https://github.com/designsecurity/laf
Language application firewall
https://github.com/designsecurity/laf
Last synced: 5 months ago
JSON representation
Language application firewall
- Host: GitHub
- URL: https://github.com/designsecurity/laf
- Owner: designsecurity
- License: mit
- Created: 2019-03-24T13:53:15.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2019-07-25T07:28:35.000Z (almost 7 years ago)
- Last Synced: 2024-04-25T09:41:32.311Z (about 2 years ago)
- Language: PHP
- Size: 1.68 MB
- Stars: 3
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# laf
> A language application firewall
> Only PHP is currently supported
[](https://travis-ci.org/designsecurity/laf) [](https://packagist.org/packages/designsecurity/laf) [](LICENSE)
---
## Example
- Embed your code between $detector->start() and $detector->finish()
- If attacks are detected, alarms are generated and can be retrieved with $detector->getAlarms()
```php
start();
include("yourcode.php");
$detector->finish();
var_dump($detector->getAlarms());
?>
```
when yourcode.php is vulnerable to an attack (in this example a simulated XSS attack) :
```php
getHttprequest()->getRequest()->query->set("vuln", "ee\" onClick=alert('eee') \"boum");
$vulnparam = $detector->getHttprequest()->getRequest()->query->get("vuln");
this alarm is generated :
```javascript
{
[0]=>
object(laf\Alarming\Alarm)#24 (4) {
["attack":"laf\Alarming\Alarm":private]=>
string(3) "xss"
["description":"laf\Alarming\Alarm":private]=>
string(38) "in vuln ee" onClick=alert('eee') "boum"
["score":"laf\Alarming\Alarm":private]=>
int(0)
["time":"laf\Alarming\Alarm":private]=>
string(15) "190725 09:19:13"
}
}
```