Web page performance/seo/security/accessibility analysis, browser-less for PHP

Related tags

Security lightship-php
Overview

Lightship

Web page performance/seo/security/accessibility analysis, browser-less.

[
  {
    "url": "https:\/\/example.com\/",
    "durationInSeconds": 0.15,
    "scores": {
      "seo": 100,
      "security": 75
    },
    "seo": [
      {
        "name": "titlePresent",
        "passes": true
      },
      {
        "name": "langPresent",
        "passes": true
      }
    ],
    "security": [
      {
        "name": "xFrameOptionsPresent",
        "passes": true
      },
      {
        "name": "strictTransportSecurityHeaderPresent",
        "passes": true
      },
      {
        "name": "serverHeaderHidden",
        "passes": false
      },
      {
        "name": "xPoweredByHidden",
        "passes": true
      }
    ]
  }
]

Summary

About

I made a web app, and I want to be able to frequently test my public facing pages respond to various criterias to optimize their referencing.

Since my web app is fully server-side, all my tests are very fast, and do not rely on a web browser. I wanted to stick to this, and have a fast tool to get simple insights, like not ommiting the alt attributes on images, to ensure my description and title are filled, or to evaluate aproximatively my page load time.

Examples

1. Simple example code-driven

In this example, we will configure our web pages using the code.

domain("https://news.google.com") ->route("/foryou") ->route("/topstories") ->route("/my/searches", ["hl" => "fr", "gl" => "FR"]); ->analyse(); file_put_contents("report.json", $lightship->toPrettyJson());"> 
require __DIR__ . "/vendor/autoload.php";

use Lightship\Lightship;

$lightship = new Lightship();

$lightship->domain("https://news.google.com")
  ->route("/foryou")
  ->route("/topstories")
  ->route("/my/searches", ["hl" => "fr", "gl" => "FR"]);
  ->analyse();

file_put_contents("report.json", $lightship->toPrettyJson());

2. Simple example using a configuration file

In this example, we will tell Lightship to use our "lightship.json" file instead of configuring it on the code.

config(__DIR__ . "/lightship.json"); ->analyse(); file_put_contents("report.json", $lightship->toPrettyJson());"> 
require __DIR__ . "/vendor/autoload.php";

use Lightship\Lightship;

$lightship = new Lightship();

$lightship->config(__DIR__ . "/lightship.json");
  ->analyse();

file_put_contents("report.json", $lightship->toPrettyJson());

And here is our configuration file.

{
  "domains": [
    {
      "base": "https://news.google.com",
      "routes": [
        {
          "path": "/foryou"
        },
        {
          "path": "/topstories"
        },
        {
          "path": "/my/searches",
          "queries": [
            {
              "key": "hl",
              "value": "fr"
            },
            {
              "key": "gl",
              "value": "FR"
            }
          ]
        }
      ]
    }
  ]
}

3. Set a response callback

In this example, we will trigger our function after a response has been parsed and a report generated. Useful for cli programs.

route("https://example.com") ->route("https://northerwind.com") ->onReportedRoute(function (Route $route, Report $report): void { echo "{$route->path()}: {$report->score(RuleType::Security)}" . PHP_EOL; foreach ($report->results as $result) { echo " {$result->name} {$result->passes}"; } }) ->analyse();"> 
use Lightship\Lightship;

require __DIR__ . "/vendor/autoload.php";

$lightship = new Lightship();

$lightship->route("https://example.com")
  ->route("https://northerwind.com")
  ->onReportedRoute(function (Route $route, Report $report): void {
    echo "{$route->path()}: {$report->score(RuleType::Security)}" . PHP_EOL;

    foreach ($report->results as $result) {
      echo "  {$result->name} {$result->passes}";
    }
  })
  ->analyse();

This will display something like this:

https://example.com/: 38
https://northerwind.com/: 61

4. Assert rule passed for URLs

Useful in your tests and CI, you can assert your URLs pass some/all rules.

route("https://google.com") ->analyse(); assert($lightship->rulePassed(["https://example.com"], LangPresent::class) === true); assert($lightship->allRulesPassed(["https://google.com"]) === true); assert($lightship->someRulesPassed(["https://google.com"], [LangPresent::class, FastResponseTime::class]) === true);"> 
use Lightship\Lightship;
use Lightship\Rules\Seo\LangPresent;
use Lightship\Rules\Performance\FastResponseTime;

