admin/CVE-2021-36150.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/admin/CVE-2022-38146.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/admin/SS-2018-004-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/admin/SS-2023-001.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/admin/SS-2023-002.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/assets/CVE-2019-12245.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/assets/CVE-2020-9280.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/assets/CVE-2022-29858.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/assets/CVE-2022-38147.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/assets/CVE-2022-38724.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/cms/CVE-2022-37421.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/cms/SS-2015-003-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/cms/SS-2015-005-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/cms/SS-2015-008-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/comments/SS-2018-015-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/forum/SS-2015-017-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-12203.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-12204.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-12205.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-12246.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-12617.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-14272.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-14273.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-16409.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-19325.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-19326.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2019-5715.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2020-26138.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2020-6164.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2020-9311.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2021-25817.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2021-41559.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2022-25238.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2022-28803.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2022-37429.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2022-37430.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2022-38148.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2022-38462.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2022-38724.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2023-22728.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2023-22729.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/CVE-2023-32302.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2014-015-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2014-017-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-004-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-006-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-007-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-009-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-010-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-011-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-012-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-013-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-014-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-015-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-016-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-026-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-027-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2015-028-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-002-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-003-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-004-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-005-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-006-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-007-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-008-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-010-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-011-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-012-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-013-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-014-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-015-1.yaml
        Permission denied
error:  cannot delete old /tmp/php_security_advisories/security-advisories-master/silverstripe/framework/SS-2016-016-1.yaml
        Permission denied

Use http client discovery

The security checker now has a hard dependency on guzzlehttp/guzzle, which unfortunately had a few security issues in the last weeks. So even when not using guzzlehttp in your application, this would generate a security warning.

By following https://docs.php-http.org/en/latest/httplug/library-developers.html we implemented ClientDiscovery so an existing PSR-18 compatible HTTP client (i.e. symfony/http-client) could be reused.

Unfortunately this is not possible while keeping PHP 5.6 support because psr/http-factory requires >= 7.0.

Is this acceptable for a 1.11 release or should it target a 2.0 release?
composer.json must be updated according to this choice..

See #29

Permission failure when using this package with multiple users on the same server

Hello,

I am using this package through https://github.com/Jorijn/laravel-security-checker . When using this package on one server with multiple users(user1, user2), user1 is the owner of the file /tmp/php_security_advisories.json. So any attempt to run the security checker with user2 gives me a 'Permission Denied'.

user1 works completely as expected. user2 gets the following error:

file_put_contents(/tmp/php_security_advisories.json): failed to open stream: Permission denied.
vendor/enlightn/security-checker/src/AdvisoryFetcher.php:138

Possible solution: Maybe the library on user1 could delete the files when its done with them, so user2 can put the required files there when it needs to.

Best regards,
Thomas

PHP Fatal error: Uncaught Error: Class 'Symfony\Component\Process\ExecutableFinder' not found

[20-Jan-2024 05:35:13 UTC] PHP Fatal error: Uncaught Error: Class 'Symfony\Component\Process\ExecutableFinder' not found in phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/ZipExtractor.php:39
Stack trace:
#0 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/ZipExtractor.php(19): Enlightn\SecurityChecker\ZipExtractor->unzipCommandExists()
#1 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/AdvisoryFetcher.php(44): Enlightn\SecurityChecker\ZipExtractor->extract('/tmp/php_securi...', '/tmp/php_securi...')
#2 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/SecurityChecker.php(26): Enlightn\SecurityChecker\AdvisoryFetcher->fetchAdvisories()
#3 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/SecurityCheckerCommand.php(72): Enlightn\SecurityChecker\SecurityChecker->check('composer.lock', false, Array)
#4 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/vendor/symfony in phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/ZipExtractor.php on line 39
[20-Jan-2024 05:37:14 UTC] PHP Fatal error: Uncaught Error: Class 'Symfony\Component\Process\ExecutableFinder' not found in phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/ZipExtractor.php:39
Stack trace:
#0 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/ZipExtractor.php(19): Enlightn\SecurityChecker\ZipExtractor->unzipCommandExists()
#1 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/AdvisoryFetcher.php(44): Enlightn\SecurityChecker\ZipExtractor->extract('/tmp/php_securi...', '/tmp/php_securi...')
#2 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/SecurityChecker.php(26): Enlightn\SecurityChecker\AdvisoryFetcher->fetchAdvisories()
#3 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/SecurityCheckerCommand.php(72): Enlightn\SecurityChecker\SecurityChecker->check('composer.lock', false, Array)
#4 phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/vendor/symfony in phar:///home/algfplkz/public_html/galaxyfundsinvest.com/security-checker.phar/src/ZipExtractor.php on line 39

Incompatibility with newest Symfony Console version

Error:
PHP Fatal error: Declaration of Enlightn\SecurityChecker\SecurityCheckerCommand::execute(Symfony\Component\Console\Input\InputInterface $input, Symfony\Component\Console\Output\OutputInterface $output) must be compatible with Symfony\Component\Console\Command\Command::execute(Symfony\Component\Console\Input\InputInterface $input, Symfony\Component\Console\Output\OutputInterface $output): int in /Users/alexblackburn/Packages/security-checker/src/SecurityCheckerCommand.php on line 60

Explanation:

The inherited method execute() is missing the int return type, which causes a fatal error.

