2017 © Pedro Peláez
 

library sanitiser-x

Zend 2/3 Module that sanitises requests and inputs against XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), RFI (Remote File Inclusion), LFI (Local File Inclusion), SQLi (SQL Injection) and more...

image

mecanik/sanitiser-x

Zend 2/3 Module that sanitises requests and inputs against XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), RFI (Remote File Inclusion), LFI (Local File Inclusion), SQLi (SQL Injection) and more...

  • Friday, May 18, 2018
  • by Mecanik
  • Repository
  • 1 Watchers
  • 1 Stars
  • 2 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 1 Versions
  • 0 % Grown

The README.md

SanitiserX

Zend 2/3 Module that sanitises requests and inputs against XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), RFI (Remote File Inclusion), LFI (Local File Inclusion), SQLi (SQL Injection) and more..., (*1)

Since this module is in active development, these instructions may change. Please check regularly for the latest updates, settings, features and implementation., (*2)

Zend Framework 3 instructions:

Install the module with composer:

composer require mecanik/sanitiser-x

Create sanitiserx.local.php in PROJECT\config\autoload:

<?php
/**
 * SanitiserX
 *
 * Zend 2/3 Module that sanitises requests and inputs against XSS, SQL Injection and more
 *
 * @link https://github.com/Mecanik/SanitiserX
 * @copyright Copyright (c) 2018 Norbert Boros ( a.k.a Mecanik )
 * @license https://github.com/Mecanik/SanitiserX/blob/master/LICENSE
 */


return [
    // More settings are being added, this is just basic
    'sanitiserx_config' => [

        'REQUESTS_FILTER_GET' => 1, 
        'REQUESTS_GET' => [
            'AUTO_FILTER_XSS' => 1,
            'AUTO_FILTER_SQL' => 1,
        ],

        'REQUESTS_FILTER_POST'=> 1,
        'REQUESTS_POST' => [
            'AUTO_FILTER_XSS' => 1,
            'AUTO_FILTER_SQL' => 1,
        ],

        'REQUESTS_FILTER_COOKIES'=> 0,
        'REQUESTS_COOKIES' => [
            'AUTO_FILTER_XSS' => 0,
            'AUTO_FILTER_SQL' => 0,
        ],

        'REQUESTS_FILTER_HTTP_USER_AGENT'=> 0,
        'REQUESTS_FILTER_HTTP_REFERER'=> 0,
        'REQUESTS_FILTER_HTTP_PATH_INFO'=> 0,
        'REQUESTS_FILTER_HTTP_PATH_TRANSLATED'=> 0,
        'REQUESTS_FILTER_HTTP_PHP_SELF'=> 0,

        'OPTIONS' => [
            'LOG' => [
                'LOG_UID' => 1,
                'LOG_IP' => 1,
                'LOG_DNS' => 1,
                'LOG_REFERER' => 1,
                'LOG_REQUEST_URL' => 1,
                'LOG_REQUEST_METHOD' => 1,
            ],
        ]
    ],

];

In module.config.php add the following:

use Mecanik\SanitiserX\SanitiserXManager;
use Mecanik\SanitiserX\Service\SanitiserXManagerFactory;

'service_manager' => [
                'factories' => [
                    SanitiserXManager::class => SanitiserXManagerFactory::class,
                ],
],

Load the module in PROJECT\config\modules.config.php:

'Mecanik\SanitiserX',

Inject the service into your controller:

use Mecanik\SanitiserX\SanitiserXManager;

// This is just for example, MyController is your controller
class MyControllerFactory implements FactoryInterface
{
    public function __invoke(ContainerInterface $container, $requestedName, array $options = null)
    {
        $security = $container->get(SanitiserXManager::class);

        // Instantiate the controller and inject dependencies
        return new MyController($security);
    }
}

And use the functions in your controller:

use Mecanik\SanitiserX\SanitiserXManager;

// This is just for example, MyController is your controller
class MyController extends AbstractActionController
{   
    /**
     * Mecanik's Sanitiser Modules
     * @var SanitiserXManager
     */
    private $security;

    /**
     * Constructor. Its purpose is to inject dependencies into the controller.
     */
    public function __construct($security)
    {
        $this->security = $security;
     }

     public function someAction()
     {
        $this->security->SanitiseInput($_GET['username'], 1);
     }
}

Current filter options


// Cross-Site Scripting
// FILTER_TYPE_XSS = 1
$this->security->SanitiseInput($_GET['username'], 1);   

//Cross-Site Request Forgery
//FILTER_TYPE_CSRF = 2

$this->security->SanitiseInput($_GET['username'], 2);   

//SQL Injection
//FILTER_TYPE_SQLi = 3

$this->security->SanitiseInput($_GET['username'], 3);   

//Remote File Inclusion
//FILTER_TYPE_RFI = 4

$this->security->SanitiseInput($_GET['username'], 4);   

//Local File Inclusion
//FILTER_TYPE_LFI = 5

$this->security->SanitiseInput($_GET['username'], 5);   

//All filters possible
//FILTER_TYPE_ALL = 6

$this->security->SanitiseInput($_GET['username'], 6);

The Versions

18/05 2018

dev-master

9999999-dev

Zend 2/3 Module that sanitises requests and inputs against XSS (Cross-Site Scripting), CSRF (Cross-Site Request Forgery), RFI (Remote File Inclusion), LFI (Local File Inclusion), SQLi (SQL Injection) and more...

  Sources   Download

The Requires

 

The Development Requires

by Norbert Boros

security zend 2 sanitiser sqli zend 3 xss filter sanitise xss