16 May, 2022

CLI to Check For PHP Security Vulnerabilities

           ,      No comments   

 Enlightn Security Checker (from the folks behind Enlightn) is a command-line tool that checks if your application uses dependencies with known security vulnerabilities.

You can install it globally via composer to start checking projects:

1composer global require enlightn/security-checker

Using the security-checker CLI, you provide a path to your project’s composer.lock file to get a report of any vulnerabilities:

 1 security-checker security:check /path/to/composer.lock
 2{
 3    "laravel\/framework": {
 4        "version": "5.7.29",
 5        "time": "2020-04-14T14:16:19+00:00",
 6        "advisories": [
 7            {
 8                "title": "RCE vulnerability in \"cookie\" session driver",
 9                "link": "https:\/\/blog.laravel.com\/laravel-cookie-security-releases",
10                "cve": null
11            }
12        ]
13    },
14    "robrichards\/xmlseclibs": {
15        "version": "2.1.1",
16        "time": "2019-11-05T11:51:00+00:00",
17        "advisories": [
18            {
19                "title": "Filter input to avoid XPath injection",
20                "link": "https:\/\/github.com\/robrichards\/xmlseclibs\/commit\/649032643f7aac493e91ca318da0339aec72aa4a",
21                "cve": null
22            }
23        ]
24    }
25}

You can programmatically get a report with the following PHP code:

 1use Enlightn\SecurityChecker\SecurityChecker;
 2 
 3$result = (new SecurityChecker)->check('/path/to/composer.lock');
 4 
 5/*
 6{
 7  "laravel/framework": {
 8    "version": "8.22.0",
 9    "time": "2021-01-13T13:37:56+00:00",
10    "advisories": [{
11      "title": "Unexpected bindings in QueryBuilder",
12      "link": "https://blog.laravel.com/security-laravel-62011-7302-8221-released",
13      "cve": null
14    }]
15  }
16}
17*/

The Enlightn Security Checker uses the security advisories database to reference known security vulnerabilities in PHP projects and libraries. You can learn more about this package and view the source code on GitHub.

07 May, 2022

Generate a Postman Collection from Laravel Routes

           ,      No comments   

 Laravel API to Postman is a package by Andreas Elia that allows you to automatically generate a Postman collection based on your app’s API routes.

After you install the package, you can run the following artisan command, which will automatically generate a postman collection by introspecting your app’s API routes:

1php artisan export:postman

Postman is a popular API development GUI that simplifies building and testing APIs. Once you have a collection of API endpoints from your Laravel app, you can easily share them with your team through Postman.

You can learn more about this package, get full installation instructions, and view the source code on GitHub.

06 May, 2022

Firebase Cloud Messaging for Laravel

           ,      No comments   

 Larafirebase is a package by Gentrit Abazi that provides sending push notifications and custom messages with Firebase in Laravel applications. This package uses Firebase Cloud Messaging—a cross-platform messaging solution to send messages at no cost—to send notifications to users on the client-side.

Here is an example notification class that provides the toFirebase() method to send notifications via the custom firebase channel:

 1use Illuminate\Notifications\Notification;
 2use Kutia\Larafirebase\Messages\FirebaseMessage;
 3 
 4class SendBirthdayReminder extends Notification
 5{
 6    /**
 7     * Get the notification's delivery channels.
 8     */
 9    public function via($notifiable)
10    {
11        return ['firebase'];
12    }
13 
14    /**
15     * Get the firebase representation of the notification.
16     */
17    public function toFirebase($notifiable)
18    {
19        $deviceTokens = [
20            '{TOKEN_1}',
21            '{TOKEN_2}'
22        ];
23 
24        return (new FirebaseMessage)
25            ->withTitle('Hey, ', $notifiable->first_name)
26            ->withBody('Happy Birthday!')
27            ->asNotification($deviceTokens);
28            // OR ->asMessage($deviceTokens);
29    }
30}

You'll also need to write client code to receive these messages to use this package. Check out the project's javascript-client folder for an example of how to use this package on the client-side.

You can learn more about this package, get full installation instructions, and view the source code on GitHub.

Meta

Popular Posts

  • Writing and debugging Eloquent queries with Tinkerwell
    In this article, let's look into the options that you can use with Tinkerwell to write and debug Eloquent queries easier. The post Wr...
  • Sitaare Zameen Par Full Movie Review
     Here’s a  complete Vue.js tutorial for beginners to master level , structured in a progressive and simple way. It covers all essential topi...
  • The token request was rejected by the remote server
    error:invalid_granterror_description:The token request was rejected by the remote server.error_uri: https://documentation.openiddict.com/err...
  • Vue.js Tutorial
      Vue.js Installation Compatibility Check Before going to install and use Vue.js in your project, you should check the compatibility issues....
  • JqueryUI Tutorial
    JqueryUI Tutorial    JqueryUI is the most popular front end frameworks currently. It is sleek, intuitive, and powerful mobile first fr...

Categories

Social Media Links

Blog Archive

Laravel News

Loading...