$lightship = new Lightship();

$lightship->route("https://example.com")
  ->route("https://google.com")
  ->analyse();

assert($lightship->rulePassed(["https://example.com"], LangPresent::class) === true);

assert($lightship->allRulesPassed(["https://google.com"]) === true);

assert($lightship->someRulesPassed(["https://google.com"], [LangPresent::class, FastResponseTime::class]) === true);

Requirements

Installation

composer require lightship-core/lightship-php

Tests

composer check-platform-reqs
composer install
composer run analyse
composer run test
composer run lint
composer run install-security-checker
composer run security-check
composer run update-check

Compatibility table

This table shows the compatibility with PHP versions for this current package version only.

PHP version Supported
8.1.*
<= 8.0.*
You might also like...
PHP frontend for security.symfony.com

SensioLabs Security Checker WARNING: Don't use this piece of software anymore as the underlying web service will stop working at the end of January 20

SensioLabs 2k Dec 25, 2022
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.

Security Component - Core Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the

Symfony 1.6k Jan 1, 2023
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials.

Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.

Symfony 1.5k Dec 28, 2022
FunboxEasy - Proving Grounds - Offensive Security
FunboxEasy - Proving Grounds - Offensive Security

FunboxEasy - Proving Grounds - Offensive Security

Hafiizh Ghulam 1 Oct 28, 2021
Windows and macOS Hardening Interface to make security more accessible.

Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan

ataumo 24 Dec 5, 2022
Security advisories as a simple composer exclusion list, updated daily

Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa

Roave, LLC 2.5k Jan 5, 2023
Security Component - Guard

The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.

Symfony 1.4k Jan 5, 2023
Security issues for Magento have left a big question mark in the community of online stores
Security issues for Magento have left a big question mark in the community of online stores

Magento 2 Security extension FREE. Security extension gives store owners the ability to detect the IP addresses that are intentionally attacking their store at any given time. Therefore, they have timely measures to prevent this issue such as blocking those IP addresses or sending warning emails to store owners.

Mageplaza 40 Apr 1, 2022
Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.

Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR

Symfony 1.5k Jan 3, 2023
Comments
  • 6-to-be-able-to-assert-if-a-page-has-passed-certain-or-all-rules

    6-to-be-able-to-assert-if-a-page-has-passed-certain-or-all-rules

    Added

    • New methods Lightship::allRulesPassed(), Lightship::rulePassed() and Lightship::someRulesPassed() to assert rules pass for URLs

    Fixed

    N/A

    Breaked

    N/A

    enhancement 
    opened by khalyomede 0
  • To be able to assert if a page has passed certain or all rules

    To be able to assert if a page has passed certain or all rules

    Example API

    use Lightship\Lightship;
use Lightship\Rules\Seo\LangPresent;
use Lightship\Rules\Seo\MetaDescriptionPresent;

$lightship->route("https://example.com")
  ->route("https://google.com")
  ->analyse();

assert($lightship->allRulesPassed(["https://example.com", "https://google.com"]) === true);

assert($lightship->rulePassed(["https://example.com", "https://google.com"], LangPresent::class) === true);

assert($lightship->someRulesPassed(["https://example.com", "https://google.com"], [LangPresent::class, MetaDescriptionPresent::class]) === true);
    opened by khalyomede 0
Owner
Lightship
Web performance/seo/security audit browser-less.
Lightship
GitHub
The Security component provides a complete security system for your web application.

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Symfony 1.2k Jan 1, 2023
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.

Floe design + technologies 654 Dec 28, 2022
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Sam Sanoop 416 Dec 17, 2022
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

Current version: 1.3.5 PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted a

null 4.6k Jan 7, 2023
A database of PHP security advisories

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries.

null 1.9k Dec 18, 2022
A php.ini scanner for best security practices

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

psec.io 1.5k Dec 5, 2022
Php Security Class

Security Advanced Security Class for Php Features Secure From XSS, CSRF, SQL Injection, BASE64, RFI, LFI, Command Injection, Block Suspicious Request

Ömer Faruk Demirel 5 Dec 2, 2022