Coral 1.1.0 Released

Intuitive and informative PHP security

Published on December 26, 2017

Coral Application Icon

Coral Updated to Version 1.1.0

Coral version 1.1.0 has been pushed up to CodeCanyon for review. The final changelog is below:

Bug Fixes:

  • Optimized scan routines by removing code duplication
  • Fixed and optimized PHP regular expression definitions

Changes:

  • Added ability to profile security routines by adjusting a constant in the boot file
  • Improved memory usage of routines by 30% through the use of generator statements
  • Added PHP CLI support to avoid execution timeouts
  • Added ability to select monitor using nested sub-folder interface
  • Added new interface enhancements to resolve changes and handle them without diving into the file menu for each file
  • Added enhancement highlighting for all pattern matches by line and content
  • Added more details on the single file page by showing the captured security match and added additional details to the notices found in the last scan
  • Added new parser pattern definitions to detect common link injection patterns
  • Added new email option where the application will email you when rogue files are discovered
  • Updated composer / vendor dependencies

Instructions on updating

There were a large number of file changes in this update. I highly recommend that you backup your app/config.php file and overwrite the entire app folder. The media/coral.css file has also seen some updates.

What's next?

As indicated in the documentation, there is a known issue with the regular expression matching algorithm of the current Security Routine classes. Notably, the parser will terminate and return a code from 0 - 5 (no threat to critical threat) when it comes across the first match. This can lead to a warning message terminating line processing when a critical threat might occur later on that same line. Bottom line is this: you should inspect the line number indicated by the application for other suspicious content when making a total assessment of how to respond.

This will be a non-issue in an upcoming version of Coral. I am currently working on replacing the current security routine classes with a new "Xenophobic" parsing library I created. The new library and looping mechanism allows the application to capture more information and opens up new ways to hook into the security routine parsing process to take additional action on the fly. I will be releasing a new feature video that covers all the awesome new additions in this version.

The command line interface (CLI) will be getting continuous updates. With the CLI, you can wield the power of cron and other linux utilities to take Coral's scanning power to new heights. This opens up a whole new world of potential enhancements and ways to respond to notifications that coral provides. Once I get the API to a more finalized point, I will be creating documentation on how to receive signal JSON and Text-Based data out of Coral for use in other applications and processes such as Python and Bash.