Fix a few typos and inconsistencies in config files

author: Gasper Vozel 2021-08-16 11:54:48 +0200
committer: GitHub 2021-08-16 11:54:48 +0200
commit: a250aca71f57036ede5b4934d404f3d33f574f98 (patch)
tree: 1938ea7c8da08b2914b9c9eda48487edf74a0ac7 /config
parent: 76424299f8dd69990a7812474803fac9ec52b0b2 (diff)
4 files changed, 12 insertions, 13 deletions
diff --git a/config/default.rules b/config/default.rules
index ea65e01..b12653c 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -22,14 +22,14 @@ sp.disable_xxe.enable();
 # Only allow execution of read-only files. This is a low-hanging fruit that you should enable.
 # sp.readonly_exec.enable();
-# Php has a lot of wrappers, most of them aren't usually useful, you should 
+# PHP has a lot of wrappers, most of them aren't usually useful, you should
 # only enable the ones you're using.
 # sp.wrappers_whitelist.list("file,php,phar");
 # Prevent sloppy comparisons.
 # sp.sloppy_comparison.enable();
-# use SameSite on session cookie
+# Use SameSite on session cookie
 # https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
 sp.cookie.name("PHPSESSID").samesite("lax");
@@ -57,7 +57,7 @@ sp.disable_function.function("extract").param("extract_type").value("0").drop()
 # Moreover, there are non-public bypasses that are also using this vector ;)
 sp.disable_function.function("ini_set").param("varname").value_r("open_basedir").drop()
-##Prevent various `include`-related vulnerabilities
+# Prevent various `include`-related vulnerabilities
 sp.disable_function.function("require_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("include_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("require").value_r("\.(inc|phtml|php)$").allow();
@@ -80,7 +80,7 @@ sp.disable_function.function("ini_set").param("varname").value("memory_limit").d
 sp.disable_function.function("ini_set").param("varname").value("include_path").drop();
 sp.disable_function.function("ini_set").param("varname").value("open_basedir").drop();
-# Detect some backdoors via environnement recon
+# Detect some backdoors via environment recon
 sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop();
 sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop();
 sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop();
@@ -109,7 +109,7 @@ sp.disable_function.function("curl_setopt").param("value").value("2").allow();
 sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off.");
 sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
-#File upload
+# File upload
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
diff --git a/config/default_php8.rules b/config/default_php8.rules
index c024176..2dd328d 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -23,14 +23,14 @@ sp.disable_xxe.enable();
 # Only allow execution of read-only files. This is a low-hanging fruit that you should enable.
 # sp.readonly_exec.enable();
-# Php has a lot of wrappers, most of them aren't usually useful, you should
+# PHP has a lot of wrappers, most of them aren't usually useful, you should
 # only enable the ones you're using.
 # sp.wrappers_whitelist.list("file,php,phar");
 # Prevent sloppy comparisons.
 # sp.sloppy_comparison.enable();
-# use SameSite on session cookie
+# Use SameSite on session cookie
 # https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
 sp.cookie.name("PHPSESSID").samesite("lax");
@@ -58,7 +58,7 @@ sp.disable_function.function("extract").param("flags").value("0").drop()
 # Moreover, there are non-public bypasses that are also using this vector ;)
 sp.disable_function.function("ini_set").param("option").value_r("open_basedir").drop()
-##Prevent various `include`-related vulnerabilities
+# Prevent various `include`-related vulnerabilities
 sp.disable_function.function("require_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("include_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("require").value_r("\.(inc|phtml|php)$").allow();
diff --git a/config/rips.rules b/config/rips.rules
index 52e3f27..dcb08c1 100644
--- a/config/rips.rules
+++ b/config/rips.rules
@@ -30,4 +30,3 @@ sp.disable_function.filename("/forgot_passwd.php").function("cpg_db_query").var(
 # CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
 sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop();
 sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop();
diff --git a/config/typo3.rules b/config/typo3.rules
index c76cf91..0838b89 100644
--- a/config/typo3.rules
+++ b/config/typo3.rules
@@ -2,7 +2,7 @@
 sp.disable_function.function("chmod").param("mode").filename_r("typo3/sysext/core/Classes/Utility/GeneralUtility.php$").value_r("^[0-9]{2}6$").allow();
 sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
-##Prevent various `include`-related vulnerabilities
+# Prevent various `include`-related vulnerabilities
 sp.disable_function.function("require_once").value_r("\.php$").allow();
 sp.disable_function.function("include_once").value_r("\.php$").allow();
 sp.disable_function.function("require").value_r("\.php$").allow();
@@ -27,14 +27,14 @@ sp.disable_function.function("ini_set").param("var_name").value("memory_limit").
