ipedis/security-file-bundle

There is no license information available for the latest version (2.0.1) of this package.

Symfony bundle for file security

Maintainers

Package info

github.com/ipedis/security-file-bundle

pkg:composer/ipedis/security-file-bundle

Statistics

Installs: 6

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

2.0.1 2026-02-06 06:35 UTC

Requires

Requires (Dev)

Unknown License 027f074139de348497d5f4e163b3064f5c15060e

  • melchior <melchior.woop@ipedis.com>

This package is auto-updated.

Last update: 2026-04-20 05:22:25 UTC

README

CI Latest Version on Packagist PHP Version License

Symfony bundle providing file security: HTML/XML sanitization, archive bomb detection, and file validation. Combines ipedis/file-sanitizer and ipedis/validation-handler with a configurable bomb scanner.

Installation

composer require ipedis/security-file-bundle

Configuration

# config/packages/security_file.yaml
security_file:
    sanitizers:
        html_sanitizer:
            type: html
        xml_sanitizer:
            type: xml
        html_strict:
            type: html
            config:
                ignored_step:
                    - Ipedis\FileSanitizer\Pipeline\Steps\PhpTagCleanupStep

    scanner:
        engines:
            - zip
            - rar
            - png

Quick Start

Sanitize file content

use Ipedis\FileSanitizer\Contract\SanitizerInterface;

class FileProcessor
{
    public function __construct(
        private SanitizerInterface $htmlSanitizer,
    ) {}

    public function clean(string $html): string
    {
        return $this->htmlSanitizer->sanitize($html)->getContent();
    }
}

Sanitizers are injected by argument name matching the configuration key in camelCase (html_sanitizer$htmlSanitizer).

Scan for archive bombs

use Ipedis\SecurityFileBundle\Service\BombScanner\BombScannerInterface;

class UploadHandler
{
    public function __construct(
        private BombScannerInterface $bombScanner,
    ) {}

    public function handle(\SplFileObject $file): void
    {
        $result = $this->bombScanner->scanFile($file);

        if ($result->isBomb()) {
            throw new \RuntimeException('Archive bomb detected');
        }
    }
}

Validate files

use Ipedis\SecurityFileBundle\Service\Validator\FileValidatorInterface;
use Ipedis\ValidationHandler\Data\Constraints\FileSize;
use Ipedis\ValidationHandler\Data\Constraints\MimeTypes;

class UploadValidator
{
    public function __construct(
        private FileValidatorInterface $fileValidator,
    ) {}

    public function validate(\SplFileInfo $file): void
    {
        $result = $this->fileValidator->validate($file, [
            new FileSize(5, 'M'),
            new MimeTypes(['application/pdf', 'image/png']),
        ]);

        if ($result->isFailed()) {
            throw new \RuntimeException($result->getErrorMessage());
        }
    }
}

Available Services

Interface Description
SanitizerInterface Inject by argument name matching config key
BombScannerInterface Archive bomb scanner (zip, rar, png engines)
FileValidatorInterface File validation against constraints

Dependencies

Compatibility

PHP Symfony Status
8.2 7.x
8.3 7.x
8.4 7.x
8.5 7.x

Local Development

Requires Docker.

make up        # Start container
make install   # Install dependencies
make qa        # Run full QA suite (rector + pint + phpstan + tests)

Available targets:

Command Description
make up Start container
make down Stop container
make install Install Composer dependencies
make update Update Composer dependencies
make test Run PHPUnit tests
make phpstan Run static analysis (level max)
make pint Fix code style (PSR-12)
make rector Run automated refactoring
make qa Run all checks
make shell Open container shell

Disclaimer

This package is maintained by Ipedis. It is provided as-is under the terms of its license.