Protokoll #7777

{
    "event": "PreToolUse",
    "tool_name": "Edit",
    "tool_input": {
        "file_path": "\/opt\/scripts\/php-check.sh",
        "old_string": "# [4\/4] Semgrep Security Scan (OWASP)\necho -e \"${YELLOW}[4\/4] Semgrep - OWASP Security Scan${NC}\"",
        "new_string": "# [4\/5] Semgrep Security Scan (OWASP)\necho -e \"${YELLOW}[4\/5] Semgrep - OWASP Security Scan${NC}\""
    }
}

{
    "tool_response": {
        "filePath": "\/opt\/scripts\/php-check.sh",
        "oldString": "# [4\/4] Semgrep Security Scan (OWASP)\necho -e \"${YELLOW}[4\/4] Semgrep - OWASP Security Scan${NC}\"",
        "newString": "# [4\/5] Semgrep Security Scan (OWASP)\necho -e \"${YELLOW}[4\/5] Semgrep - OWASP Security Scan${NC}\"",
        "originalFile": "#!\/bin\/bash\n# PHP Quality & Security Check Script\n# Usage: php-check.sh [project-path] [--fix]\n\nset -e\n\nTOOLS_DIR=\"\/opt\/php-tools\"\nPROJECT_DIR=\"${1:-\/var\/www\/dev.campus.systemische-tools.de}\"\nFIX_MODE=\"${2:-}\"\nSEMGREP=\"\/root\/.local\/bin\/semgrep\"\n\nRED='\\033[0;31m'\nGREEN='\\033[0;32m'\nYELLOW='\\033[1;33m'\nNC='\\033[0m'\n\necho \"=== PHP Quality & Security Check: $(date) ===\"\necho \"Project: $PROJECT_DIR\"\necho \"\"\n\ncd \"$PROJECT_DIR\"\n\nPHPSTAN_OK=1\nFIXER_OK=1\nSECURITY_OK=1\nSEMGREP_OK=1\nDI_OK=1\n\n# [1\/5] PHPStan (mit Strict Rules)\necho -e \"${YELLOW}[1\/5] PHPStan - Static Analysis + Strict Rules${NC}\"\nPATHS_TO_CHECK=\"\"\n[ -d \"$PROJECT_DIR\/src\" ] && PATHS_TO_CHECK=\"$PATHS_TO_CHECK src\"\n[ -d \"$PROJECT_DIR\/app\" ] && PATHS_TO_CHECK=\"$PATHS_TO_CHECK app\"\n\nif [ -z \"$PATHS_TO_CHECK\" ]; then\n    echo -e \"${YELLOW}⚠ No src\/ or app\/ directory found${NC}\"\nelif \"$TOOLS_DIR\/vendor\/bin\/phpstan\" analyse \\\n    --configuration=\"$TOOLS_DIR\/phpstan.neon\" \\\n    --memory-limit=512M \\\n    --no-progress \\\n    $PATHS_TO_CHECK; then\n    echo -e \"${GREEN}✓ PHPStan: OK${NC}\"\nelse\n    echo -e \"${RED}✗ PHPStan: Errors found${NC}\"\n    PHPSTAN_OK=0\nfi\n\necho \"\"\n\n# [2\/5] PHP-CS-Fixer\necho -e \"${YELLOW}[2\/5] PHP-CS-Fixer - Code Style (PSR-12)${NC}\"\nif [ \"$FIX_MODE\" = \"--fix\" ]; then\n    \"$TOOLS_DIR\/vendor\/bin\/php-cs-fixer\" fix \\\n        --config=\"$TOOLS_DIR\/.php-cs-fixer.php\" \\\n        --verbose\n    echo -e \"${GREEN}✓ PHP-CS-Fixer: Fixed${NC}\"\nelse\n    if \"$TOOLS_DIR\/vendor\/bin\/php-cs-fixer\" check \\\n        --config=\"$TOOLS_DIR\/.php-cs-fixer.php\" \\\n        --diff; then\n        echo -e \"${GREEN}✓ PHP-CS-Fixer: OK${NC}\"\n    else\n        echo -e \"${RED}✗ PHP-CS-Fixer: Style issues found (run with --fix)${NC}\"\n        FIXER_OK=0\n    fi\nfi\n\necho \"\"\n\n# [3\/5] Composer Security