{"id":18897732,"url":"https://github.com/aubes/lp-file","last_synced_at":"2026-03-01T04:30:20.660Z","repository":{"id":152573628,"uuid":"623496594","full_name":"aubes/lp-file","owner":"aubes","description":null,"archived":false,"fork":false,"pushed_at":"2023-04-05T07:49:19.000Z","size":15,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-31T08:31:48.456Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aubes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-04T13:41:49.000Z","updated_at":"2023-04-05T07:37:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"1b18a8bc-a1fa-4896-b780-b2ef7b8abb4c","html_url":"https://github.com/aubes/lp-file","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aubes%2Flp-file","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aubes%2Flp-file/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aubes%2Flp-file/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aubes%2Flp-file/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aubes","download_url":"https://codeload.github.com/aubes/lp-file/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239879121,"owners_count":19712174,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T08:39:27.032Z","updated_at":"2026-03-01T04:30:20.578Z","avatar_url":"https://github.com/aubes.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LPFile\n\nApplication du principe de moindre privilège aux fonctions natives PHP `file_get_contents`, `file_put_contents`, `file` et `fopen`.\n\n## Objectif\n\nL'objectif est de limiter l'accès aux fonctions `file_get_contents`, `file_put_content`, `file` et `fopen` pour réduire les risques d'anomalies et de failles (par exemple [SSRF](https://owasp.org/Top10/fr/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/))\nen privilégiant l'utilisation de listes blanches.\n\nRègles générales :\n * L'utilisation des `include_path` est bloquée.\n * Les chemins, extensions et noms de fichiers sont sensibles à la casse.\n\n## Utilisation\n\n### `file_get_contents`\n\n```php\nuse Aubes\\LPFile\\LPFile;\nuse Aubes\\LPFile\\Policy\\FilePolicy;\nuse Aubes\\LPFile\\Policy\\HttpPolicy;\nuse Aubes\\LPFile\\Policy\\PolicyInterface;\n\n// [...]\n\n$LPFile = new LPFile();\n\n// Par défaut, le mode est en lecture seule\n$LPFile-\u003eaddPolicy(new FilePolicy($basePath, 'txt')/*, PolicyInterface::MODE_READ*/);\n\n// Il est possible d'ajouter plusieurs règles sur le même protocole\n$LPFile-\u003eaddPolicy(new FilePolicy($basePath, 'csv'));\n\n// Il est possible de cumuler les modes\n$LPFile-\u003eaddPolicy(new FilePolicy($basePath, ['txt', 'csv']), PolicyInterface::MODE_READ | PolicyInterface::MODE_WRITE);\n\n// Il est possible d'ajouter plusieurs protocoles\n$LPFile-\u003eaddPolicy(new HttpPolicy($secured, $host, $basePath));\n\ntry {\n    $content = $LPFile-\u003efileGetContents($filePath);\n} catch (\\RuntimeException $e) {\n    // [...]\n}\n```\n\n### `file_put_contents`\n\n```php\nuse Aubes\\LPFile\\LPFile;\nuse Aubes\\LPFile\\Policy\\FilePolicy;\nuse Aubes\\LPFile\\Policy\\PolicyInterface;\n\n// [...]\n\n$LPFile = new LPFile();\n\n// Il faut utiliser le mode écriture\n$LPFile-\u003eaddPolicy(new FilePolicy($basePath, $extensions, PolicyInterface::MODE_WRITE));\n\ntry {\n    $length = $LPFile-\u003efilePutContents($filePath, $data);\n} catch (\\RuntimeException $e) {\n    // [...]\n}\n```\n\n###`file`\n\nSe comporte comme `file_get_content`.\n\n```php\nuse Aubes\\LPFile\\LPFile;\nuse Aubes\\LPFile\\Policy\\FilePolicy;\n\n// [...]