macOS ◆ xterm-256color ◆ zsh 95 views

The following is a small phar solution i made based on the patch verification solution within my Magento Security Framework. The console utility basically finds the right patches for your Magento installation based on the stores’ version and edition. I’ve aggregated an index of all patches for this as part of my security solution. This indexed data is being matched against the store using semantic versioning, and filtered using the applied.patches file. It provides some additionally features to aid in patch work like auto-downloading, extracting the diff’s, matching checksums etc.

Magento Patch Finder

All patches and information used are publicly available in the magento-patches repository which is now according to my data, complete. My framework has features for collecting and aggregating this kind of patch data which i then contribute. The features that aggregate the data are not in there. My framework periodically updates the patch index json file.

Install

wget -q -O magepatch.phar http://magepatch.gdprproof.com/magepatch.phar && chmod +x magepatch.phar

Build (dev)

git clone https://github.com/GDPRProof/magento-patch-finder.git && \
cd magento-patch-finder && make install && make build

About

When working with large stores, having to verify dozens of patches in complex and highly customised installations can be quite the task. In order to ensure a store’s security, I had to make sure everything that was necessary to patch, was patched. When i found out the sources i relied on we’re not complete, i started maintaining my own collection. Now the collection is complete, I’ve extracted some features out of my framework into this Symfony CLI tool for the community to use.

My security framework has ben under development for over a year now and is coming close to a first release. This framework aids us in providing semi-automated security & monitoring services as well as judicial and compliancy related consultancy. Feel free to drop me a pm if you’re interested to have a chat about that.

Author

Fabio Ros - GDPRProof.com (@frosit_it)

More by frosit

hnwsl 01:11

by frosit

Magento Cacheleak check 00:56

by frosit

See all