diff options
| author | jvoisin | 2017-10-11 11:40:02 +0200 |
|---|---|---|
| committer | jvoisin | 2017-10-11 11:40:02 +0200 |
| commit | e44b3b6b6ab1af61f9abc210546700e30aeff19c (patch) | |
| tree | 408b7b079fc719ba686673e88daca939e0573565 /doc | |
| parent | 0e9086030f36f13a4007ae9e111fdcfbc40edbb1 (diff) | |
s/disable_functions/disable_function/g
This should close #36 and #30
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/source/config.rst | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst index 95a76f5..b7fa803 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst | |||
| @@ -12,7 +12,7 @@ Options are chainable by using dots (``.``) and string parameters | |||
| 12 | Comments are prefixed either with ``#``, or ``;``. | 12 | Comments are prefixed either with ``#``, or ``;``. |
| 13 | 13 | ||
| 14 | Some rules apply in a specific ``function`` (context) on a specific ``variable`` | 14 | Some rules apply in a specific ``function`` (context) on a specific ``variable`` |
| 15 | (data), like ``disable_functions``. Others can only be enabled/disabled, like | 15 | (data), like ``disable_function``. Others can only be enabled/disabled, like |
| 16 | ``harden_random``. | 16 | ``harden_random``. |
| 17 | 17 | ||
| 18 | 18 | ||
| @@ -212,14 +212,14 @@ disable_xxe | |||
| 212 | Virtual-patching | 212 | Virtual-patching |
| 213 | ---------------- | 213 | ---------------- |
| 214 | 214 | ||
| 215 | Snuffleupagus provides virtual-patching via the ``disable_functions`` directive, allowing you to stop or control dangerous behaviours. | 215 | Snuffleupagus provides virtual-patching via the ``disable_function`` directive, allowing you to stop or control dangerous behaviours. |
| 216 | In the situation where you have a call to ``system()`` that lacks proper user-input validation, this could cause issues as it would lead to an **RCE**. The virtual-patching would allow this to be prevented. | 216 | In the situation where you have a call to ``system()`` that lacks proper user-input validation, this could cause issues as it would lead to an **RCE**. The virtual-patching would allow this to be prevented. |
| 217 | 217 | ||
| 218 | :: | 218 | :: |
| 219 | 219 | ||
| 220 | # Allow `id.php` to restrict system() calls to `id` | 220 | # Allow `id.php` to restrict system() calls to `id` |
| 221 | sp.disable_functions.function("system").filename("id.php").param("cmd").value("id").allow(); | 221 | sp.disable_function.function("system").filename("id.php").param("cmd").value("id").allow(); |
| 222 | sp.disable_functions.function("system").filename("id.php").drop() | 222 | sp.disable_function.function("system").filename("id.php").drop() |
| 223 | 223 | ||
| 224 | Of course, this is a trivial example, a lot can be achieved with this feature, as you will see below. | 224 | Of course, this is a trivial example, a lot can be achieved with this feature, as you will see below. |
| 225 | 225 | ||
| @@ -309,9 +309,9 @@ The following rules will: | |||
| 309 | 309 | ||
| 310 | :: | 310 | :: |
| 311 | 311 | ||
| 312 | sp.disable_functions.function("system").param("cmd").value("id").allow(); | 312 | sp.disable_function.function("system").param("cmd").value("id").allow(); |
| 313 | sp.disable_functions.function("system").param("cmd").value_r("^ping").drop().simulation(); | 313 | sp.disable_function.function("system").param("cmd").value_r("^ping").drop().simulation(); |
| 314 | sp.disable_functions.function("system").param("cmd").drop(); | 314 | sp.disable_function.function("system").param("cmd").drop(); |
| 315 | 315 | ||
| 316 | Miscellaneous examples | 316 | Miscellaneous examples |
| 317 | """""""""""""""""""""" | 317 | """""""""""""""""""""" |