Set harder security constraints
phpcs-errors:0 phpunit-status:successful phpstan-errors:665
This commit is contained in:
parent
4ca50fe6ab
commit
0756a58821
@ -5,6 +5,7 @@
|
||||
"phpstan/phpstan": "^0.12.57",
|
||||
"phpstan/phpstan-strict-rules": "^0.12.5",
|
||||
"ergebnis/phpstan-rules": "^0.15.3",
|
||||
"phpstan/phpstan-deprecation-rules": "^0.12.5"
|
||||
"phpstan/phpstan-deprecation-rules": "^0.12.5",
|
||||
"spaze/phpstan-disallowed-calls": "^1.0"
|
||||
}
|
||||
}
|
||||
|
53
phpstan.neon
53
phpstan.neon
@ -10,3 +10,56 @@ parameters:
|
||||
ignoreErrors:
|
||||
- '#Class MDDBConnectionImpossible not found.#'
|
||||
- '#Class MDMysqliExpectedError not found.#'
|
||||
bootstrapFiles:
|
||||
- inc/constants.php
|
||||
excludes_analyse:
|
||||
- classes/MDAllowedValueSets/l18n
|
||||
disallowedFunctionCalls:
|
||||
-
|
||||
function: 'ini_alter()'
|
||||
message: 'use ini_set instead'
|
||||
-
|
||||
function: 'diskfreespace()'
|
||||
message: 'use disk_free_space instead'
|
||||
-
|
||||
function: 'php_sapi_name()'
|
||||
message: 'use PHP_SAPI instead'
|
||||
-
|
||||
function: 'set_file_buffer()'
|
||||
message: 'use stream_set_write_buffer instead'
|
||||
- function: 'dl()'
|
||||
- function: 'opcache_get_status()'
|
||||
- function: 'phpinfo()'
|
||||
- function: 'parse_ini_file()'
|
||||
- function: 'show_source()'
|
||||
- function: 'highlight_file()'
|
||||
- function: 'php_uname()'
|
||||
- function: 'phpcredits()'
|
||||
- function: 'php_strip_whitespace()'
|
||||
- function: 'popen()'
|
||||
- function: 'pclose()'
|
||||
- function: 'virtual()'
|
||||
- function: 'passthru()'
|
||||
- function: 'proc_close()'
|
||||
- function: 'proc_get_status()'
|
||||
- function: 'proc_nice()'
|
||||
- function: 'proc_open()'
|
||||
- function: 'proc_terminate()'
|
||||
- function: 'system()'
|
||||
- function: 'get_current_user()'
|
||||
- function: 'getmyuid()'
|
||||
- function: 'getmygid()'
|
||||
- function: 'getmypid()'
|
||||
- function: 'getmyinode()'
|
||||
- function: 'getlastmod()'
|
||||
- function: 'putenv()'
|
||||
- function: 'chgrp()'
|
||||
- function: 'chgrp()'
|
||||
- function: 'lchgrp()'
|
||||
- function: 'lchown()'
|
||||
- function: 'link()'
|
||||
- function: 'linkinfo()'
|
||||
- function: 'symlink()'
|
||||
includes:
|
||||
- classes/MD_QA/rules/phpstan-rules.neon
|
||||
- vendor/spaze/phpstan-disallowed-calls/extension.neon
|
||||
|
21
public/security.php
Normal file
21
public/security.php
Normal file
@ -0,0 +1,21 @@
|
||||
<?PHP
|
||||
/**
|
||||
* Generates a CSV template based on the field list provided for CSVXML.
|
||||
*
|
||||
* @author Joshua Ramon Enslin <joshua@museum-digital.de>
|
||||
*/
|
||||
declare(strict_types = 1);
|
||||
require_once __DIR__ . "/../functions/functions.php";
|
||||
|
||||
header("Content-type: text/plain");
|
||||
echo MD_JAIL::check_server_setup([
|
||||
"shell_access_whitelist" => [],
|
||||
"sys_function_whitelist" => ["getenv"],
|
||||
"file_function_whitelist" => [],
|
||||
"file_uploads" => true,
|
||||
"allow_url_fopen" => false,
|
||||
"max_input_vars" => 100, // Default: 1000
|
||||
"max_input_nesting_level" => 10, // Default: 1000
|
||||
"post_max_size" => "4M",
|
||||
"curl" => false,
|
||||
]);
|
Loading…
Reference in New Issue
Block a user