{"id":30146629,"url":"https://github.com/apioo/psx-sandbox","last_synced_at":"2025-08-11T09:40:04.351Z","repository":{"id":57045590,"uuid":"114472898","full_name":"apioo/psx-sandbox","owner":"apioo","description":"Execute PHP code in a sandbox","archived":false,"fork":false,"pushed_at":"2025-02-02T18:47:52.000Z","size":158,"stargazers_count":18,"open_issues_count":1,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-12T05:37:17.954Z","etag":null,"topics":["php","sandbox"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apioo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"chriskapp","patreon":"fusio","custom":"https://www.paypal.me/fusioapi"}},"created_at":"2017-12-16T16:02:35.000Z","updated_at":"2025-02-02T18:46:58.000Z","dependencies_parsed_at":"2024-02-08T19:26:13.682Z","dependency_job_id":"c1d4a518-9063-47ba-b4e3-2d4abecf8da2","html_url":"https://github.com/apioo/psx-sandbox","commit_stats":{"total_commits":26,"total_committers":1,"mean_commits":26.0,"dds":0.0,"last_synced_commit":"09ab1ab73dcf0b8b77a35d588e312fb5480a39e6"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/apioo/psx-sandbox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apioo%2Fpsx-sandbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apioo%2Fpsx-sandbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apioo%2Fpsx-sandbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apioo%2Fpsx-sandbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apioo","download_url":"https://codeload.github.com/apioo/psx-sandbox/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apioo%2Fpsx-sandbox/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269864172,"owners_count":24487576,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-11T02:00:10.019Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["php","sandbox"],"created_at":"2025-08-11T09:39:49.627Z","updated_at":"2025-08-11T09:40:04.324Z","avatar_url":"https://github.com/apioo.png","language":"PHP","funding_links":["https://github.com/sponsors/chriskapp","https://patreon.com/fusio","https://www.paypal.me/fusioapi"],"categories":[],"sub_categories":[],"readme":"\n# Sandbox\n\n## About\n\nThis library helps to execute PHP code which was provided by a user. I.e. if\nyour app wants to provide a scripting feature where the user can provide custom\nPHP code. This library helps to parse this untrusted code and execute it only\nif there are safe calls.\n\nInternally the library uses the [PHPParser](https://github.com/nikic/PHP-Parser)\nlibrary to parse the code. To make the code safe the sandbox allows only a small \nsubset of PHP. It is not possible to define a class, interface or trait. Also \nall functions which produce output i.e. echo, print, etc. are not allowed. The \nonly way a user can return a value is by using the `return` statement in the \nscript. Every function and new call gets checked by the security manager. The \nsecurity manager contains a whitelist of all allowed functions and classes. \n\nIts important to note that the security check is _not_ performed on runtime, \ninstead we simply prevent to generate PHP code which contains untrusted code.\nBecause of this features like i.e. dynamic functions names \n`$func = 'foo'; $func();` are also not allowed.\n\nIf the code is clean the runtime generates normal PHP code and writes this to a \nfile. All subsequent calls simply include and execute this code, thus the \nsandbox has almost no performance loss.\n\n## Security\n\nIt is not recommended to run PHP code from anonymous users on the internet. This \nfeature is intended to be used i.e. by customers of a SAAS solution which need \nto customize specific parts of the app. If you have found a way to breakout of \nthe sandbox please open an issue or if you like you can also create a pull \nrequest with a fitting test case. Please take a look at the tests folder to see \nalready covered cases.\n\n## Usage\n\n```php\n\u003c?php\n\n$code = \u003c\u003c\u003c'CODE'\n\u003c?php\n\nreturn [\n    'result' =\u003e $my_service,\n];\n\nCODE;\n\n$runtime = new \\PSX\\Sandbox\\Runtime('my_code');\n$runtime-\u003eset('my_service', 'foo');\n$response = $runtime-\u003erun($code);\n```\n\n### Advanced configuration\nConfigurations are set by passing an instance of `\\PSX\\Sandbox\\SecurityManagerConfiguration`\n```php\n\u003c?php\n\n$config = new \\PSX\\Sandbox\\SecurityManagerConfiguration( \n    preventGlobalNameSpacePollution: true\n);\n$securityManager = new \\PSX\\Sandbox\\SecurityManager($securityManagerConfig);\n$parser = new \\PSX\\Sandbox\\Parser($securityManager);\n        \n$runtime = new \\PSX\\Sandbox\\Runtime('my_code', $parser);\n$runtime-\u003eset('my_service', 'foo');\n$response = $runtime-\u003erun( '\u003cphp? return $my_service;' );\n```\n* preventGlobalNameSpacePollution (bool): This will prevent creating functions and constants in the global name space.\n* allowedNamespace (null|string): Restricts any namespaced code to be the same or a sub-namespace of the value.\n\n## Requirements\n* PHP 8.0+\n\n## Installation\nInstall with composer `composer require psx/sandbox`","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapioo%2Fpsx-sandbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapioo%2Fpsx-sandbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapioo%2Fpsx-sandbox/lists"}