php sdk

[robocoder]

1. I looked at the Ruby and Go implementations and whipped up a php sdk. Let me know if it's ok to transfer this repo to this organization.

   https://github.com/vipsoft/vulndb-php

2. I didn't embed the vulndb/data as it seems to couple the sdk to the database (i.e., release an updated sdk each time the vulndb changes). But if embedding is the preference, let me know, so I can rectify.

[andresriancho]

Ruby and Go implementations

We have a Ruby lib? Where? Maybe you're confused with the python one?

I didn't embed the vulndb/data as it seems to couple the sdk to the database (i.e., release an updated sdk each time the vulndb changes). But if embedding is the preference, let me know, so I can rectify.

It all depends on how developers on different languages are used to install/get/use their libs. I wrote the python implementation and included the DB just because it was easier for the end user (developer)

[andresriancho]

Give me 10min to review the PHP code

[andresriancho]

Review

git clone this repository.

Usually you put the name of the repo, so the users can copy+paste from the README.md file into a shell

https://github.com/vipsoft/vulndb-php/blob/master/composer.lock

Is this file really needed? If so, why do we have things like symphony in there? Is that a real requirement for the php-vulndb?

"name": "vipsoft/vulndb-php",

When migrating to the vulndb organization please change these

https://github.com/vipsoft/vulndb-php/blob/master/src/Service/ReferenceService.php#L55-L105

Seems that all the libs that consume the vulndb will have to implement something like that; maybe it's a good idea to have that data inside the vulndb repository to avoid duplication? @robocoder If you agree please create an issue so we can work on this later

Excellent

Your code looks amazing, very ordered, with tests, easy to read (even for a non-php dev like me). I would love to have this code as part of vulndb in github so people are able to easily find it.

TODO

• [x] @m0sth8 to review this code and confirm he also wants to have it as part of vulndb
• [ ] @robocoder to add CircleCI (or any other CI system of his choice) to the build process of the php SDK. I want the test suite to be run each time a push is made to the repo. Also, in the README.md of the php library add a "build badge" that shows the result of that build and link to the build details.

(once the above is done)

• [x] @andresriancho to create a new repository in vulndb organization in github and give @robocoder push permissions
• [x] @robocoder to migrate repo
• [ ] @robocoder to make sure the CI system builds work for the new repo
• [x] @robocoder to search and replace code to point to the new repo location
• [x] @robocoder to send pull request to update the list of SDKs at https://github.com/vulndb/data , include links for the php and go sdks

[robocoder]

Sorry, I meant python lib. Too much ruby sass on the brain lately.

Thanks for the quick feedback. I've made the requested changes. The badges will fix themselves after the move.

[andresriancho]

Ping @m0sth8

[m0sth8]

:+1: The code seems cool for me =) Thank you @robocoder

[andresriancho]

@robocoder feel free to migrate your repository to https://github.com/vulndb/php-sdk and complete the steps I've outlined in my previous comment.

Once again, thanks for the contributions!

[robocoder]

Pushed.

Please register your username on packagist.org and travis-ci.org to get respective tokens. Then under "Settings" | "Webhooks and Services", add "Packagist" and "Travis CI" services. Thanks.

[andresriancho]

@robocoder yesterday I received an email from github about permissions for travis CI, I've approved it.

Not sure how to make the same process for packagist, it's the first time I'm using github for an organization instead of personal use, some things change.

If I receive a message from packagist.org (like I did for travis), I'll gladly accept/authorize access.

[andresriancho]

Also noted that there are No builds for this repository at travis?