Adrien Crivelli
f1a019e492
Upgrad PHP deps
2020-04-27 19:29:45 +09:00
Adrien Crivelli
fa54ca79a3
Migrate away from deprecated PHPUnit asserts
2019-07-25 10:15:53 -07:00
rtek
6ab969e9cc
Allow XmlScanner to correctly restore libxml entity_loader setting ( #1050 )
...
XmlScanner was not restoring libxml_disable_entity_loader since
destruct was not being called until script shutdown. This is because
the shutdown handler required an XmlScanner instance.
Also fix an unrelated bug where the UTF-8 encoding test was
case sensitive.
2019-07-03 09:53:43 +02:00
Mark Baker
0e6238c69e
CVE-2019-12331 ( #1041 )
...
* Detect doubly-encoded xml to hide XXE attacks
Correct use of LibXml_Disable_Entity_Loader
* New test for double-encoded xml in security scanner
2019-07-01 00:55:25 +02:00
Adrien Crivelli
d0dea580ad
Fix a few Scrutinizer issues
2019-01-02 15:38:13 +11:00
Philipp Kolesnikov
8918888e7c
libxml_disable_entity_loader() changes global state so it should be used as local as possible
...
Fixes #801
Closes #802
Closes #803
2019-01-01 17:25:24 +11:00
MarkBaker
3abb7ccb35
CS Complaining about not uisng $this->assertInternalType('object', $scanner);
2018-11-25 14:41:11 +01:00
MarkBaker
14159d985c
Coding standards
2018-11-25 14:33:01 +01:00
MarkBaker
41bcf9a21c
Support for additional callback in XML Security Scanner
2018-11-25 14:00:35 +01:00
MarkBaker
c708411529
Refactor scanner into base reader class
2018-11-25 12:14:54 +01:00
MarkBaker
abad49d426
Use factory for XMLcanner
2018-11-23 23:05:17 +01:00
MarkBaker
5854ce3738
phpcs cleanup
2018-11-20 08:18:35 +01:00
MarkBaker
7a06d71e1c
Add UTF-7 XXE Unit test data
2018-11-19 23:22:59 +01:00
MarkBaker
a4d97ba896
Clean handle charset in XXE scanner
2018-11-19 22:47:34 +01:00