designsecurity/laf

Language application firewall

Maintainers

Details

github.com/designsecurity/laf

Source

Issues

Installs: 0

Dependents: 0

Suggesters: 0

Security: 0

Stars: 3

Watchers: 3

Forks: 0

Open Issues: 0

dev-master 2019-07-25 07:28 UTC

Requires

  • php: ^7.0

Requires (Dev)

MIT 919183ed9ce99e592809054a0145f7b184cc9fbd

  • Eric Therond <eric.therond.fr.woop@gmail.com>

This package is auto-updated.

Last update: 2024-04-25 19:16:37 UTC

README

A language application firewall
Only PHP is currently supported

Build Status Packagist Packagist

Example

  • Embed your code between $detector->start() and $detector->finish()
  • If attacks are detected, alarms are generated and can be retrieved with $detector->getAlarms()
<?php
    $detector = new Ids\Detector;
    $detector->start();
        
    include("yourcode.php");

    $detector->finish();
    
    var_dump($detector->getAlarms());
?>

when yourcode.php is vulnerable to an attack (in this example a simulated XSS attack) :

<?php

$detector->getHttprequest()->getRequest()->query->set("vuln", "ee\" onClick=alert('eee') \"boum");
$vulnparam = $detector->getHttprequest()->getRequest()->query->get("vuln");

echo "<a href=\"$vulnparam\"></a>";

this alarm is generated :

{
  [0]=>
  object(laf\Alarming\Alarm)#24 (4) {
    ["attack":"laf\Alarming\Alarm":private]=>
    string(3) "xss"
    ["description":"laf\Alarming\Alarm":private]=>
    string(38) "in vuln ee" onClick=alert('eee') "boum"
    ["score":"laf\Alarming\Alarm":private]=>
    int(0)
    ["time":"laf\Alarming\Alarm":private]=>
    string(15) "190725 09:19:13"
  }
}