Fix a few typos and inconsistencies in config files

author: Gasper Vozel 2021-08-16 11:54:48 +0200
committer: GitHub 2021-08-16 11:54:48 +0200
commit: a250aca71f57036ede5b4934d404f3d33f574f98 (patch)
tree: 1938ea7c8da08b2914b9c9eda48487edf74a0ac7 /config/default.rules
parent: 76424299f8dd69990a7812474803fac9ec52b0b2 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/config/default.rules b/config/default.rules
index ea65e01..b12653c 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -22,14 +22,14 @@ sp.disable_xxe.enable();
 # Only allow execution of read-only files. This is a low-hanging fruit that you should enable.
 # sp.readonly_exec.enable();
-# Php has a lot of wrappers, most of them aren't usually useful, you should 
+# PHP has a lot of wrappers, most of them aren't usually useful, you should
 # only enable the ones you're using.
 # sp.wrappers_whitelist.list("file,php,phar");
 # Prevent sloppy comparisons.
 # sp.sloppy_comparison.enable();
-# use SameSite on session cookie
+# Use SameSite on session cookie
 # https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
 sp.cookie.name("PHPSESSID").samesite("lax");
@@ -57,7 +57,7 @@ sp.disable_function.function("extract").param("extract_type").value("0").drop()
 # Moreover, there are non-public bypasses that are also using this vector ;)
 sp.disable_function.function("ini_set").param("varname").value_r("open_basedir").drop()
-##Prevent various `include`-related vulnerabilities
+# Prevent various `include`-related vulnerabilities
 sp.disable_function.function("require_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("include_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("require").value_r("\.(inc|phtml|php)$").allow();
@@ -80,7 +80,7 @@ sp.disable_function.function("ini_set").param("varname").value("memory_limit").d
 sp.disable_function.function("ini_set").param("varname").value("include_path").drop();
 sp.disable_function.function("ini_set").param("varname").value("open_basedir").drop();
-# Detect some backdoors via environnement recon
+# Detect some backdoors via environment recon
 sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop();
 sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop();
 sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop();
@@ -109,7 +109,7 @@ sp.disable_function.function("curl_setopt").param("value").value("2").allow();
 sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off.");
 sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
-#File upload
+# File upload
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
author	Gasper Vozel	2021-08-16 11:54:48 +0200
committer	GitHub	2021-08-16 11:54:48 +0200
commit	a250aca71f57036ede5b4934d404f3d33f574f98 (patch)
tree	1938ea7c8da08b2914b9c9eda48487edf74a0ac7 /config/default.rules
parent	76424299f8dd69990a7812474803fac9ec52b0b2 (diff)

diff --git a/config/default.rules b/config/default.rules index ea65e01..b12653c 100644 --- a/config/default.rules +++ b/config/default.rules
@@ -22,14 +22,14 @@ sp.disable_xxe.enable();
22	# Only allow execution of read-only files. This is a low-hanging fruit that you should enable.	22	# Only allow execution of read-only files. This is a low-hanging fruit that you should enable.
23	# sp.readonly_exec.enable();	23	# sp.readonly_exec.enable();
24		24
25	# Php has a lot of wrappers, most of them aren't usually useful, you should	25	# PHP has a lot of wrappers, most of them aren't usually useful, you should
26	# only enable the ones you're using.	26	# only enable the ones you're using.
27	# sp.wrappers_whitelist.list("file,php,phar");	27	# sp.wrappers_whitelist.list("file,php,phar");
28		28
29	# Prevent sloppy comparisons.	29	# Prevent sloppy comparisons.
30	# sp.sloppy_comparison.enable();	30	# sp.sloppy_comparison.enable();
31		31
32	# use SameSite on session cookie	32	# Use SameSite on session cookie
33	# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery	33	# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
34	sp.cookie.name("PHPSESSID").samesite("lax");	34	sp.cookie.name("PHPSESSID").samesite("lax");
35		35
@@ -57,7 +57,7 @@ sp.disable_function.function("extract").param("extract_type").value("0").drop()
57	# Moreover, there are non-public bypasses that are also using this vector ;)	57	# Moreover, there are non-public bypasses that are also using this vector ;)
58	sp.disable_function.function("ini_set").param("varname").value_r("open_basedir").drop()	58	sp.disable_function.function("ini_set").param("varname").value_r("open_basedir").drop()
59		59
60	##Prevent various `include`-related vulnerabilities	60	# Prevent various `include`-related vulnerabilities
61	sp.disable_function.function("require_once").value_r("\.(inc\|phtml\|php)$").allow();	61	sp.disable_function.function("require_once").value_r("\.(inc\|phtml\|php)$").allow();
62	sp.disable_function.function("include_once").value_r("\.(inc\|phtml\|php)$").allow();	62	sp.disable_function.function("include_once").value_r("\.(inc\|phtml\|php)$").allow();
63	sp.disable_function.function("require").value_r("\.(inc\|phtml\|php)$").allow();	63	sp.disable_function.function("require").value_r("\.(inc\|phtml\|php)$").allow();
@@ -80,7 +80,7 @@ sp.disable_function.function("ini_set").param("varname").value("memory_limit").d
80	sp.disable_function.function("ini_set").param("varname").value("include_path").drop();	80	sp.disable_function.function("ini_set").param("varname").value("include_path").drop();
81	sp.disable_function.function("ini_set").param("varname").value("open_basedir").drop();	81	sp.disable_function.function("ini_set").param("varname").value("open_basedir").drop();
82		82
83	# Detect some backdoors via environnement recon	83	# Detect some backdoors via environment recon
84	sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop();	84	sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop();
85	sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop();	85	sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop();
86	sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop();	86	sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop();
@@ -109,7 +109,7 @@ sp.disable_function.function("curl_setopt").param("value").value("2").allow();
109	sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off.");	109	sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off.");
110	sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");	110	sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
111		111
112	#File upload	112	# File upload
113	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();	113	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
114	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();	114	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
115		115