From a250aca71f57036ede5b4934d404f3d33f574f98 Mon Sep 17 00:00:00 2001
From: Gasper Vozel
Date: Mon, 16 Aug 2021 11:54:48 +0200
Subject: Fix a few typos and inconsistencies in config files

---
 config/default.rules      | 10 +++++-----
 config/default_php8.rules |  6 +++---
 config/rips.rules         |  1 -
 config/typo3.rules        |  8 ++++----
 4 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/config/default.rules b/config/default.rules
index ea65e01..b12653c 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -22,14 +22,14 @@ sp.disable_xxe.enable();
 # Only allow execution of read-only files. This is a low-hanging fruit that you should enable.
 # sp.readonly_exec.enable();
 
-# Php has a lot of wrappers, most of them aren't usually useful, you should 
+# PHP has a lot of wrappers, most of them aren't usually useful, you should
 # only enable the ones you're using.
 # sp.wrappers_whitelist.list("file,php,phar");
 
 # Prevent sloppy comparisons.
 # sp.sloppy_comparison.enable();
 
-# use SameSite on session cookie
+# Use SameSite on session cookie
 # https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
 sp.cookie.name("PHPSESSID").samesite("lax");
 
@@ -57,7 +57,7 @@ sp.disable_function.function("extract").param("extract_type").value("0").drop()
 # Moreover, there are non-public bypasses that are also using this vector ;)
 sp.disable_function.function("ini_set").param("varname").value_r("open_basedir").drop()
 
-##Prevent various `include`-related vulnerabilities
+# Prevent various `include`-related vulnerabilities
 sp.disable_function.function("require_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("include_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("require").value_r("\.(inc|phtml|php)$").allow();
@@ -80,7 +80,7 @@ sp.disable_function.function("ini_set").param("varname").value("memory_limit").d
 sp.disable_function.function("ini_set").param("varname").value("include_path").drop();
 sp.disable_function.function("ini_set").param("varname").value("open_basedir").drop();
 
-# Detect some backdoors via environnement recon
+# Detect some backdoors via environment recon
 sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop();
 sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop();
 sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop();
@@ -109,7 +109,7 @@ sp.disable_function.function("curl_setopt").param("value").value("2").allow();
 sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off.");
 sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
 
-#File upload
+# File upload
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
 
diff --git a/config/default_php8.rules b/config/default_php8.rules
index c024176..2dd328d 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -23,14 +23,14 @@ sp.disable_xxe.enable();
 # Only allow execution of read-only files. This is a low-hanging fruit that you should enable.
 # sp.readonly_exec.enable();
 
-# Php has a lot of wrappers, most of them aren't usually useful, you should
+# PHP has a lot of wrappers, most of them aren't usually useful, you should
 # only enable the ones you're using.
 # sp.wrappers_whitelist.list("file,php,phar");
 
 # Prevent sloppy comparisons.
 # sp.sloppy_comparison.enable();
 
-# use SameSite on session cookie
+# Use SameSite on session cookie
 # https://snuffleupagus.readthedocs.io/features.html#protection-against-cross-site-request-forgery
 sp.cookie.name("PHPSESSID").samesite("lax");
 
@@ -58,7 +58,7 @@ sp.disable_function.function("extract").param("flags").value("0").drop()
 # Moreover, there are non-public bypasses that are also using this vector ;)
 sp.disable_function.function("ini_set").param("option").value_r("open_basedir").drop()
 
-##Prevent various `include`-related vulnerabilities
+# Prevent various `include`-related vulnerabilities
 sp.disable_function.function("require_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("include_once").value_r("\.(inc|phtml|php)$").allow();
 sp.disable_function.function("require").value_r("\.(inc|phtml|php)$").allow();
diff --git a/config/rips.rules b/config/rips.rules
index 52e3f27..dcb08c1 100644
--- a/config/rips.rules
+++ b/config/rips.rules
@@ -30,4 +30,3 @@ sp.disable_function.filename("/forgot_passwd.php").function("cpg_db_query").var(
 # CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
 sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop();
 sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop();
-
diff --git a/config/typo3.rules b/config/typo3.rules
index c76cf91..0838b89 100644
--- a/config/typo3.rules
+++ b/config/typo3.rules
@@ -2,7 +2,7 @@
 sp.disable_function.function("chmod").param("mode").filename_r("typo3/sysext/core/Classes/Utility/GeneralUtility.php$").value_r("^[0-9]{2}6$").allow();
 sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
 
-##Prevent various `include`-related vulnerabilities
+# Prevent various `include`-related vulnerabilities
 sp.disable_function.function("require_once").value_r("\.php$").allow();
 sp.disable_function.function("include_once").value_r("\.php$").allow();
 sp.disable_function.function("require").value_r("\.php$").allow();
@@ -27,14 +27,14 @@ sp.disable_function.function("ini_set").param("var_name").value("memory_limit").
 sp.disable_function.function("ini_set").param("var_name").value("include_path").drop();
 sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();
 
-# Detect some backdoors via environnement recon
+# Detect some backdoors via environment recon
 sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/core/Classes/Cache/Backend/SimpleFileBackend.php$").value("open_basedir").allow();
 sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/Check.php$").value("open_basedir").allow();
 sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/SetupCheck.php$").value("allow_url_fopen").allow();
 sp.disable_function.function("ini_get").param("var_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value("allow_url_fopen").allow();
 sp.disable_function.function("ini_get").param("var_name").value_r("^(?:allow_url_fopen|open_basedir|suhosin)$").drop();
 
-#need to be allow for example to execute Scheduled tasks
+# Need to be allow for example to execute Scheduled tasks
 sp.disable_function.function("function_exists").param("function_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value_r("^(?:curl_multi_exec|curl_exec)$").allow();
 sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop();
 sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
@@ -48,6 +48,6 @@ sp.disable_function.function("QueryBuilder::setParameter").param("value").value_
 sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("sleep").drop();
 sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("information_schema").drop();
 
-#File upload
+# File upload
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
-- 
cgit v1.3