| Zeile 1... |
Zeile 1... |
| 1 |
# Security Policy
|
1 |
# Security Policy
|
| Zeile -... |
Zeile 2... |
| - |
|
2 |
|
| - |
|
3 |
If you believe you have found a security vulnerability in PHPUnit, please report it to us through coordinated disclosure.
|
| - |
|
4 |
|
| - |
|
5 |
**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
|
| - |
|
6 |
|
| - |
|
7 |
Instead, please email `sebastian@phpunit.de`.
|
| - |
|
8 |
|
| - |
|
9 |
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
|
| - |
|
10 |
|
| - |
|
11 |
* The type of issue
|
| - |
|
12 |
* Full paths of source file(s) related to the manifestation of the issue
|
| - |
|
13 |
* The location of the affected source code (tag/branch/commit or direct URL)
|
| - |
|
14 |
* Any special configuration required to reproduce the issue
|
| - |
|
15 |
* Step-by-step instructions to reproduce the issue
|
| - |
|
16 |
* Proof-of-concept or exploit code (if possible)
|
| - |
|
17 |
* Impact of the issue, including how an attacker might exploit the issue
|
| - |
|
18 |
|
| - |
|
19 |
This information will help us triage your report more quickly.
|
| - |
|
20 |
|
| - |
|
21 |
## Web Context
|
| 2 |
|
22 |
|
| Zeile 3... |
Zeile 23... |
| 3 |
PHPUnit is a framework for writing as well as a commandline tool for running tests. Writing and running tests is a development-time activity. There is no reason why PHPUnit should be installed on a webserver.
|
23 |
PHPUnit is a framework for writing as well as a command-line tool for running tests. Writing and running tests is a development-time activity. There is no reason why PHPUnit should be installed on a webserver and/or in a production environment.
|
| Zeile 4... |
Zeile 24... |
| 4 |
|
24 |
|
| Zeile 5... |
Zeile 25... |
| 5 |
**If you upload PHPUnit to a webserver then your deployment process is broken. On a more general note, if your `vendor` directory is publicly accessible on your webserver then your deployment process is also broken.**
|
25 |
**If you upload PHPUnit to a webserver then your deployment process is broken. On a more general note, if your `vendor` directory is publicly accessible on your webserver then your deployment process is also broken.**
|
| - |
|
26 |
|
| - |
|
27 |
Please note that if you upload PHPUnit to a webserver "bad things" may happen. [You have been warned.](https://thephp.cc/articles/phpunit-a-security-risk)
|
| Zeile 6... |
Zeile 28... |
| 6 |
|
28 |
|