From c7ce5c3528e8da8762e6e7067001549e109397ba Mon Sep 17 00:00:00 2001
From: Christian Göttsche
Date: Mon, 27 May 2024 21:33:00 +0200
Subject: Add option to specify the allowed "php" wrapper types

In addition of the current possibility to filter wrappers by their
protocol name, also add the option to filter the "php" wrapper by the
requested kind.
Especially the 'filter' backend can be disabled that way.
---
 config/default_php8.rules | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'config')

diff --git a/config/default_php8.rules b/config/default_php8.rules
index 98cc0db..096f033 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -26,6 +26,8 @@ sp.xxe_protection.enable();
 # PHP has a lot of wrappers, most of them aren't usually useful, you should
 # only enable the ones you're using.
 # sp.wrappers_whitelist.list("file,php,phar");
+# The "php" wrapper can be further filtered
+# sp.wrappers_whitelist.php_list("stdout,stdin,stderr");
 
 # Prevent sloppy comparisons.
 # sp.sloppy_comparison.enable();
-- 
cgit v1.3