PHPackages                             pierre-arthur/sf-doctor - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. pierre-arthur/sf-doctor

ActiveSymfony-bundle

pierre-arthur/sf-doctor
=======================

Automated audit tool for Symfony projects

v1.3.0(1mo ago)04↑2900%MITPHPPHP >=8.2CI passing

Since Mar 23Pushed 1mo agoCompare

[ Source](https://github.com/pierrearthurdemengel/SF-Doctor)[ Packagist](https://packagist.org/packages/pierre-arthur/sf-doctor)[ RSS](/packages/pierre-arthur-sf-doctor/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (12)Versions (8)Used By (0)

SF-Doctor
=========

[](#sf-doctor)

**Outil CLI d'audit automatise pour projets Symfony.**

SF-Doctor analyse la configuration de vos projets Symfony et detecte les failles, les mauvaises pratiques et les oublis de configuration. Un rapport clair, des recommandations concretes, directement dans votre terminal ou au format JSON pour votre pipeline CI/CD.

[![CI](https://github.com/sf-doctor/sf-doctor/actions/workflows/ci.yaml/badge.svg)](https://github.com/sf-doctor/sf-doctor/actions/workflows/ci.yaml)[![PHPStan level 8](https://camo.githubusercontent.com/d117944b58da8146f96b4ef7403807610a20eeb3fbcaaaf95157bbcdad1686eb/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d6c6576656c253230382d627269676874677265656e2e737667)](https://phpstan.org/)[![PHP 8.2+](https://camo.githubusercontent.com/0f16581d1180dbfd4c0e13166ec1267d4ad2f2fab8281ea6d6b284cf5c65d921/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e322532422d626c75652e737667)](https://www.php.net/)[![License: MIT](https://camo.githubusercontent.com/fdf2982b9f5d7489dcf44570e714e3a15fce6253e0cc6b5aa61a075aac2ff71b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d79656c6c6f772e737667)](LICENSE)

---

Ce que SF-Doctor detecte
------------------------

[](#ce-que-sf-doctor-detecte)

### Module Security

[](#module-security)

**FirewallAnalyzer** (`security.yaml`)

- Firewalls sans systeme d'authentification configure
- Firewalls sans regles d'access\_control
- Firewalls en mode lazy sans authentication requise

**AccessControlAnalyzer** (`security.yaml`)

- Regles sans role defini (acces ouvert a tous)
- Utilisation de roles deprecies (`IS_AUTHENTICATED_ANONYMOUSLY`)
- Regles catch-all (`^/`) placees trop tot (bloquent les regles suivantes)
- Chemins sensibles (`/admin`, `/api`) sans restriction d'acces

**CsrfAnalyzer** (`framework.yaml`, `src/Form/`)

- Protection CSRF desactivee globalement dans `framework.yaml` (CRITICAL)
- Protection CSRF desactivee sur des FormType individuels (WARNING)

### Module Architecture

[](#module-architecture)

**ControllerAnalyzer** (`src/Controller/`)

- Requetes Doctrine (`createQueryBuilder`, `createQuery`) dans les controllers (CRITICAL)
- Acces direct a l'EntityManager pour des operations metier dans les controllers (WARNING)

### Module Configuration

[](#module-configuration)

**DebugModeAnalyzer** (`.env.prod`, `.env`)

- `APP_ENV` absent ou different de `prod` en production (CRITICAL/WARNING)
- `APP_DEBUG=true` active en production (CRITICAL)

---

Prerequis
---------

[](#prerequis)

- PHP 8.2 ou superieur
- Un projet Symfony 6.4 ou 7.x

---

Installation
------------

[](#installation)

```
composer require --dev pierre-arthur/sf-doctor
```

---

Utilisation
-----------

[](#utilisation)

### En tant que bundle Symfony (recommande)

[](#en-tant-que-bundle-symfony-recommande)

Si votre projet utilise Symfony Flex, le bundle est enregistre automatiquement.

Sinon, ajoutez-le dans `config/bundles.php` :

```
return [
    // ...
    PierreArthur\SfDoctor\SfDoctorBundle::class => ['dev' => true, 'test' => true],
];
```

Lancez l'audit :

```
bin/console sf-doctor:audit
```

Options disponibles :

```
# Auditer un chemin specifique
bin/console sf-doctor:audit /chemin/vers/le/projet

# Sortie JSON pour CI/CD
bin/console sf-doctor:audit --format=json
```

### En mode standalone (sans bundle)

[](#en-mode-standalone-sans-bundle)

SF-Doctor peut aussi fonctionner en dehors d'un projet Symfony :

```
vendor/bin/sf-doctor /chemin/vers/le/projet/symfony
```

---

Exemple de sortie console
-------------------------

[](#exemple-de-sortie-console)

```
 SF-Doctor - Rapport d'audit
 ============================

 Projet : /var/www/mon-projet
 Issues trouvees : 3

 Module Security
 ----------------

 ---------- ------------------- --------------------------------------------- ---------------------------
  Severite   Analyzer            Message                                        Fichier
 ---------- ------------------- --------------------------------------------- ---------------------------
  CRITICAL   FirewallAnalyzer    No authenticator configured on firewall main   config/packages/security.yaml
  WARNING    CsrfAnalyzer        CSRF disabled on CheckoutType                  src/Form/CheckoutType.php
 ---------- ------------------- --------------------------------------------- ---------------------------

 Module Configuration
 ---------------------

 ---------- -------------------- ----------------------- -----------
  Severite   Analyzer             Message                 Fichier
 ---------- -------------------- ----------------------- -----------
  CRITICAL   DebugModeAnalyzer    APP_DEBUG is true       .env.prod
 ---------- -------------------- ----------------------- -----------

 Score : 70/100

