FRED™  3.0
FRED™: Framework for Rapid and Easy Development
Config.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Rsi\Fred\Security\Server;
4 
5 class Config extends \Rsi\Fred\Security\Server{
6 
7  /**
8  * Perform check on server config.
9  * https://www.owasp.org/index.php/PHP_Configuration_Cheat_Sheet
10  */
11  public function check(){
12  $warnings = [];
13  if(ini_get('expose_php')) $warnings[] = 'php.ini: expose_php = On';
14  if(ini_get('error_reporting') != E_ALL) $warnings[] = 'php.ini: error_reporting != E_ALL';
15  if(ini_get('display_errors')) $warnings[] = 'php.ini: display_errors = On';
16  if(ini_get('display_startup_errors')) $warnings[] = 'php.ini: display_startup_errors = On';
17  if(!ini_get('log_errors')) $warnings[] = 'php.ini: log_errors = Off';
18  if(\Rsi\File::inBaseDir($filename = ini_get('error_log')) && !is_dir(dirname($filename))) $warnings[] = 'php.ini: dirname(error_log) does not exist';
19  if(ini_get('ignore_repeated_errors')) $warnings[] = 'php.ini: ignore_repeated_errors = On';
20  if(ini_get('session.name') == 'PHPSESSID') $warnings[] = 'php.ini: session.name = default';
21  if(!ini_get('session.cookie_httponly')) $warnings[] = 'php.ini: session.cookie_httponly = Off';
22  if(\Rsi\Http::secure() && !ini_get('session.cookie_secure')) $warnings[] = 'php.ini: session.cookie_secure = Off (HTTPS = On)';
23  if($warnings) $this->component('log')->warning('Insecure server configuration',__FILE__,__LINE__,['warnings' => $warnings]);
24  return $warnings;
25  }
26 
27 }
Rsi\Fred\Security\Server\Config\check
check()
Perform check on server config.
Definition: Config.php:11
Rsi\Fred\Component\component
component($name)
Get a component (local or default).
Definition: Component.php:80