Tighten a bit the command-injection prevention rule

author: jvoisin 2018-12-25 20:36:09 +0100
committer: jvoisin 2018-12-25 20:36:09 +0100
commit: 0abc394a29248bba99d9590a49ba7301dfa6cd58 (patch)
tree: 8b20fc5d6786001af8751a5597e7b884aa9e172a /config
parent: 0b069bd72487bef6e80ff3a19a75a143cbf47e45 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/config/default.rules b/config/default.rules
index 6fac367..f8fb1f8 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -27,10 +27,10 @@ sp.disable_function.function("require").drop()
 sp.disable_function.function("include").drop()
 # Prevent `system`-related injections
-sp.disable_function.function("system").param("command").value_r("[$|;&`\\n]").drop();
+sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
-sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n]").drop();
+sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
-sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n]").drop();
+sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
-sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n]").drop();
+sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 # Prevent runtime modification of interesting things
 sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();
author	jvoisin	2018-12-25 20:36:09 +0100
committer	jvoisin	2018-12-25 20:36:09 +0100
commit	0abc394a29248bba99d9590a49ba7301dfa6cd58 (patch)
tree	8b20fc5d6786001af8751a5597e7b884aa9e172a /config
parent	0b069bd72487bef6e80ff3a19a75a143cbf47e45 (diff)

diff --git a/config/default.rules b/config/default.rules index 6fac367..f8fb1f8 100644 --- a/config/default.rules +++ b/config/default.rules
@@ -27,10 +27,10 @@ sp.disable_function.function("require").drop()
27	sp.disable_function.function("include").drop()	27	sp.disable_function.function("include").drop()
28		28
29	# Prevent `system`-related injections	29	# Prevent `system`-related injections
30	sp.disable_function.function("system").param("command").value_r("[$\|;&`\\n]").drop();	30	sp.disable_function.function("system").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();
31	sp.disable_function.function("shell_exec").param("command").value_r("[$\|;&`\\n]").drop();	31	sp.disable_function.function("shell_exec").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();
32	sp.disable_function.function("exec").param("command").value_r("[$\|;&`\\n]").drop();	32	sp.disable_function.function("exec").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();
33	sp.disable_function.function("proc_open").param("command").value_r("[$\|;&`\\n]").drop();	33	sp.disable_function.function("proc_open").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();
34		34
35	# Prevent runtime modification of interesting things	35	# Prevent runtime modification of interesting things
36	sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();	36	sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();