PHP 7+ security.txt Package

A package for manipulating security.txt documents in PHP 7+, based on configuration settings.

The purpose of this project is to create a set-it-and-forget-it package that can
manipulate documents following the current security.txt
spec. It is therefore highly opinionated but built for configuration.

security.txt is a draft
"standard" which allows websites to define security policies. This "standard"
sets clear guidelines for security researchers on how to report security issues,
and allows bug bounty programs to define a scope. Security.txt is the equivalent
of robots.txt, but for security issues.

There is documentation for php-security-txt online,
the source of which is in the docs/
directory. The most logical place to start are the docs for the SecurityTxt class.

Table of Contents

• Summary
• Installation
  • Step 1: Composer
  • Step 2: Manipulate a security.txt document
• Unit Tests
• References
• Credits
• License

Installation

Step 1: Composer

Via Composer command line:

$ composer require austinheap/php-security-txt

Or add the package to your composer.json:

{
    "require": {
        "austinheap/php-security-txt": "0.3.*"
    }
}

Step 2: Manipulate a security.txt document

To programatically create a security.txt document, you could do:

require_once 'vendor/autoload.php';

$writer = new \AustinHeap\Security\Txt\Writer;

print $writer->setContact('me@austinheap.com')
             ->setEncryption('http://some.url/pgp.key')
             ->setDisclosure('full')
             ->setAcknowledgement('http://some.url/acks')
             ->getText();

Which should output:

# Our security address
Contact: me@austinheap.com

# Our PGP key
Encryption: http://some.url/pgp.key

# Our disclosure policy
Disclosure: Full

# Our public acknowledgement
Acknowledgement: http://some.url/acks

#
# Generated by "php-security-txt" v0.3.2 (https://github.com/austinheap/php-security-txt/releases/tag/v0.3.2)
# in 0.041008 seconds on 2017-10-26 20:31:25.
#

Unit Tests

This package has aggressive unit tests built with PHPUnit.

There are code coverage reports for php-security-txt
available online.

References

• A Method for Web Security Policies (draft-foudil-securitytxt-00)
• laravel-security-txt
• securitytext.org

Credits

This is a fork of austinheap/laravel-security-txt,
which was a fork of InfusionWeb/laravel-robots-route,
which was a fork of ellisthedev/laravel-5-robots,
which was a fork of jayhealey/Robots,
which was based on earlier work.

• ellisio/laravel-5-robots Contributors
• InfusionWeb/laravel-robots-route Contributors
• austinheap/laravel-security-txt Contributors

License

The MIT License (MIT). Please see License File for more information.