レシピをインストールしてみましょう。
脆弱性をcheckしてくれるツールです。
composer require sec-checker
下記はヘルプコマンドのように、どのレシピがインストールされているか、一覧で示してくれます。
$ php bin/console
Usage:
command [options] [arguments]
Options:
-h, --help Display this help message
-q, --quiet Do not output any message
-V, --version Display this application version
--ansi Force ANSI output
--no-ansi Disable ANSI output
-n, --no-interaction Do not ask any interactive question
-e, --env=ENV The Environment name. [default: "dev"]
--no-debug Switches off debug mode.
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
Available commands:
about Displays information about the current project
help Displays help for a command
list Lists commands
assets
assets:install Installs bundles web assets under a public directory
cache
cache:clear Clears the cache
cache:pool:clear Clears cache pools
cache:pool:delete Deletes an item from a cache pool
cache:pool:list List available cache pools
cache:pool:prune Prunes cache pools
cache:warmup Warms up an empty cache
config
config:dump-reference Dumps the default configuration for an extension
debug
debug:autowiring Lists classes/interfaces you can use for autowiring
debug:config Dumps the current configuration for an extension
debug:container Displays current services for an application
debug:event-dispatcher Displays configured listeners for an application
debug:router Displays current routes for an application
lint
lint:container Ensures that arguments injected into services match type declarations
lint:yaml Lints a file and outputs encountered errors
router
router:match Helps debug routes by simulating a path info match
secrets
secrets:decrypt-to-local Decrypts all secrets and stores them in the local vault.
secrets:encrypt-from-local Encrypts all local secrets to the vault.
secrets:generate-keys Generates new encryption keys.
secrets:list Lists all secrets.
secrets:remove Removes a secret from the vault.
secrets:set Sets a secret in the vault.
security
security:check Checks security issues in your project dependencies
レシピを使ってみる
security:check Checks security issues in your project dependencies
とあるので、使ってみましょう。
$ php bin/console security:check
Symfony Security Check Report
=============================
No packages have known vulnerabilities.
結果はNo packages have known vulnerabilities.ということで、脆弱性はないということがわかりました。
レシピを更新
$ composer install
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Nothing to install or update
Generating autoload files
19 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
Executing script cache:clear [OK]
Executing script assets:install public [OK]
Executing script security-checker security:check [OK]
インストールされたレシピの表示
$ composer recipes
Available recipes.
* doctrine/annotations
* sensio/framework-extra-bundle
* sensiolabs/security-checker
* symfony/console
* symfony/flex
* symfony/framework-bundle
* symfony/routing
Run:
* composer recipes vendor/package to see details about a recipe.
* composer recipes:install vendor/package --force -v to update that recipe.
Composerを使用してレシピの詳細を見る
レシピのURLやアプリにコピーされたファイルなどの詳細を確認できます。
$ composer recipes sensiolabs/security-checker
name : sensiolabs/security-checker
version : 4.0
status : up to date
installed recipe : https://github.com/symfony/recipes/tree/00f7b14/sensiolabs/security-checker/4.0
files :
└──config
└──packages
└──security_checker.yaml
パッケージとレシピの消去
$ composer remove sec-checker
Dependency "symfony/console" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Loading composer repositories with package information
Updating dependencies (including require-dev)
Restricting packages listed in "symfony/symfony" to "5.0.*"
Package operations: 0 installs, 0 updates, 3 removals
- Removing symfony/http-client-contracts (v2.0.1)
- Removing symfony/http-client (v5.0.7)
- Removing sensiolabs/security-checker (v6.0.3)
Writing lock file
Generating autoload files
18 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
Symfony operations: 1 recipe (3fdf671899d9caad636b0e20f6374d02)
- Unconfiguring sensiolabs/security-checker (>=4.0): From github.com/symfony/recipes:master
Executing script cache:clear [OK]
Executing script assets:install public [OK]
消去できました!