 sp.disable_function.function("ini_set").param("var_name").value("include_path").drop();
 sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();
-# Detect some backdoors via environnement recon
+# Detect some backdoors via environment recon
 sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/core/Classes/Cache/Backend/SimpleFileBackend.php$").value("open_basedir").allow();
 sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/Check.php$").value("open_basedir").allow();
 sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/SetupCheck.php$").value("allow_url_fopen").allow();
 sp.disable_function.function("ini_get").param("var_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value("allow_url_fopen").allow();
 sp.disable_function.function("ini_get").param("var_name").value_r("^(?:allow_url_fopen|open_basedir|suhosin)$").drop();
-#need to be allow for example to execute Scheduled tasks
+# Need to be allow for example to execute Scheduled tasks
 sp.disable_function.function("function_exists").param("function_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value_r("^(?:curl_multi_exec|curl_exec)$").allow();
 sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop();
 sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
@@ -48,6 +48,6 @@ sp.disable_function.function("QueryBuilder::setParameter").param("value").value_
 sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("sleep").drop();
 sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("information_schema").drop();
-#File upload
+# File upload
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
author	Gasper Vozel	2021-08-16 11:54:48 +0200
committer	GitHub	2021-08-16 11:54:48 +0200
commit	a250aca71f57036ede5b4934d404f3d33f574f98 (patch)
tree	1938ea7c8da08b2914b9c9eda48487edf74a0ac7 /config
parent	76424299f8dd69990a7812474803fac9ec52b0b2 (diff)

diff --git a/config/default.rules b/config/default.rules index ea65e01..b12653c 100644 --- a/config/default.rules +++ b/config/default.rules
@@ -22,14 +22,14 @@ sp.disable_xxe.enable();
22	# Only allow execution of read-only files. This is a low-hanging fruit that you should enable.	22	# Only allow execution of read-only files. This is a low-hanging fruit that you should enable.
23	# sp.readonly_exec.enable();	23	# sp.readonly_exec.enable();
24		24
25	# Php has a lot of wrappers, most of them aren't usually useful, you should	25	# PHP has a lot of wrappers, most of them aren't usually useful, you should
26	# only enable the ones you're using.	26	# only enable the ones you're using.
27	# sp.wrappers_whitelist.list("file,php,phar");	27	# sp.wrappers_whitelist.list("file,php,phar");
28		28
29	# Prevent sloppy comparisons.	29	# Prevent sloppy comparisons.
