added dangerous extension check

author: Ben Fuhrmannek 2022-01-07 18:59:52 +0100
committer: Ben Fuhrmannek 2022-01-07 18:59:52 +0100
commit: b4996788445272c9f18e2cba84783b1b13bf6cf0 (patch)
tree: cd561a3237fbc473f476df0186710a3735a3444e
parent: db2c5561289bff3a4364cb2e1601878fac7330fe (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/config/detect_dangerous_extensions.rules b/config/detect_dangerous_extensions.rules
new file mode 100644
index 0000000..8f10532
--- /dev/null
+++ b/config/detect_dangerous_extensions.rules
@@ -0,0 +1,12 @@
+## This example rules file shows how to detect and disable certain potentially
+## dangerous or unwanted extensions.
+@condition extension_loaded("runkit7");
+@error "The runkit7 extension can be used to rename classes and functions, thereby circumventing any filters set by Snuffleupagus. Please disable runkit7.";
+@condition extension_loaded("FFI");
+@warning "FFI extension is loaded. Disabling via 'ffi.enable=false'";
+sp.ini_protection.enable();
+sp.ini.key("ffi.enable").set("false").ro();
+@end_condition;
author	Ben Fuhrmannek	2022-01-07 18:59:52 +0100
committer	Ben Fuhrmannek	2022-01-07 18:59:52 +0100
commit	b4996788445272c9f18e2cba84783b1b13bf6cf0 (patch)
tree	cd561a3237fbc473f476df0186710a3735a3444e
parent	db2c5561289bff3a4364cb2e1601878fac7330fe (diff)

diff --git a/config/detect_dangerous_extensions.rules b/config/detect_dangerous_extensions.rules new file mode 100644 index 0000000..8f10532 --- /dev/null +++ b/config/detect_dangerous_extensions.rules
@@ -0,0 +1,12 @@
	1	## This example rules file shows how to detect and disable certain potentially
	2	## dangerous or unwanted extensions.
	3
	4	@condition extension_loaded("runkit7");
	5	@error "The runkit7 extension can be used to rename classes and functions, thereby circumventing any filters set by Snuffleupagus. Please disable runkit7.";
	6
	7	@condition extension_loaded("FFI");
	8	@warning "FFI extension is loaded. Disabling via 'ffi.enable=false'";
	9	sp.ini_protection.enable();
	10	sp.ini.key("ffi.enable").set("false").ro();
	11	@end_condition;
	12