https://github.com/shieldfy/normalizer
Input Normalization Package
https://github.com/shieldfy/normalizer
Last synced: 6 months ago
JSON representation
Input Normalization Package
- Host: GitHub
- URL: https://github.com/shieldfy/normalizer
- Owner: shieldfy
- License: mit
- Created: 2016-11-26T10:32:03.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2017-04-16T09:28:31.000Z (over 8 years ago)
- Last Synced: 2025-05-25T16:07:37.071Z (8 months ago)
- Language: PHP
- Size: 49.8 KB
- Stars: 8
- Watchers: 7
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# Shieldfy Normaizer
This package is useful for the input normalization, before running hardcore IDS/IPS rules. It normalize the inputs to fight against WAF Bypassing techniques using obfuscation or other techniques to hide payloads.
[](https://packagist.org/packages/shieldfy/normalizer)
[](https://www.versioneye.com/php/shieldfy:normalizer/)
[](https://scrutinizer-ci.com/g/shieldfy/normalizer/)
[](https://codeclimate.com/github/shieldfy/normalizer)
[](https://github.com/shieldfy/normalizer/blob/develop/LICENSE)
## Table Of Contents
- [Usage](#usage)
- [Installation](#installation)
- [Changelog](#changelog)
- [Support](#support)
- [Contributing & Protocols](#contributing--protocols)
- [Security Vulnerabilities](#security-vulnerabilities)
- [Credits](#credits)
- [License](#license)
## Usage
Usage is pretty easy and straightforward:
```php
$value = "select/*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)";
// Run all normalizers
$result = (new \Shieldfy\Normalizer\Normalizer($value))->runAll();
echo $result;
// select from information_schema.columns where column_name like char(37, 112, 97, 115, 115, 37) %pass%
// Run single normalizer
$result = (new \Shieldfy\Normalizer\Normalizer($value))->run('comments');
```
## Installation
Install the package via composer:
```shell
composer require shieldfy/normalizer
```
### note about serialization
Serialize / Unserialize can be danger due to its ability to convert object and it can be used to preform object injection attack.
So explicit normalization not allowed in php version before php 7 thats because php7 offered new options to prevent object serialization
see [here](http://php.net/unserialize)
## Changelog
Refer to the [Changelog](CHANGELOG.md) for a full history of the project.
## Support
The following support channels are available at your fingertips:
- [Help on Email](mailto:team@shieldfy.com)
## Contributing & Protocols
Thank you for considering contributing to this project! The contribution guide can be found in [CONTRIBUTING.md](CONTRIBUTING.md).
Bug reports, feature requests, and pull requests are very welcome.
- [Versioning](CONTRIBUTING.md#versioning)
- [Pull Requests](CONTRIBUTING.md#pull-requests)
- [Coding Standards](CONTRIBUTING.md#coding-standards)
## Security Vulnerabilities
If you discover a security vulnerability within this project, please send an e-mail to [security@shieldfy.com](security@shieldfy.com). All security vulnerabilities will be promptly addressed.
## Credits
This package is based on the original converters written by Mario Heiderich & Christian Matthies the creators of [PHP IDS](https://github.com/PHPIDS/PHPIDS/) project with help from the generous security & opensource community.
## License
This software is released under [The MIT License (MIT)](LICENSE).
(c) 2016 Shieldfy Inc, Some rights reserved.