summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/default.rules5
-rw-r--r--config/default_php8.rules5
2 files changed, 6 insertions, 4 deletions
diff --git a/config/default.rules b/config/default.rules
index 74e1edb..ea65e01 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -33,8 +33,9 @@ sp.disable_xxe.enable();
33# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery 33# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
34sp.cookie.name("PHPSESSID").samesite("lax"); 34sp.cookie.name("PHPSESSID").samesite("lax");
35 35
36# Harden the `chmod` function 36# Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
37sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop(); 37sp.disable_function.function("chmod").param("mode").value("438").drop();
38sp.disable_function.function("chmod").param("mode").value("511").drop();
38 39
39# Prevent various `mail`-related vulnerabilities 40# Prevent various `mail`-related vulnerabilities
40sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop(); 41sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
diff --git a/config/default_php8.rules b/config/default_php8.rules
index 893bfbc..c024176 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -34,8 +34,9 @@ sp.disable_xxe.enable();
34# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery 34# https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
35sp.cookie.name("PHPSESSID").samesite("lax"); 35sp.cookie.name("PHPSESSID").samesite("lax");
36 36
37# Harden the `chmod` function 37# Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
38sp.disable_function.function("chmod").param("permissions").value_r("^[0-9]{2}[67]$").drop(); 38sp.disable_function.function("chmod").param("permissions").value("438").drop();
39sp.disable_function.function("chmod").param("permissions").value("511").drop();
39 40
40# Prevent various `mail`-related vulnerabilities 41# Prevent various `mail`-related vulnerabilities
41sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop(); 42sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();