๐Ÿ“ฆ shieldfy / normalizer

Input Normalization Package

โ˜… 8 stars โ‘‚ 1 forks ๐Ÿ‘ 8 watching โš–๏ธ MIT License
normalizer
๐Ÿ“ฅ Clone https://github.com/shieldfy/normalizer.git
HTTPS git clone https://github.com/shieldfy/normalizer.git
SSH git clone git@github.com:shieldfy/normalizer.git
CLI gh repo clone shieldfy/normalizer
ZIP Desktop VS Code
Eslam Salem Eslam Salem fix sniffer usage 415dae0 8 years ago ๐Ÿ“ History
๐Ÿ“‚ master View all commits โ†’
๐Ÿ“ src
๐Ÿ“„ .codeclimate.yml
๐Ÿ“„ .editorconfig
๐Ÿ“„ .gitattributes
๐Ÿ“„ .gitignore
๐Ÿ“„ .scrutinizer.yml
๐Ÿ“„ .styleci.yml
๐Ÿ“„ .travis.yml
๐Ÿ“„ CHANGELOG.md
๐Ÿ“„ CODE_OF_CONDUCT.md
๐Ÿ“„ composer.json
๐Ÿ“„ CONTRIBUTING.md
๐Ÿ“„ LICENSE
๐Ÿ“„ phpunit.xml
๐Ÿ“„ README.md
๐Ÿ“„ README.md

Shieldfy Normaizer

This package is useful for the input normalization, before running hardcore IDS/IPS rules. It normalize the inputs to fight against WAF Bypassing techniques using obfuscation or other techniques to hide payloads.

Packagist VersionEye Dependencies Scrutinizer Code Quality Code Climate License

Table Of Contents

Usage

Usage is pretty easy and straightforward:

$value = "select/*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)";

// Run all normalizers
$result = (new \Shieldfy\Normalizer\Normalizer($value))->runAll();
echo $result;
// select from information_schema.columns where column_name like char(37, 112, 97, 115, 115, 37) %pass%

// Run single normalizer
$result = (new \Shieldfy\Normalizer\Normalizer($value))->run('comments');

Installation

Install the package via composer: 

composer require shieldfy/normalizer

note about serialization

Serialize / Unserialize can be danger due to its ability to convert object and it can be used to preform object injection attack. So explicit normalization not allowed in php version before php 7 thats because php7 offered new options to prevent object serialization see here

Changelog

Refer to the Changelog for a full history of the project.

Support

The following support channels are available at your fingertips:

Contributing & Protocols

Thank you for considering contributing to this project! The contribution guide can be found in CONTRIBUTING.md.

Bug reports, feature requests, and pull requests are very welcome.

Security Vulnerabilities

If you discover a security vulnerability within this project, please send an e-mail to security@shieldfy.com. All security vulnerabilities will be promptly addressed.

Credits

This package is based on the original converters written by Mario Heiderich & Christian Matthies the creators of PHP IDS project with help from the generous security & opensource community.

License

This software is released under The MIT License (MIT).

(c) 2016 Shieldfy Inc, Some rights reserved.