Composer
首页 包列表 提交包 常见问题 关于

定制 ctors/pledge-symfony-routing 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

ctors/pledge-symfony-routing

最新稳定版本:1.0.0

Composer 安装命令:

composer require ctors/pledge-symfony-routing

包简介

Adds OpenBSD pledge/unveil support to Symfony routing

关键字:

# symfony # security # openbsd

README 文档

README

This bundle adds PHP attributes #[Pledge] and #[Unveil] so you can add these to your routes. It's possible to add these attributes to your route class, or method and it is possible to add multiple of them.

Installing

composer require ctors/pledge-symfony-routing

The bundle requires ext/pledge, which is available as an OpenBSD port and package. See pecl-pledge for installation instructions.

cd /usr/ports/www/pecl-pledge
env FLAVOR="php82" make install

pkg_add pecl82-pledge-2.1.0

Using

#[Unveil('/', 'r')]
#[Unveil('/htdocs/var/log', 'rwc')]
#[Unveil('/htdocs/var/cache', 'rwc')]
class DnsLookupController extends AbstractController
{
    #[Route('/hello', name: 'hello')]
    #[Unveil] // Disallow future unveil calls
    #[Pledge('stdio rpath wpath cpath fattr flock')]
    public function index(): Response
    {
        return $this->render('hello/index.html.twig');
    }
}

If you want to write in an additional directory you can modify it like this:

#[Unveil('/', 'r')]
#[Unveil('/htdocs/var/log', 'rwc')]
#[Unveil('/htdocs/var/cache', 'rwc')]
class DnsLookupController extends AbstractController
{
    #[Route('/hello', name: 'hello')]
    #[Unveil('/htdocs/src/Controller', 'rwc')]
    #[Unveil] // Disallow future unveil calls
    #[Pledge('stdio rpath wpath cpath fattr flock')]
    public function index(): Response
    {
        file_put_contents(__DIR__.'/test', 'ohai');

        return $this->render('hello/index.html.twig');
    }
}

If you want to connect to a MariaDB database over TCP/IP, add the inet pledge:

#[Unveil('/', 'r')]
#[Unveil('/htdocs/var/log', 'rwc')]
#[Unveil('/htdocs/var/cache', 'rwc')]
class DnsLookupController extends AbstractController
{
    public function __construct(
        private UserRepository $userRepository,
    ) {
    }

    #[Route('/hello', name: 'hello')]
    #[Unveil] // Disallow future unveil calls
    #[Pledge('stdio rpath wpath cpath fattr flock inet')]
    public function index(): Response
    {
        return $this->render(
            'hello/index.html.twig',
            [
                'users' => $this->userRepository->findAll(),
            ]
        );
    }
}

See pecl-pledge for configuring this on an FPM pool level.

Notes

Make sure to set PHP-FPM pm.max_requests = 1 so you don't reuse a pledged/unveiled process.

统计信息

  • 总下载量: 6
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 2
  • 点击次数: 0
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 2
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: ISC
  • 更新时间: 2023-11-21