\n\n$LPFile = new LPFile();\n\n$LPFile-\u003eaddPolicy(new FilePolicy($basePath, 'txt'));\n\ntry {\n    $content = $LPFile-\u003efile($filePath);\n} catch (\\RuntimeException $e) {\n    // [...]\n}\n```\n\n### `fopen`\n\n```php\nuse Aubes\\LPFile\\LPFile;\nuse Aubes\\LPFile\\Policy\\FilePolicy;\nuse Aubes\\LPFile\\Policy\\PolicyInterface;\n\n// [...]\n\n$LPFile = new LPFile();\n$LPFile-\u003eaddPolicy(new FilePolicy($basePathRead, $extensions)/*, PolicyInterface::MODE_READ*/);\n$LPFile-\u003eaddPolicy(new FilePolicy($BasePathWrite, $extensions), PolicyInterface::MODE_WRITE);\n$LPFile-\u003eaddPolicy(new FilePolicy($BasePathBoth, $extensions), PolicyInterface::MODE_READ \u0026 PolicyInterface::MODE_WRITE);\n\ntry {\n    $resourceRead = $LPFile-\u003efopen($filePathRead, 'r');\n    $resourceWrite = $LPFile-\u003efopen($filePathWrite, 'w');\n    $resourceBoth = $LPFile-\u003efopen($filePathBoth, 'w+');\n} catch (\\RuntimeException $e) {\n    // [...]\n}\n```\n\n## \"Policy\" et Protocoles\n\nLes règles actuellement disponibles sont :\n * `Aubes\\LPFileGetContents\\FilePolicy`: Pour le protocole `file://`\n * `Aubes\\LPFileGetContents\\FtpPolicy`: Pour les protocoles `ftp://` et `ftps://`\n * `Aubes\\LPFileGetContents\\HttpPolicy`: Pour les protocoles `http://` et `https://`\n * `Aubes\\LPFileGetContents\\HttpWildcardPolicy`: Pour les protocoles `http://` et `https://`\n\n### FilePolicy\n\nApplique les règles suivantes :\n * Limitation à un répertoire\n * Liste blanche d'extensions\n * Interdiction/Permission de l'utilisation du répertoire parent `..`: interdiction par défaut\n * Autorise la lecture et l'écriture\n\n```php\npublic function __construct(string $baseDirectory, $extensions, bool $allowParentDirectory = false)\n```\n#### Exemples\n\n```php\nnew Aubes\\LPFile\\FilePolicy('/absolute-path', 'txt');\nnew Aubes\\LPFile\\FilePolicy('./relative-path', ['txt', 'csv']);\n```\n\n### FtpPolicy\n\nApplique les règles suivantes :\n * Ftp ou ftps\n * Liste blanche de domaines\n * Liste branche de chemins (commence par)\n * Interdiction/Permission d'utilisation des \"dot-segments\": interdiction par défaut\n * Autorise la lecture et l'écriture\n\n```php\npublic function __construct(bool $secured, $hosts, $basePaths, $allowDotSegment = false)\n```\n\n#### Exemples\n\n```php\nnew Aubes\\LPFile\\FtpPolicy(false, 'example.com', '/');\nnew Aubes\\LPFile\\FtpPolicy(true, ['example.com', 'example.fr'], ['/fr', '/en']);\n```\n\n### HttpPolicy\n\nApplique les règles suivantes :\n * Http ou https\n * Liste blanche de domaines\n * Liste branche de chemins (commence par)\n * Liste blanche de \"QueryString\"\n * Interdiction/Permission d'utilisation des \"dot-segments\": interdiction par défaut\n * Interdiction/Permission du contexte `follow-redirection`: interdiction par défaut\n * Autorise uniquement la lecture\n\n```php\npublic function __construct(bool $secured, $hosts, $basePaths, $queryString = [], $allowDotSegment = false, $followRedirect = false)\n```\n\n#### Exemples\n\n```php\nnew Aubes\\LPFile\\HttpPolicy(false, 'example.com', '/');\nnew Aubes\\LPFile\\HttpPolicy(true, ['example.com', 'example.fr'], ['/fr', '/en'], ['lang']);\n```\n\n### HttpWildcardPolicy\n\nIdentique à \"HttpPolicy\" mais permet d'utiliser un wildcard dans les domaines et les chemins.\n\n#### Exemples\n\n```php\nnew Aubes\\LPFile\\HttpWildcardPolicy(true, '*.example.com', '/path/*');\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faubes%2Flp-file","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faubes%2Flp-file","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faubes%2Flp-file/lists"}