Allow the inclusion of `.inc` files

author: jvoisin 2018-07-23 14:57:55 +0200
committer: jvoisin 2018-07-23 14:57:55 +0200
commit: a40c6c11be746af62e90eb871c108008d7f91c1d (patch)
tree: 9cd0b9a5ac5b322d21da024428251706554456ab /config
parent: 81849ac95837d343064a4989eb8d00a87bf02b2d (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/config/default.rules b/config/default.rules
index b16434f..6cc67e6 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -17,10 +17,10 @@ sp.disable_function.function("mail").param("additional_parameters").value_r("\\-
 sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
 ##Prevent various `include`-related vulnerabilities
-sp.disable_function.function("require_once").value_r("\.php$").allow();
+sp.disable_function.function("require_once").value_r("\.(php|inc)$").allow();
-sp.disable_function.function("include_once").value_r("\.php$").allow();
+sp.disable_function.function("include_once").value_r("\.(php|inc)$").allow();
-sp.disable_function.function("require").value_r("\.php$").allow();
+sp.disable_function.function("require").value_r("\.(php|inc)$").allow();
-sp.disable_function.function("include").value_r("\.php$").allow();
+sp.disable_function.function("include").value_r("\.(php|inc)$").allow();
 sp.disable_function.function("require_once").drop()
 sp.disable_function.function("include_once").drop()
 sp.disable_function.function("require").drop()
author	jvoisin	2018-07-23 14:57:55 +0200
committer	jvoisin	2018-07-23 14:57:55 +0200
commit	a40c6c11be746af62e90eb871c108008d7f91c1d (patch)
tree	9cd0b9a5ac5b322d21da024428251706554456ab /config
parent	81849ac95837d343064a4989eb8d00a87bf02b2d (diff)

diff --git a/config/default.rules b/config/default.rules index b16434f..6cc67e6 100644 --- a/config/default.rules +++ b/config/default.rules
@@ -17,10 +17,10 @@ sp.disable_function.function("mail").param("additional_parameters").value_r("\\-
17	sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()	17	sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
18		18
19	##Prevent various `include`-related vulnerabilities	19	##Prevent various `include`-related vulnerabilities
20	sp.disable_function.function("require_once").value_r("\.php$").allow();	20	sp.disable_function.function("require_once").value_r("\.(php\|inc)$").allow();
21	sp.disable_function.function("include_once").value_r("\.php$").allow();	21	sp.disable_function.function("include_once").value_r("\.(php\|inc)$").allow();
22	sp.disable_function.function("require").value_r("\.php$").allow();	22	sp.disable_function.function("require").value_r("\.(php\|inc)$").allow();
23	sp.disable_function.function("include").value_r("\.php$").allow();	23	sp.disable_function.function("include").value_r("\.(php\|inc)$").allow();
24	sp.disable_function.function("require_once").drop()	24	sp.disable_function.function("require_once").drop()
25	sp.disable_function.function("include_once").drop()	25	sp.disable_function.function("include_once").drop()
26	sp.disable_function.function("require").drop()	26	sp.disable_function.function("require").drop()