```

Exemple de sortie JSON
----------------------

[](#exemple-de-sortie-json)

```
bin/console sf-doctor:audit --format=json
```

```
{
    "meta": {
        "generated_at": "2024-01-15T10:30:00+00:00",
        "project_path": "/var/www/mon-projet"
    },
    "summary": {
        "score": 70,
        "status": "critical",
        "issues_count": {
            "total": 3,
            "critical": 2,
            "warning": 1,
            "suggestion": 0
        }
    },
    "issues": [
        {
            "severity": "critical",
            "module": "security",
            "analyzer": "FirewallAnalyzer",
            "message": "No authenticator configured on firewall main",
            "detail": "...",
            "suggestion": "Add form_login or custom_authenticator",
            "file": "config/packages/security.yaml",
            "line": null
        }
    ]
}
```

Bloquer la CI si le statut est `critical` :

```
# .github/workflows/ci.yaml
- name: Audit Symfony
  run: |
    OUTPUT=$(bin/console sf-doctor:audit --format=json)
    STATUS=$(echo $OUTPUT | jq -r '.summary.status')
    if [ "$STATUS" = "critical" ]; then exit 1; fi
```

---

Architecture
------------

[](#architecture)

SF-Doctor est concu comme un bundle Symfony extensible. Chaque verification est un **Analyzer** independant qui implemente `AnalyzerInterface`.

```
src/
├── Analyzer/
│   ├── Architecture/           # ControllerAnalyzer
│   ├── Configuration/          # DebugModeAnalyzer
│   └── Security/               # FirewallAnalyzer, AccessControlAnalyzer, CsrfAnalyzer
├── Command/                    # Commande CLI (sf-doctor:audit)
├── Config/                     # Lecture YAML + resolution des parametres Symfony
├── Model/                      # Issue, AuditReport, Severity, Module
├── Report/                     # ConsoleReporter, JsonReporter
└── DependencyInjection/        # Integration au container Symfony

```

### Creer un analyzer custom

[](#creer-un-analyzer-custom)

Implementez `AnalyzerInterface` et le tag `sf_doctor.analyzer` est ajoute automatiquement via autoconfigure :

```
use PierreArthur\SfDoctor\Analyzer\AnalyzerInterface;
use PierreArthur\SfDoctor\Config\ConfigReaderInterface;
use PierreArthur\SfDoctor\Model\AuditReport;

class MonAnalyzer implements AnalyzerInterface
{
    public function __construct(
        private ConfigReaderInterface $configReader,
    ) {
    }

    public function supports(): bool
    {
        return true;
    }

    public function analyze(AuditReport $report): void
    {
        // Votre logique d'analyse ici
    }
}
```

Aucune configuration supplementaire necessaire. SF-Doctor detecte et execute automatiquement tous les services qui implementent `AnalyzerInterface`.

---

Tests
-----

[](#tests)

```
# Lancer tous les tests
vendor/bin/phpunit

# Analyse statique (level 8)
vendor/bin/phpstan analyse src --level=8
```

---

Roadmap
-------

[](#roadmap)

- **V0.1** (publiee) - Module Security : firewalls, access\_control, commande CLI, rapport console
- **V0.2** (publiee) - ParameterResolver, CsrfAnalyzer, ControllerAnalyzer, DebugModeAnalyzer, JsonReporter
- **V0.3** - Ouverture aux contributions : CONTRIBUTING.md, guide pour creer un analyzer custom
- **V1.0** - Module Upgrade (migration entre versions Symfony), NplusOneAnalyzer, PdfReporter

---

Licence
-------

[](#licence)

MIT. Voir le fichier [LICENSE](LICENSE).

###  Health Score

40

—

FairBetter than 88% of packages

Maintenance90

Actively maintained with recent releases

Popularity5

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity51

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

7

Last Release

50d ago

Major Versions

v0.3.0 → v1.0.02026-03-23

### Community

Maintainers

![](https://www.gravatar.com/avatar/da7085f96c83cbcd2b45374e22b8cb6317083890ab567ed05fece7c0630b2ee9?d=identicon)[pierrearthurdemengel](/maintainers/pierrearthurdemengel)

---

Top Contributors

[![pierrearthurdemengel](https://avatars.githubusercontent.com/u/124669857?v=4)](https://github.com/pierrearthurdemengel "pierrearthurdemengel (27 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/pierre-arthur-sf-doctor/health.svg)

```
[![Health](https://phpackages.com/badges/pierre-arthur-sf-doctor/health.svg)](https://phpackages.com/packages/pierre-arthur-sf-doctor)
```

###  Alternatives

[shopware/platform

The Shopware e-commerce core

3.3k1.5M3](/packages/shopware-platform)[sylius/sylius

E-Commerce platform for PHP, based on Symfony framework.

8.4k5.6M651](/packages/sylius-sylius)[sulu/sulu

Core framework that implements the functionality of the Sulu content management system

1.3k1.3M152](/packages/sulu-sulu)[prestashop/prestashop

PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers.

9.0k15.4k](/packages/prestashop-prestashop)[shopware/core

Shopware platform is the core for all Shopware ecommerce products.

595.2M386](/packages/shopware-core)[ec-cube/ec-cube

EC-CUBE EC open platform.

78527.0k1](/packages/ec-cube-ec-cube)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)