SADM/pest
1
0
Fork 0
mirror of https://github.com/pestphp/pest.git synced 2026-03-06 15:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(presets): update Security.php to restrict additional dangerous functions

Browse Source
This commit is contained in:
Punyapal Shah
2024-06-11 21:02:19 +05:30
parent e4550c8d51
commit 4396ee2e03
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/ArchPresets/Security.php
View File

@ -23,7 +23,15 @@ final class Security extends AbstractPreset
'tempnam', 'tempnam',
'str_shuffle', 'str_shuffle',
'shuffle', 'shuffle',
'array_rand' 'array_rand',
'eval',
'exec',
'shell_exec',
'system',
'passthru',
'create_function',
'unserialize',
'extract',
])->not->toBeUsed(); ])->not->toBeUsed();
} }
} }

5
tests/Arch.php
View File

@ -4,14 +4,15 @@ use Pest\Expectation;
arch()->preset()->base()->ignoring([ arch()->preset()->base()->ignoring([
Expectation::class, Expectation::class,
'eval',
'debug_backtrace', 'debug_backtrace',
'usleep', 'usleep',
]); ]);
arch()->preset()->strict(); arch()->preset()->strict();
arch()->preset()->security(); arch()->preset()->security()->ignoring([
'eval',
]);
arch('globals') arch('globals')
->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep']) ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep'])