summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorxXx-caillou-xXx2018-07-13 10:36:50 +0200
committerjvoisin2018-07-13 08:36:50 +0000
commit7963580d72a358975133f86f01de2d2eab08ba38 (patch)
tree4bec345d70f687a2a6002b36e2f2fc79318959f6 /config
parent12b740bc7bb01ffe397cecc5b6fa25b136304911 (diff)
Massively optimize how rules are handled
This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
Diffstat (limited to 'config')
-rw-r--r--config/default.rules50
1 files changed, 26 insertions, 24 deletions
diff --git a/config/default.rules b/config/default.rules
index fb53708..4e6a27f 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -35,35 +35,37 @@ sp.disable_function.function("ini_get").param("var_name").value_r("(?:allow_url_
35sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop(); 35sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop();
36sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop(); 36sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
37 37
38# Commenting sqli related stuff to improve performance.
39# TODO figure out why these functions can't be hooked at startup
38# Ghetto sqli hardening 40# Ghetto sqli hardening
39sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop(); 41# sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop();
40sp.disable_function.function("mysql_query").param("query").value_r("--").drop(); 42# sp.disable_function.function("mysql_query").param("query").value_r("--").drop();
41sp.disable_function.function("mysql_query").param("query").value_r("#").drop(); 43# sp.disable_function.function("mysql_query").param("query").value_r("#").drop();
42sp.disable_function.function("mysql_query").param("query").value_r(";.*;").drop(); 44# sp.disable_function.function("mysql_query").param("query").value_r(";.*;").drop();
43sp.disable_function.function("mysql_query").param("query").value_r("benchmark").drop(); 45# sp.disable_function.function("mysql_query").param("query").value_r("benchmark").drop();
44sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop(); 46# sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop();
45sp.disable_function.function("mysql_query").param("query").value_r("information_schema").drop(); 47# sp.disable_function.function("mysql_query").param("query").value_r("information_schema").drop();
46 48
47sp.disable_function.function("mysqli_query").param("query").value_r("/\\*").drop(); 49# sp.disable_function.function("mysqli_query").param("query").value_r("/\\*").drop();
48sp.disable_function.function("mysqli_query").param("query").value_r("--").drop(); 50# sp.disable_function.function("mysqli_query").param("query").value_r("--").drop();
49sp.disable_function.function("mysqli_query").param("query").value_r("#").drop(); 51# sp.disable_function.function("mysqli_query").param("query").value_r("#").drop();
50sp.disable_function.function("mysqli_query").param("query").value_r(";.*;").drop(); 52# sp.disable_function.function("mysqli_query").param("query").value_r(";.*;").drop();
51sp.disable_function.function("mysqli_query").param("query").value_r("benchmark").drop(); 53# sp.disable_function.function("mysqli_query").param("query").value_r("benchmark").drop();
52sp.disable_function.function("mysqli_query").param("query").value_r("sleep").drop(); 54# sp.disable_function.function("mysqli_query").param("query").value_r("sleep").drop();
53sp.disable_function.function("mysqli_query").param("query").value_r("information_schema").drop(); 55# sp.disable_function.function("mysqli_query").param("query").value_r("information_schema").drop();
54 56
55sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop(); 57# sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
56sp.disable_function.function("PDO::query").param("query").value_r("--").drop(); 58# sp.disable_function.function("PDO::query").param("query").value_r("--").drop();
57sp.disable_function.function("PDO::query").param("query").value_r("#").drop(); 59# sp.disable_function.function("PDO::query").param("query").value_r("#").drop();
58sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop(); 60# sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop();
59sp.disable_function.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop(); 61# sp.disable_function.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();
60sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop(); 62# sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();
61sp.disable_function.function("PDO::query").param("query").value_r("information_schema").drop(); 63# sp.disable_function.function("PDO::query").param("query").value_r("information_schema").drop();
62 64
63# Ghetto sqli detection 65# Ghetto sqli detection
64sp.disable_function.function("mysql_query").ret("FALSE").drop(); 66# sp.disable_function.function("mysql_query").ret("FALSE").drop();
65sp.disable_function.function("mysqli_query").ret("FALSE").drop(); 67# sp.disable_function.function("mysqli_query").ret("FALSE").drop();
66sp.disable_function.function("PDO::query").ret("FALSE").drop(); 68# sp.disable_function.function("PDO::query").ret("FALSE").drop();
67 69
68#File upload 70#File upload
69sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop(); 71sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();