Improve a bit the performances (+10%)

author: jvoisin 2018-03-05 14:25:25 +0100
committer: jvoisin 2018-03-05 14:25:25 +0100
commit: 309481168de02f2dee5a4266359d72866442f665 (patch)
tree: ec87f191cb58bcf0dd02bf7478caa9f43b16ddf9 /config
parent: 695f30817ecff47b5a556a79df2ba00fd8fd539e (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/config/default.rules b/config/default.rules
index 7e3ee53..a5ea3d1 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -8,10 +8,14 @@ sp.disable_function.function("mail").param("additional_parameters").value_r("\\-
 sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
 ##Prevent various `include`-related vulnerabilities
-sp.disable_function.function_r("^(?:require|include)_once$").value_r("\\.(?:php|php7|inc|tpl)$").allow();
+sp.disable_function.function("require_once").value_r("\.php$").allow();
-sp.disable_function.function_r("^require|include$").value_r("\\.(?:php|php7|inc|tpl)$").allow();
+sp.disable_function.function("include_once").value_r("\.php$").allow();
-sp.disable_function.function_r("^(?:require|include)_once$").drop();
+sp.disable_function.function("require").value_r("\.php$").allow();
-sp.disable_function.function_r("^require|include$").drop();
+sp.disable_function.function("include").value_r("\.php$").allow();
+sp.disable_function.function("require_once").drop()
+sp.disable_function.function("include_once").drop()
+sp.disable_function.function("require").drop()
+sp.disable_function.function("include").drop()
 # Prevent `system`-related injections
 sp.disable_function.function("system").param("command").value_r("[$|;&`\\n]").drop();
author	jvoisin	2018-03-05 14:25:25 +0100
committer	jvoisin	2018-03-05 14:25:25 +0100
commit	309481168de02f2dee5a4266359d72866442f665 (patch)
tree	ec87f191cb58bcf0dd02bf7478caa9f43b16ddf9 /config
parent	695f30817ecff47b5a556a79df2ba00fd8fd539e (diff)