30	# sp.sloppy_comparison.enable();	30	# sp.sloppy_comparison.enable();
31		31
32	# use SameSite on session cookie	32	# Use SameSite on session cookie
33	# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery	33	# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
34	sp.cookie.name("PHPSESSID").samesite("lax");	34	sp.cookie.name("PHPSESSID").samesite("lax");
35		35
@@ -57,7 +57,7 @@ sp.disable_function.function("extract").param("extract_type").value("0").drop()
57	# Moreover, there are non-public bypasses that are also using this vector ;)	57	# Moreover, there are non-public bypasses that are also using this vector ;)
58	sp.disable_function.function("ini_set").param("varname").value_r("open_basedir").drop()	58	sp.disable_function.function("ini_set").param("varname").value_r("open_basedir").drop()
59		59
60	##Prevent various `include`-related vulnerabilities	60	# Prevent various `include`-related vulnerabilities
61	sp.disable_function.function("require_once").value_r("\.(inc\|phtml\|php)$").allow();	61	sp.disable_function.function("require_once").value_r("\.(inc\|phtml\|php)$").allow();
62	sp.disable_function.function("include_once").value_r("\.(inc\|phtml\|php)$").allow();	62	sp.disable_function.function("include_once").value_r("\.(inc\|phtml\|php)$").allow();
63	sp.disable_function.function("require").value_r("\.(inc\|phtml\|php)$").allow();	63	sp.disable_function.function("require").value_r("\.(inc\|phtml\|php)$").allow();
@@ -80,7 +80,7 @@ sp.disable_function.function("ini_set").param("varname").value("memory_limit").d
80	sp.disable_function.function("ini_set").param("varname").value("include_path").drop();	80	sp.disable_function.function("ini_set").param("varname").value("include_path").drop();
81	sp.disable_function.function("ini_set").param("varname").value("open_basedir").drop();	81	sp.disable_function.function("ini_set").param("varname").value("open_basedir").drop();
82		82
83	# Detect some backdoors via environnement recon	83	# Detect some backdoors via environment recon
84	sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop();	84	sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop();
85	sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop();	85	sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop();
86	sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop();	86	sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop();
@@ -109,7 +109,7 @@ sp.disable_function.function("curl_setopt").param("value").value("2").allow();
109	sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off.");	109	sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off.");
110	sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");	110	sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
111		111
112	#File upload	112	# File upload
113	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();	113	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
114	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();	114	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
115		115


diff --git a/config/default_php8.rules b/config/default_php8.rules index c024176..2dd328d 100644 --- a/config/default_php8.rules +++ b/config/default_php8.rules
@@ -23,14 +23,14 @@ sp.disable_xxe.enable();
23	# Only allow execution of read-only files. This is a low-hanging fruit that you should enable.	23	# Only allow execution of read-only files. This is a low-hanging fruit that you should enable.
24	# sp.readonly_exec.enable();	24	# sp.readonly_exec.enable();
25		25
26	# Php has a lot of wrappers, most of them aren't usually useful, you should	26	# PHP has a lot of wrappers, most of them aren't usually useful, you should
27	# only enable the ones you're using.	27	# only enable the ones you're using.
28	# sp.wrappers_whitelist.list("file,php,phar");	28	# sp.wrappers_whitelist.list("file,php,phar");
29		29
30	# Prevent sloppy comparisons.	30	# Prevent sloppy comparisons.
31	# sp.sloppy_comparison.enable();	31	# sp.sloppy_comparison.enable();
32		32
33	# use SameSite on session cookie	33	# Use SameSite on session cookie
34	# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery	34	# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
35	sp.cookie.name("PHPSESSID").samesite("lax");	35	sp.cookie.name("PHPSESSID").samesite("lax");
36		36
@@ -58,7 +58,7 @@ sp.disable_function.function("extract").param("flags").value("0").drop()
58	# Moreover, there are non-public bypasses that are also using this vector ;)	58	# Moreover, there are non-public bypasses that are also using this vector ;)
59	sp.disable_function.function("ini_set").param("option").value_r("open_basedir").drop()	59	sp.disable_function.function("ini_set").param("option").value_r("open_basedir").drop()
60		60
61	##Prevent various `include`-related vulnerabilities	61	# Prevent various `include`-related vulnerabilities
62	sp.disable_function.function("require_once").value_r("\.(inc\|phtml\|php)$").allow();	62	sp.disable_function.function("require_once").value_r("\.(inc\|phtml\|php)$").allow();
63	sp.disable_function.function("include_once").value_r("\.(inc\|phtml\|php)$").allow();	63	sp.disable_function.function("include_once").value_r("\.(inc\|phtml\|php)$").allow();
