Set harder security constraints
phpcs-errors:0 phpunit-status:successful phpstan-errors:665
This commit is contained in:
parent
4ca50fe6ab
commit
0756a58821
|
@ -5,6 +5,7 @@
|
||||||
"phpstan/phpstan": "^0.12.57",
|
"phpstan/phpstan": "^0.12.57",
|
||||||
"phpstan/phpstan-strict-rules": "^0.12.5",
|
"phpstan/phpstan-strict-rules": "^0.12.5",
|
||||||
"ergebnis/phpstan-rules": "^0.15.3",
|
"ergebnis/phpstan-rules": "^0.15.3",
|
||||||
"phpstan/phpstan-deprecation-rules": "^0.12.5"
|
"phpstan/phpstan-deprecation-rules": "^0.12.5",
|
||||||
|
"spaze/phpstan-disallowed-calls": "^1.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
53
phpstan.neon
53
phpstan.neon
|
@ -10,3 +10,56 @@ parameters:
|
||||||
ignoreErrors:
|
ignoreErrors:
|
||||||
- '#Class MDDBConnectionImpossible not found.#'
|
- '#Class MDDBConnectionImpossible not found.#'
|
||||||
- '#Class MDMysqliExpectedError not found.#'
|
- '#Class MDMysqliExpectedError not found.#'
|
||||||
|
bootstrapFiles:
|
||||||
|
- inc/constants.php
|
||||||
|
excludes_analyse:
|
||||||
|
- classes/MDAllowedValueSets/l18n
|
||||||
|
disallowedFunctionCalls:
|
||||||
|
-
|
||||||
|
function: 'ini_alter()'
|
||||||
|
message: 'use ini_set instead'
|
||||||
|
-
|
||||||
|
function: 'diskfreespace()'
|
||||||
|
message: 'use disk_free_space instead'
|
||||||
|
-
|
||||||
|
function: 'php_sapi_name()'
|
||||||
|
message: 'use PHP_SAPI instead'
|
||||||
|
-
|
||||||
|
function: 'set_file_buffer()'
|
||||||
|
message: 'use stream_set_write_buffer instead'
|
||||||
|
- function: 'dl()'
|
||||||
|
- function: 'opcache_get_status()'
|
||||||
|
- function: 'phpinfo()'
|
||||||
|
- function: 'parse_ini_file()'
|
||||||
|
- function: 'show_source()'
|
||||||
|
- function: 'highlight_file()'
|
||||||
|
- function: 'php_uname()'
|
||||||
|
- function: 'phpcredits()'
|
||||||
|
- function: 'php_strip_whitespace()'
|
||||||
|
- function: 'popen()'
|
||||||
|
- function: 'pclose()'
|
||||||
|
- function: 'virtual()'
|
||||||
|
- function: 'passthru()'
|
||||||
|
- function: 'proc_close()'
|
||||||
|
- function: 'proc_get_status()'
|
||||||
|
- function: 'proc_nice()'
|
||||||
|
- function: 'proc_open()'
|
||||||
|
- function: 'proc_terminate()'
|
||||||
|
- function: 'system()'
|
||||||
|
- function: 'get_current_user()'
|
||||||
|
- function: 'getmyuid()'
|
||||||
|
- function: 'getmygid()'
|
||||||
|
- function: 'getmypid()'
|
||||||
|
- function: 'getmyinode()'
|
||||||
|
- function: 'getlastmod()'
|
||||||
|
- function: 'putenv()'
|
||||||
|
- function: 'chgrp()'
|
||||||
|
- function: 'chgrp()'
|
||||||
|
- function: 'lchgrp()'
|
||||||
|
- function: 'lchown()'
|
||||||
|
- function: 'link()'
|
||||||
|
- function: 'linkinfo()'
|
||||||
|
- function: 'symlink()'
|
||||||
|
includes:
|
||||||
|
- classes/MD_QA/rules/phpstan-rules.neon
|
||||||
|
- vendor/spaze/phpstan-disallowed-calls/extension.neon
|
||||||
|
|
21
public/security.php
Normal file
21
public/security.php
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
<?PHP
|
||||||
|
/**
|
||||||
|
* Generates a CSV template based on the field list provided for CSVXML.
|
||||||
|
*
|
||||||
|
* @author Joshua Ramon Enslin <joshua@museum-digital.de>
|
||||||
|
*/
|
||||||
|
declare(strict_types = 1);
|
||||||
|
require_once __DIR__ . "/../functions/functions.php";
|
||||||
|
|
||||||
|
header("Content-type: text/plain");
|
||||||
|
echo MD_JAIL::check_server_setup([
|
||||||
|
"shell_access_whitelist" => [],
|
||||||
|
"sys_function_whitelist" => ["getenv"],
|
||||||
|
"file_function_whitelist" => [],
|
||||||
|
"file_uploads" => true,
|
||||||
|
"allow_url_fopen" => false,
|
||||||
|
"max_input_vars" => 100, // Default: 1000
|
||||||
|
"max_input_nesting_level" => 10, // Default: 1000
|
||||||
|
"post_max_size" => "4M",
|
||||||
|
"curl" => false,
|
||||||
|
]);
|
Loading…
Reference in New Issue
Block a user