PHPackages dlongopinc/php-security-analyzer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. dlongopinc/php-security-analyzer ActiveLibrary[Security](/categories/security) dlongopinc/php-security-analyzer ================================ A comprehensive static analysis tool to find potential security vulnerabilities in PHP code. v1.3.0(7mo ago)014MITPHP Since Aug 26Pushed 2mo agoCompare [ Source](https://github.com/dlongopinc/php-security-analyzer)[ Packagist](https://packagist.org/packages/dlongopinc/php-security-analyzer)[ RSS](/packages/dlongopinc-php-security-analyzer/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (1)Versions (12)Used By (0) PHP Security Analyzer ===================== [](#php-security-analyzer) [](https://www.google.com/search?q=https://packagist.org/packages/dlongopinc/php-security-analyzer)[](https://www.google.com/search?q=https://packagist.org/packages/dlongopinc/php-security-analyzer)[](https://www.google.com/search?q=https://packagist.org/packages/dlongopinc/php-security-analyzer) A simple, fast, and standalone tool to find potential security vulnerabilities in PHP code. ### 📜 About The Project [](#-about-the-project) The **PHP Security Analyzer** is a static code analysis tool designed to help developers identify common security issues in their PHP applications, with a primary focus on **Cross-Site Scripting (XSS)** vulnerabilities. It scans your code for unsanitized user inputs from superglobals (`$_GET`, `$_POST`, `$_REQUEST`, etc.) and provides actionable suggestions for how to fix them. This tool can be used as a standalone web interface for quick scans or integrated into your projects as a Composer library for automated checks. ### ✨ Features [](#-features) - **Core Analysis Logic**: A modular PHP class that performs static analysis on your code. - **Simple Web UI**: A user-friendly web interface to scan an entire directory and view a detailed report. - **Automated Fix Suggestions**: Provides specific code snippets to secure vulnerable lines. - **Flexible Detection**: Capable of tracing variables from superglobals even after they are assigned to other variables. --- ### ⚠️ Important Security Warning [](#️-important-security-warning) This tool and its web interface are **designed exclusively for local development and testing environments**. **DO NOT** upload the `public/index.php` file or the entire analyzer directory to a live production server. Doing so could expose your server and its files to unauthorized access and security risks. --- ### 🚀 Getting Started [](#-getting-started) #### Method 1: As a Standalone Web Interface [](#method-1-as-a-standalone-web-interface) 1. Clone the repository: ``` git clone https://github.com/dlongopinc/php-security-analyzer.git cd php-security-analyzer ``` 2. Install Composer dependencies: ``` composer install ``` 3. Access the web interface by navigating to `public/index.php` in your local web server. #### Method 2: As a Composer Library [](#method-2-as-a-composer-library) Install the package in your project using Composer: ``` composer require dlongopinc/php-security-analyzer ``` --- ### ⚙️ How to Use [](#️-how-to-use) #### 1. Analyze a single file [](#1-analyze-a-single-file) ```