64	sp.disable_function.function("require").value_r("\.(inc\|phtml\|php)$").allow();	64	sp.disable_function.function("require").value_r("\.(inc\|phtml\|php)$").allow();


diff --git a/config/rips.rules b/config/rips.rules index 52e3f27..dcb08c1 100644 --- a/config/rips.rules +++ b/config/rips.rules
@@ -30,4 +30,3 @@ sp.disable_function.filename("/forgot_passwd.php").function("cpg_db_query").var(
30	# CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html	30	# CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
31	sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop();	31	sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop();
32	sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop();	32	sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop();
33


diff --git a/config/typo3.rules b/config/typo3.rules index c76cf91..0838b89 100644 --- a/config/typo3.rules +++ b/config/typo3.rules
@@ -2,7 +2,7 @@
2	sp.disable_function.function("chmod").param("mode").filename_r("typo3/sysext/core/Classes/Utility/GeneralUtility.php$").value_r("^[0-9]{2}6$").allow();	2	sp.disable_function.function("chmod").param("mode").filename_r("typo3/sysext/core/Classes/Utility/GeneralUtility.php$").value_r("^[0-9]{2}6$").allow();
3	sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();	3	sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
4		4
5	##Prevent various `include`-related vulnerabilities	5	# Prevent various `include`-related vulnerabilities
6	sp.disable_function.function("require_once").value_r("\.php$").allow();	6	sp.disable_function.function("require_once").value_r("\.php$").allow();
7	sp.disable_function.function("include_once").value_r("\.php$").allow();	7	sp.disable_function.function("include_once").value_r("\.php$").allow();
8	sp.disable_function.function("require").value_r("\.php$").allow();	8	sp.disable_function.function("require").value_r("\.php$").allow();
@@ -27,14 +27,14 @@ sp.disable_function.function("ini_set").param("var_name").value("memory_limit").
27	sp.disable_function.function("ini_set").param("var_name").value("include_path").drop();	27	sp.disable_function.function("ini_set").param("var_name").value("include_path").drop();
28	sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();	28	sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();
29		29
30	# Detect some backdoors via environnement recon	30	# Detect some backdoors via environment recon
31	sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/core/Classes/Cache/Backend/SimpleFileBackend.php$").value("open_basedir").allow();	31	sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/core/Classes/Cache/Backend/SimpleFileBackend.php$").value("open_basedir").allow();
32	sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/Check.php$").value("open_basedir").allow();	32	sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/Check.php$").value("open_basedir").allow();
33	sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/SetupCheck.php$").value("allow_url_fopen").allow();	33	sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/SetupCheck.php$").value("allow_url_fopen").allow();
34	sp.disable_function.function("ini_get").param("var_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value("allow_url_fopen").allow();	34	sp.disable_function.function("ini_get").param("var_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value("allow_url_fopen").allow();
35	sp.disable_function.function("ini_get").param("var_name").value_r("^(?:allow_url_fopen\|open_basedir\|suhosin)$").drop();	35	sp.disable_function.function("ini_get").param("var_name").value_r("^(?:allow_url_fopen\|open_basedir\|suhosin)$").drop();
36		36
37	#need to be allow for example to execute Scheduled tasks	37	# Need to be allow for example to execute Scheduled tasks
38	sp.disable_function.function("function_exists").param("function_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value_r("^(?:curl_multi_exec\|curl_exec)$").allow();	38	sp.disable_function.function("function_exists").param("function_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value_r("^(?:curl_multi_exec\|curl_exec)$").allow();
39	sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval\|exec\|system)").drop();	39	sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval\|exec\|system)").drop();
40	sp.disable_function.function("is_callable").param("var").value_r("(?:eval\|exec\|system)").drop();	40	sp.disable_function.function("is_callable").param("var").value_r("(?:eval\|exec\|system)").drop();
@@ -48,6 +48,6 @@ sp.disable_function.function("QueryBuilder::setParameter").param("value").value_
48	sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("sleep").drop();	48	sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("sleep").drop();
49	sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("information_schema").drop();	49	sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("information_schema").drop();
50		50
51	#File upload	51	# File upload
52	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();	52	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
53	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();	53	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();