Add simulated inherit dependency vulnerability for php/composer

arall · Mar 7, 2024 · 1fd112b · 1fd112b
1 parent c9f5d92
commit 1fd112b
Show file tree

Hide file tree

Showing 5,368 changed files with 630,553 additions and 40 deletions.
diff --git a/README.md b/README.md
@@ -10,4 +10,34 @@ If you plan to host this, make sure only /web is reachable!
 
 # Sources
 - https://rules.sonarsource.com/
-- https://semgrep.dev/docs/cheat-sheets
+- https://semgrep.dev/docs/cheat-sheets
+
+# List of Intended vulnerabilities
+
+## Dependencies
+
+* go (`go.mod`)
+  * grafana v8.2.3
+* java
+  * maven (`pom.xml`)
+    * jackson-databind 2.9.2
+    * log4j-core 2.10.0
+* javascript
+  * Static file (`jquery.min.js`)
+    * jQuery v3.4.1
+* nodejs
+  * npm (`yarn.lock` & `package.json`)
+    * tenvoy 7.0.2
+  * yarn (`package-lock.json` & `package.json`)
+    * tenvoy 7.0.2
+* php
+  * composer (`composer.lock` & `composer.json`)
+    * phpmailer/phpmaile 6.4.1
+      * league/flysystem 1.1.3 ("forced" inherit dependency vulnerability)
+* python
+  * pip (`requirements.txt`)
+    * tendenci 12.0.10
+
+## Code
+
+TODO
diff --git a/php/libraries/composer/composer.json b/php/libraries/composer/composer.json
@@ -1,5 +1,6 @@
 {
     "require": {
-        "phpmailer/phpmailer": "6.4.1"
+        "phpmailer/phpmailer": "6.4.1",
+        "laravel/laravel": "8.6.10"
     }
-}
+}