Audit\necho -e \"${YELLOW}[3\/5] Composer Audit - Dependency Vulnerabilities${NC}\"\nif [ -f \"$PROJECT_DIR\/composer.lock\" ]; then\n    if composer audit --working-dir=\"$PROJECT_DIR\" --no-interaction 2>\/dev\/null; then\n        echo -e \"${GREEN}✓ Composer Audit: No vulnerabilities${NC}\"\n    else\n        echo -e \"${RED}✗ Composer Audit: Vulnerabilities found${NC}\"\n        SECURITY_OK=0\n    fi\nelse\n    echo -e \"${YELLOW}⚠ No composer.lock found, skipping${NC}\"\nfi\n\necho \"\"\n\n# [4\/4] Semgrep Security Scan (OWASP)\necho -e \"${YELLOW}[4\/4] Semgrep - OWASP Security Scan${NC}\"\nif [ -n \"$PATHS_TO_CHECK\" ] && [ -x \"$SEMGREP\" ]; then\n    SEMGREP_OUTPUT=$(\"$SEMGREP\" scan \\\n        --config \"$TOOLS_DIR\/semgrep-security.yml\" \\\n        --exclude=\"vendor\" \\\n        --exclude=\"storage\" \\\n        --exclude=\"cache\" \\\n        --quiet \\\n        $PATHS_TO_CHECK 2>&1) || true\n\n    if echo \"$SEMGREP_OUTPUT\" | grep -q \"severity:\"; then\n        echo -e \"${RED}✗ Semgrep: Security vulnerabilities found${NC}\"\n        echo \"$SEMGREP_OUTPUT\"\n        SEMGREP_OK=0\n    else\n        echo -e \"${GREEN}✓ Semgrep: No vulnerabilities${NC}\"\n    fi\nelse\n    if [ ! -x \"$SEMGREP\" ]; then\n        echo -e \"${YELLOW}⚠ Semgrep not found, skipping${NC}\"\n    else\n        echo -e \"${YELLOW}⚠ No src\/ or app\/ directory found${NC}\"\n    fi\nfi\n\necho \"\"\necho \"=== Summary ===\"\n\nALL_OK=1\n[ \"$PHPSTAN_OK\" = \"0\" ] && ALL_OK=0\n[ \"$FIXER_OK\" = \"0\" ] && ALL_OK=0\n[ \"$SECURITY_OK\" = \"0\" ] && ALL_OK=0\n[ \"$SEMGREP_OK\" = \"0\" ] && ALL_OK=0\n\nif [ \"$ALL_OK\" = \"1\" ]; then\n    echo -e \"${GREEN}All checks passed!${NC}\"\n    exit 0\nelse\n    echo -e \"${RED}Some checks failed${NC}\"\n    exit 1\nfi\n",
        "structuredPatch": [
            {
                "oldStart": 82,
                "oldLines": 8,
                "newStart": 82,
                "newLines": 8,
                "lines": [
                    " ",
                    " echo \"\"",
                    " ",
                    "-# [4\/4] Semgrep Security Scan (OWASP)",
                    "-echo -e \"${YELLOW}[4\/4] Semgrep - OWASP Security Scan${NC}\"",
                    "+# [4\/5] Semgrep Security Scan (OWASP)",
                    "+echo -e \"${YELLOW}[4\/5] Semgrep - OWASP Security Scan${NC}\"",
                    " if [ -n \"$PATHS_TO_CHECK\" ] && [ -x \"$SEMGREP\" ]; then",
                    "     SEMGREP_OUTPUT=$(\"$SEMGREP\" scan \\",
                    "         --config \"$TOOLS_DIR\/semgrep-security.yml\" \\"
                ]
            }
        ],
        "userModified": false,
        "replaceAll": false
    }
}