fieryprophet/php-sandbox
最新稳定版本:v1.3.11
Composer 安装命令:
composer require fieryprophet/php-sandbox
包简介
A PHP library that can be used to run PHP code in a sandboxed environment
README 文档
README
##DEPRECATED: The PHPSandbox project has transfered to Corveda/PHPSandbox and will be actively maintained there. This branch is no longer being actively maintained. Update your dependencies as follows:
{
"require": {
"corveda/php-sandbox": "2.*"
}
}
##A full-scale PHP 5.3.2+ sandbox class that utilizes PHP-Parser to prevent sandboxed code from running unsafe code.
It also utilizes FunctionParser to disassemble callables passed to the sandbox, so that PHP callables can also be run in sandboxes without first converting them into strings.
Manual: http://manual.phpsandbox.org
Online API Documentation: http://docs.phpsandbox.org
##Features:
- Finegrained whitelisting and blacklisting, with sensible defaults configured.
- Includes dynamic demonstration system that allows for local testing of custom sandbox configurations
- Can redefine internal PHP and other functions to make them more secure for sandbox usage.
- Can redefine superglobals and magic constants to expose your own values to sandboxed code.
- Can overwrite the get_defined_* and get_declared_* functions to show only allowed functions, classes, etc. to the sandboxed code.
- Can selectively allow and disallow function creation, class declarations, constant definitions, keywords, and much more.
- Can prepend and append trusted code to setup and tear down the sandbox, and automatically whitelist the classes, functions, variables, etc. they define for the sandbox.
- Can retrieve the generated sandbox code for later usage.
- Can pass arguments directly to the sandboxed code through the execute method to reveal chosen outside variables to the sandbox.
- Can access the parsed, prepared and generated code ASTs for further analysis or for serialization.
- Can define custom validation functions for fine-grained control of every element of the sandbox.
- Can specify a custom error handler to intercept PHP errors and handle them with custom logic.
- Can specify a custom exception handler to intercept thrown exceptions and handle them with custom logic.
- Can specify a validation error handler to intercept thrown validation errors and handle them with custom logic.
- Can intercept callbacks and validate them against function whitelists and blacklists, even if they are called as strings
##Example usage:
function test($string){
return 'Hello ' . $string;
}
$sandbox = new PHPSandbox\PHPSandbox;
$sandbox->whitelist_func('test');
$result = $sandbox->execute(function(){
return test('world');
});
var_dump($result); //Hello world
##Custom validation example:
function custom_func(){
echo 'I am valid!';
}
$sandbox = new PHPSandbox\PHPSandbox;
//this will mark any function valid that begins with "custom_"
$sandbox->set_func_validator(function($function_name, PHPSandbox\PHPSandbox $sandbox){
return (substr($function_name, 0, 7) == 'custom_'); //return true if function is valid, false otherwise
});
$sandbox->execute(function(){
custom_func();
});
//echoes "I am valid!"
##Custom validation error handler example:
$sandbox = new PHPSandbox\PHPSandbox;
//this will intercept parser validation errors and quietly exit, otherwise it will throw the validation error
$sandbox->set_validation_error_handler(function(PHPSandbox\Error $error, PHPSandbox\PHPSandbox $sandbox){
if($error->getCode() == PHPSandbox\Error::PARSER_ERROR){ //PARSER_ERROR == 1
exit;
}
throw $error;
});
$sandbox->execute('<?php i am malformed PHP code; ?>');
//does nothing
##Disable validation example:
$sandbox = new PHPSandbox\PHPSandbox;
//this will disable function validation
$sandbox->set_option('validate_functions', false); // or $sandbox->validate_functions = false;
$sandbox->execute('<?php echo system("ping google.com"); ?>');
//Pinging google.com. . .
##Requirements
- PHP 5.3.2+
- PHP-Parser
- FunctionParser (if you wish to use closures)
- PHP should be compiled with --enable-tokenizer option (it typically is)
##Installation
To install using composer, simply add the following to your composer.json file in the root of your project:
{
"minimum-stability": "dev",
"require": {
"fieryprophet/php-sandbox": "1.3.*"
}
}
Then run composer install --dry-run to check for any potential problems, and composer install to install.
##LICENSE
Copyright (c) 2013-2015 by Elijah Horton (fieryprophet [at] yahoo.com)
Some rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
* The names of the contributors may not be used to endorse or
promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
fieryprophet/php-sandbox 适用场景与选型建议
fieryprophet/php-sandbox 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 16.23k 次下载、GitHub Stars 达 219, 最近一次更新时间为 2013 年 02 月 27 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「php」 「parser」 「sandbox」 「blacklist」 「whitelist」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 fieryprophet/php-sandbox 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 fieryprophet/php-sandbox 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 fieryprophet/php-sandbox 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Easy to use SDK with grabber for multiple platforms at once like YouTube, Dailymotion, Facebook and more.
An MT940 bank statement parser for PHP
Package
Php Sandbox in a child process which should make it possible to run user supplied code safely
A Laravel package that intercepts outgoing emails and stores them locally for viewing via an in-app web interface.
Laravel integration for the jsonapi.org parser
统计信息
- 总下载量: 16.23k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 219
- 点击次数: 17
- 依赖项目数: 1
- 推荐数: 1
其他信息
- 授权协议: BSD-3-Clause
- 更新时间: 2013-02-27