Problem/Motivation

The DrupalSecure code sniffs add (basic) testing for common know security faults. They were suggested for inclusion in coder in the past but the issue was closed out when 7.x branch was discontinued, see #1844870: Security Sniffs

These sniffs provide for warning where security vulnerabilities may exist in a project (though they could use a few additions) and when enabled can help detect possible concerns.

The sniffs have been used for years as part of the pareview.sh project.

Proposed resolution

Include the DrupalSecure sniffs as part of coder, where they can be more easily used by the community and receive updates from the community along side the rest of the sniffs.

Remaining tasks

User interface changes

None

API changes

None

Data model changes

None

Comments

cmlara created an issue. See original summary.

solideogloria’s picture

solideogloria commented
Version: 8.3.16 » 8.3.x-dev
Issue tags: +PAreview: security

I think this is a good idea. The code for the DrupalSecure sniffs isn't being maintained right now, and there hasn't been a commit on the project in the last 11 years.

If PAReview.sh is going to continue to use the sniffs, it'd be a good idea to move them to where they can be updated and maintained. The sniffs were written for PHP 5 and older versions of Drupal, so they could use some love.

cmlara’s picture

cmlara
he/him
commented

Removing “PAreview: security” tag as it is reserved for tracking applications that have detected a security vulnerability.

cmlara’s picture

cmlara
he/him
commented
Issue tags: -PAreview: security