austinheap/php-security-txt

A package for manipulating `security.txt` documents in PHP 7+, based on configuration settings.

PHP 7+ security.txt Package

, _(*1)

, _(*2)

A package for manipulating security.txt documents in PHP 7+, based on configuration settings.

The purpose of this project is to create a set-it-and-forget-it package that can manipulate documents following the current security.txt spec. It is therefore highly opinionated but built for configuration., _(*3)

security.txt is a draft "standard" which allows websites to define security policies. This "standard" sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of robots.txt, but for security issues., _(*4)

There is documentation for php-security-txt online, the source of which is in the docs/ directory. The most logical place to start are the docs for the SecurityTxt class., _(*5)

Table of Contents

• Summary
• Installation
  • Step 1: Composer
  • Step 2: Manipulate a security.txt document
• Unit Tests
• References
• Credits
• License

Installation

Step 1: Composer

Via Composer command line:, _(*6)

$ composer require austinheap/php-security-txt

Or add the package to your composer.json:, _(*7)

{
    "require": {
        "austinheap/php-security-txt": "0.3.*"
    }
}

Step 2: Manipulate a security.txt document

To programatically create a security.txt document, you could do:, _(*8)

require_once 'vendor/autoload.php';

$writer = new \AustinHeap\Security\Txt\Writer;

print $writer->setContact('me@austinheap.com')
             ->setEncryption('http://some.url/pgp.key')
             ->setDisclosure('full')
             ->setAcknowledgement('http://some.url/acks')
             ->getText();

Which should output:, _(*9)

# Our security address
Contact: me@austinheap.com

# Our PGP key
Encryption: http://some.url/pgp.key

# Our disclosure policy
Disclosure: Full

# Our public acknowledgement
Acknowledgement: http://some.url/acks

#
# Generated by "php-security-txt" v0.3.2 (https://github.com/austinheap/php-security-txt/releases/tag/v0.3.2)
# in 0.041008 seconds on 2017-10-26 20:31:25.
#

Unit Tests

This package has aggressive unit tests built with PHPUnit., _(*10)

There are code coverage reports for php-security-txt available online., _(*11)

References

• A Method for Web Security Policies (draft-foudil-securitytxt-00)
• laravel-security-txt
• securitytext.org

Credits

This is a fork of austinheap/laravel-security-txt, which was a fork of InfusionWeb/laravel-robots-route, which was a fork of ellisthedev/laravel-5-robots, which was a fork of jayhealey/Robots, which was based on earlier work., _(*12)

• ellisio/laravel-5-robots Contributors
• InfusionWeb/laravel-robots-route Contributors
• austinheap/laravel-security-txt Contributors

License

The MIT License (MIT). Please see License File for more information., _(*13)