Comments (5)
Before I submit a pull request for this a couple of questions:
- The naming scheme for rules dealing with CVEs. Would you prefer a class name that conforms to a particular naming scheme (e.g.: Psecio\Iniscan\Rule\Cve\2013\1635) or something a bit more descriptive (e.g.: Psecio\Iniscan\Rule\CheckSoapWsdlCacheDir)?
- I'd like to extend Psecio\Iniscan\Rule to include a get/set version so the ini tool can be used to scan future problems with a php.ini before an upgrade/downgrade happens (also makes testing for version specific rules easier). Are you happy with that?
from iniscan.
- I think I'd like to stick with the descriptive name and just provide a link to the CVE in the header docs of the class. I'd rather people know what it's checking than what specific CVE it relates to.
- Yep, that's good by me - go for it.
from iniscan.
Found an interesting side-effect. Setting open_basedir to a folder that does not contain your CLI php.ini prevents PHP from being able to read the php.ini file which prevent the iniscan from working (obviously this is moot when scanning your apache/httpd/etc php.ini file).
from iniscan.
Huh, good point...chicken and egg sort of thing. I guess that's one limitation of using PHP to run a PHP check heh...
from iniscan.
Closing this issue as this check was added.
from iniscan.
Related Issues (20)
- Add support for configuration dirs HOT 5
- The configuration file could not be found HOT 9
- security.limit_extensions ? HOT 4
- Add warning if soap.wsdl_cache_dir is not set for PHP <= 5.6.7 (or if it is set to /tmp at all)
- Show "Current value" column in the scan results table HOT 2
- Support for open_basedir containing more then one paths set HOT 4
- Domain expired HOT 4
- Problem installing on PHP 7 (ocramius/instantiator dependency) HOT 5
- dump of the running php deamon HOT 1
- Invalid argument supplied for foreach() by running iniscan show HOT 4
- incorrect results / false positives HOT 9
- soap.wsdl_cache_dir: False positive (directory name /tmp[...]) HOT 1
- JUnit XML output format for CI integration HOT 2
- Have an option for a non-dynamic HTML output filename / make html filename configurable
- imap_open
- Symfony console ^5.0 compatibility.
- Feature request - scan a folder where all .ini files are placed HOT 1
- Check version for session.hash_function
- PHP 7.4 compatibility: warning and error
- session.cookie_domain
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iniscan.