Versions:

PHP 8.2.10
Enlightn 1.11.0

Steps to reproduce:

git clone https://github.com/enlightn/security-checker.git
cd security-checker
composer install
php security-checker security:check composer.lock

Replace `curl -sS https://getcomposer.org/installer | php` with link to docs?

First of all: thank you very much for making this available! In lieu of the Sensiolabs deprecation, it is much appriciated. ๐Ÿ™Œ

Now, to my issue...

The security-checker CLI file contains a line prompting people to run curl -sS https://getcomposer.org/installer | php.

For a security package, I find this in rather poor judgment.

I would strongly suggest that it would be better to just direct users to https://getcomposer.org/download/ and ask them to follow the instructions there.

Security issues aside, it can be confusing for users, as composer might be installed but simply not (yet) have run.

Less experienced users are likely to follow the suggestion ad-verbatim, which could lead to all sorts of trouble (which could easily be avoided by educating the user via the Composer install guide).

If you concur, I don't mind following up with an MR to make this happen.

Differences with composer audit

I found a project that was using security-checker and composer audit in the same CI pipeline but security-checker was reporting the same Drupal core issue as composer audit.

If this project has additional features over composer audit I think they should be listed in the readme or some kind of docs.

So far I only found advantages for composer audit

  • Some CVEs can be ignored in the composer.json file as opposed to command line options
  • It reports abandoned packages

Phar autoloader cannot find class Symfony\Component\Process\ExecutableFinder;

Downloaded latest phar file. Attempting to execute with php ./security-checker.phar security:check ./composer.lock --no-dev --temp-dir=/tmp. It fails with message:

PHP Fatal error:  Uncaught Error: Class 'Symfony\Component\Process\ExecutableFinder' not found in phar:///apps/foobar/security-checker.phar/src/ZipExtractor.php:39
Stack trace:
#0 phar:///apps/foobar/security-checker.phar/src/ZipExtractor.php(19): Enlightn\SecurityChecker\ZipExtractor->unzipCommandExists()
#1 phar:///apps/foobar/security-checker.phar/src/AdvisoryFetcher.php(44): Enlightn\SecurityChecker\ZipExtractor->extract()
#2 phar:///apps/foobar/security-checker.phar/src/SecurityChecker.php(25): Enlightn\SecurityChecker\AdvisoryFetcher->fetchAdvisories()
#3 phar:///apps/foobar/security-checker.phar/src/SecurityCheckerCommand.php(64): Enlightn\SecurityChecker\SecurityChecker->check()
#4 phar:///apps/foobar/security-checker.phar/vendor/symfony/console/Command/Command.php(256): Enlightn\SecurityChecker\SecurityCheckerCommand->execute()
#5 phar:///apps/foobar/security-checker.phar/vendor/symfony/console/Application.php(971): Symfony\Component\Console\Command\Command->run()
#6 phar:///apps/foobar/security-checker.phar/vendor/symfony/console/Applicatio in phar:///apps/rti/security-checker.phar/src/ZipExtractor.php on line 39

Source OS is Ubuntu 20.04LTS. Local PHP cli version is:

PHP 7.4.21 (cli) (built: Jul  1 2021 16:09:23) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.21, Copyright (c), by Zend Technologies

Tested with and without Ubuntu unzip package installed.
Thoughts?

Security check does not work properly with "dev" packages

The problem is that all occurrences of "v" in the version string are replaced by nothing.
This leads to the version "dev-master" becoming "de-master":

security-checker/src/Composer.php

Line 38 in ba15c4c

'version' => str_replace('v', '', $package['version']),

And therefore the implemented comparison in "isDevPackage" never matches:

security-checker/src/AdvisoryAnalyzer.php

Line 109 in ba15c4c

return ! is_null(preg_filter(['/-dev$/', '/^dev-/'], '', $version));

Apart from that, the ending delimiter is missing in this regular expression:

security-checker/src/AdvisoryAnalyzer.php

Line 42 in ba15c4c

$branchName = preg_replace('/.x$', '', $branch);

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.