m9nx/laravel-runtime-guard
Composer 安装命令:
composer require m9nx/laravel-runtime-guard
包简介
A security-focused runtime monitoring and guard layer for Laravel applications
README 文档
README
Enterprise-grade runtime security inspection for Laravel applications.
RuntimeGuard provides a comprehensive, extensible framework for runtime security monitoring. Unlike static analyzers, it inspects actual data flowing through your application in real-time, detecting threats before they can cause damage.
Table of Contents
Features
Security Guards
- SQL Injection — UNION attacks, boolean-based, time-based, stacked queries
- XSS Detection — Script tags, event handlers, DOM-based XSS, encoded payloads
- Command Injection — Shell metacharacters, command chaining, path traversal
- SSRF Protection — Internal IPs, cloud metadata endpoints, DNS rebinding
- NoSQL Injection — MongoDB operators, JSON-encoded attacks
- Mass Assignment — Dangerous field protection
- GraphQL Security — Query depth limits, complexity analysis
- JWT/Token Abuse — Algorithm confusion, replay attacks, JKU injection
- Bot Detection — Behavioral analysis, honeypot integration
- Session Integrity — Fingerprint drift, geolocation jumps
Performance
- Tiered inspection (quick scan + deep analysis)
- LRU deduplication cache
- Request sampling
- Bloom filter pre-screening
- Lazy guard resolution
- Streaming inspection for large payloads
- Async guard execution with PHP Fibers
Enterprise Features
- ML-powered anomaly detection
- Multi-tenant security isolation
- Real-time metrics (Prometheus-compatible)
- SIEM integration (Splunk, ELK, Datadog)
- WAF rule export (AWS WAF, Cloudflare, ModSecurity)
- Threat intelligence feeds
- Compliance reporting (PCI-DSS, OWASP Top 10)
Requirements
- PHP 8.1+
- Laravel 10.0+ or 11.0+
Installation
composer require m9nx/laravel-runtime-guard
Publish the configuration:
php artisan vendor:publish --tag=runtime-guard-config
For database reporting (optional):
php artisan vendor:publish --tag=runtime-guard-migrations php artisan migrate
Quick Start
Basic Usage
use M9nx\RuntimeGuard\Facades\RuntimeGuard; // Inspect input with all enabled guards $results = RuntimeGuard::inspect($userInput); // Check if threat was detected if ($results->hasThreat()) { Log::warning('Threat detected', [ 'level' => $results->getHighestThreatLevel()->value, 'guards' => $results->getTriggeredGuards(), ]); } // Inspect with a specific guard $result = RuntimeGuard::inspectWith('sql-injection', $userInput);
Controller Trait
use M9nx\RuntimeGuard\Traits\InspectsInput; class FormController extends Controller { use InspectsInput; public function submit(Request $request) { $this->inspectRequest($request); // Or inspect specific fields only $this->inspectRequestFields(['name', 'email', 'message']); } }
PHP Attributes
use M9nx\RuntimeGuard\Attributes\GuardProfile; use M9nx\RuntimeGuard\Attributes\SkipGuard; class AdminController extends Controller { #[GuardProfile('admin')] public function sensitiveAction() { // Uses 'admin' profile with stricter rules } #[SkipGuard(['xss'])] public function richTextEditor() { // XSS guard skipped for this endpoint } }
Configuration
// config/runtime-guard.php return [ 'enabled' => env('RUNTIME_GUARD_ENABLED', true), 'mode' => env('RUNTIME_GUARD_MODE', 'log'), // 'block', 'log', 'silent' 'pipeline' => [ 'strategy' => 'short_circuit', // 'full', 'short_circuit', 'threshold' 'tiered' => true, ], 'guards' => [ 'sql-injection' => ['enabled' => true, 'priority' => 100], 'xss' => ['enabled' => true, 'priority' => 90], 'command-injection' => ['enabled' => true, 'priority' => 95], // ... more guards ], 'profiles' => [ 'api' => [ 'guards' => ['sql-injection', 'command-injection'], 'mode' => 'log', ], 'admin' => [ 'guards' => '*', 'mode' => 'block', ], ], ];
Security Guards
| Guard | Description | Default Priority |
|---|---|---|
sql-injection |
SQL injection patterns | 100 |
command-injection |
Shell command injection | 95 |
xss |
Cross-site scripting | 90 |
deserialization |
Unsafe deserialization | 92 |
nosql-injection |
NoSQL/MongoDB injection | 88 |
file-operation |
Path traversal, file inclusion | 85 |
ssrf |
Server-side request forgery | 80 |
mass-assignment |
Dangerous field assignment | 75 |
graphql |
GraphQL abuse prevention | 70 |
jwt |
JWT/Token attacks | 65 |
bot-behavior |
Bot/automation detection | 60 |
session-integrity |
Session hijacking detection | 55 |
anomaly |
Behavioral anomaly detection | 50 |
Middleware Usage
// routes/web.php // Apply to specific routes Route::middleware(['runtime-guard'])->group(function () { Route::post('/submit', [FormController::class, 'submit']); }); // With a specific profile Route::middleware(['runtime-guard:admin'])->group(function () { Route::resource('/admin/users', AdminUserController::class); });
Artisan Commands
# List all registered guards php artisan runtime-guard:list # Test a guard with sample input php artisan runtime-guard:test sql-injection "1' OR '1'='1" # Check system status php artisan runtime-guard:status # Toggle guards at runtime php artisan runtime-guard:toggle sql-injection --disable # Generate a new custom guard php artisan runtime-guard:make-guard CustomGuard # Run security audit php artisan runtime-guard:security-audit
Testing
RuntimeGuard provides testing utilities for your application tests:
use M9nx\RuntimeGuard\Facades\RuntimeGuard; class SecurityTest extends TestCase { public function test_sql_injection_is_detected(): void { $fake = RuntimeGuard::fake(); $this->post('/api/search', ['query' => "1' OR '1'='1"]); $fake->assertThreatDetected(); $fake->assertGuardTriggered('sql-injection'); } public function test_clean_input_passes(): void { $fake = RuntimeGuard::fake(); $this->post('/api/search', ['query' => 'normal search']); $fake->assertNoThreatsDetected(); } }
Documentation
| Document | Description |
|---|---|
| Architecture | Internal architecture and component overview |
| Features | Complete feature list and capabilities |
| Changelog v4.0 | What's new in version 4.0 |
| Contributing | Contribution guidelines |
| Security Policy | Security reporting procedures |
Contributing
Contributions are welcome! Please see CONTRIBUTING.md for details.
# Development setup composer install composer test composer analyse
Security
If you discover a security vulnerability, please send an email to the maintainer instead of using the issue tracker. See SECURITY.md for details.
Credits
License
The MIT License (MIT). See LICENSE for more information.
m9nx/laravel-runtime-guard 适用场景与选型建议
m9nx/laravel-runtime-guard 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 0 次下载、GitHub Stars 达 1, 最近一次更新时间为 2026 年 01 月 06 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「monitoring」 「laravel」 「xss」 「protection」 「runtime」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 m9nx/laravel-runtime-guard 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 m9nx/laravel-runtime-guard 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 m9nx/laravel-runtime-guard 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A Symfony bundle for chameleon-system/sanitycheck
Provide a way to secure accesses to all routes of an symfony application.
SoftWax Health Check Bundle for Symfony framework
1Pilot client for Symfony
Statsd (Object Oriented) client library for PHP
It's a barebone security class written on PHP
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 29
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-01-06