CLI to Check For PHP Security Vulnerabilities

 Enlightn Security Checker (from the folks behind Enlightn) is a command-line tool that checks if your application uses dependencies with known security vulnerabilities.

You can install it globally via composer to start checking projects:

1composer global require enlightn/security-checker

Using the security-checker CLI, you provide a path to your project’s composer.lock file to get a report of any vulnerabilities:

 1⇒ security-checker security:check /path/to/composer.lock
 2{
 3    "laravel\/framework": {
 4        "version": "5.7.29",
 5        "time": "2020-04-14T14:16:19+00:00",
 6        "advisories": [
 7            {
 8                "title": "RCE vulnerability in \"cookie\" session driver",
 9                "link": "https:\/\/blog.laravel.com\/laravel-cookie-security-releases",
10                "cve": null
11            }
12        ]
13    },
14    "robrichards\/xmlseclibs": {
15        "version": "2.1.1",
16        "time": "2019-11-05T11:51:00+00:00",
17        "advisories": [
18            {
19                "title": "Filter input to avoid XPath injection",
20                "link": "https:\/\/github.com\/robrichards\/xmlseclibs\/commit\/649032643f7aac493e91ca318da0339aec72aa4a",
21                "cve": null
22            }
23        ]
24    }
25}

You can programmatically get a report with the following PHP code:

 1use Enlightn\SecurityChecker\SecurityChecker;
 2 
 3$result = (new SecurityChecker)->check('/path/to/composer.lock');
 4 
 5/*
 6{
 7  "laravel/framework": {
 8    "version": "8.22.0",
 9    "time": "2021-01-13T13:37:56+00:00",
10    "advisories": [{
11      "title": "Unexpected bindings in QueryBuilder",
12      "link": "https://blog.laravel.com/security-laravel-62011-7302-8221-released",
13      "cve": null
14    }]
15  }
16}
17*/

The Enlightn Security Checker uses the security advisories database to reference known security vulnerabilities in PHP projects and libraries. You can learn more about this package and view the source code on GitHub.

Read More

Generate a Postman Collection from Laravel Routes

 Laravel API to Postman is a package by Andreas Elia that allows you to automatically generate a Postman collection based on your app’s API routes.

After you install the package, you can run the following artisan command, which will automatically generate a postman collection by introspecting your app’s API routes:

1php artisan export:postman

Postman is a popular API development GUI that simplifies building and testing APIs. Once you have a collection of API endpoints from your Laravel app, you can easily share them with your team through Postman.

You can learn more about this package, get full installation instructions, and view the source code on GitHub.

Read More

Firebase Cloud Messaging for Laravel

 Larafirebase is a package by Gentrit Abazi that provides sending push notifications and custom messages with Firebase in Laravel applications. This package uses Firebase Cloud Messaging—a cross-platform messaging solution to send messages at no cost—to send notifications to users on the client-side.

Here is an example notification class that provides the toFirebase() method to send notifications via the custom firebase channel:

 1use Illuminate\Notifications\Notification;
 2use Kutia\Larafirebase\Messages\FirebaseMessage;
 3 
 4class SendBirthdayReminder extends Notification
 5{
 6    /**
 7     * Get the notification's delivery channels.
 8     */
 9    public function via($notifiable)
10    {
11        return ['firebase'];
12    }
13 
14    /**
15     * Get the firebase representation of the notification.
16     */
17    public function toFirebase($notifiable)
18    {
19        $deviceTokens = [
20            '{TOKEN_1}',
21            '{TOKEN_2}'
22        ];
23 
24        return (new FirebaseMessage)
25            ->withTitle('Hey, ', $notifiable->first_name)
26            ->withBody('Happy Birthday!')
27            ->asNotification($deviceTokens);
28            // OR ->asMessage($deviceTokens);
29    }
30}

You'll also need to write client code to receive these messages to use this package. Check out the project's javascript-client folder for an example of how to use this package on the client-side.

You can learn more about this package, get full installation instructions, and view the source code on GitHub.

Read More