Skip to content

Instantly share code, notes, and snippets.

@ValeriiVasyliev
Forked from igmoweb/phpcs-security.xml
Created March 7, 2023 03:36
Show Gist options
  • Save ValeriiVasyliev/f7d2dd7d6922cb82ca155fc3a443d813 to your computer and use it in GitHub Desktop.
Save ValeriiVasyliev/f7d2dd7d6922cb82ca155fc3a443d813 to your computer and use it in GitHub Desktop.
PHPCS just with security rules
<?xml version="1.0"?>
<ruleset name="Ignacio">
<description>Security reviews with PHPCS.</description>
<file>.</file>
<!-- Exclude the Composer Vendor directory. -->
<exclude-pattern>/vendor/*</exclude-pattern>
<!-- Exclude the Node Modules directory. -->
<exclude-pattern>/node_modules/*</exclude-pattern>
<!-- wpcs installed path -->
<config name="installed_paths" value="/Users/ignacio/.composer/vendor/wp-coding-standards/wpcs" />
<!-- PHPCS WP Aliases. Needed to execute WP Rules -->
<autoload>/Users/ignacio/.composer/vendor/wp-coding-standards/wpcs/WordPress/PHPCSAliases.php</autoload>
<!-- Just check php files -->
<arg name="extensions" value="php"/>
<!-- Colors! Nice! -->
<arg name="colors"/>
<!-- Set of rules we're going to use -->
<rule ref="WordPress.XSS"/>
<rule ref="WordPress.CSRF"/>
<rule ref="WordPress.VIP.ValidatedSanitizedInput"/>
<rule ref="WordPress.WP.PreparedSQL"/>
<rule ref="WordPress.Variables.GlobalVariables"/>
<rule ref="WordPress.PHP.StrictInArray"/>
<rule ref="Squiz.PHP.Eval"/>
<rule ref="Squiz.PHP.Eval.Discouraged">
<type>error</type>
<message>eval() is a security risk so not allowed.</message>
</rule>
</ruleset>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment