diff options
| author | Gasper Vozel | 2021-08-16 11:54:48 +0200 |
|---|---|---|
| committer | GitHub | 2021-08-16 11:54:48 +0200 |
| commit | a250aca71f57036ede5b4934d404f3d33f574f98 (patch) | |
| tree | 1938ea7c8da08b2914b9c9eda48487edf74a0ac7 /config/typo3.rules | |
| parent | 76424299f8dd69990a7812474803fac9ec52b0b2 (diff) | |
Fix a few typos and inconsistencies in config files
Diffstat (limited to 'config/typo3.rules')
| -rw-r--r-- | config/typo3.rules | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/config/typo3.rules b/config/typo3.rules index c76cf91..0838b89 100644 --- a/config/typo3.rules +++ b/config/typo3.rules | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | sp.disable_function.function("chmod").param("mode").filename_r("typo3/sysext/core/Classes/Utility/GeneralUtility.php$").value_r("^[0-9]{2}6$").allow(); | 2 | sp.disable_function.function("chmod").param("mode").filename_r("typo3/sysext/core/Classes/Utility/GeneralUtility.php$").value_r("^[0-9]{2}6$").allow(); |
| 3 | sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop(); | 3 | sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop(); |
| 4 | 4 | ||
| 5 | ##Prevent various `include`-related vulnerabilities | 5 | # Prevent various `include`-related vulnerabilities |
| 6 | sp.disable_function.function("require_once").value_r("\.php$").allow(); | 6 | sp.disable_function.function("require_once").value_r("\.php$").allow(); |
| 7 | sp.disable_function.function("include_once").value_r("\.php$").allow(); | 7 | sp.disable_function.function("include_once").value_r("\.php$").allow(); |
| 8 | sp.disable_function.function("require").value_r("\.php$").allow(); | 8 | sp.disable_function.function("require").value_r("\.php$").allow(); |
| @@ -27,14 +27,14 @@ sp.disable_function.function("ini_set").param("var_name").value("memory_limit"). | |||
| 27 | sp.disable_function.function("ini_set").param("var_name").value("include_path").drop(); | 27 | sp.disable_function.function("ini_set").param("var_name").value("include_path").drop(); |
| 28 | sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop(); | 28 | sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop(); |
| 29 | 29 | ||
| 30 | # Detect some backdoors via environnement recon | 30 | # Detect some backdoors via environment recon |
| 31 | sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/core/Classes/Cache/Backend/SimpleFileBackend.php$").value("open_basedir").allow(); | 31 | sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/core/Classes/Cache/Backend/SimpleFileBackend.php$").value("open_basedir").allow(); |
| 32 | sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/Check.php$").value("open_basedir").allow(); | 32 | sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/Check.php$").value("open_basedir").allow(); |
| 33 | sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/SetupCheck.php$").value("allow_url_fopen").allow(); | 33 | sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/SetupCheck.php$").value("allow_url_fopen").allow(); |
| 34 | sp.disable_function.function("ini_get").param("var_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value("allow_url_fopen").allow(); | 34 | sp.disable_function.function("ini_get").param("var_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value("allow_url_fopen").allow(); |
| 35 | sp.disable_function.function("ini_get").param("var_name").value_r("^(?:allow_url_fopen|open_basedir|suhosin)$").drop(); | 35 | sp.disable_function.function("ini_get").param("var_name").value_r("^(?:allow_url_fopen|open_basedir|suhosin)$").drop(); |
| 36 | 36 | ||
| 37 | #need to be allow for example to execute Scheduled tasks | 37 | # Need to be allow for example to execute Scheduled tasks |
| 38 | sp.disable_function.function("function_exists").param("function_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value_r("^(?:curl_multi_exec|curl_exec)$").allow(); | 38 | sp.disable_function.function("function_exists").param("function_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value_r("^(?:curl_multi_exec|curl_exec)$").allow(); |
| 39 | sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop(); | 39 | sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop(); |
| 40 | sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop(); | 40 | sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop(); |
| @@ -48,6 +48,6 @@ sp.disable_function.function("QueryBuilder::setParameter").param("value").value_ | |||
| 48 | sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("sleep").drop(); | 48 | sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("sleep").drop(); |
| 49 | sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("information_schema").drop(); | 49 | sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("information_schema").drop(); |
| 50 | 50 | ||
| 51 | #File upload | 51 | # File upload |
| 52 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop(); | 52 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop(); |
| 53 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop(); | 53 | sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop(); |