Merge pull request #36 from igorhrcek/custom-files-fix

Igor Hrcek · web-flow · commit 56e7b1c66487 · 2022-03-21T13:45:32.000+01:00
fix: Fix BlockAccessToCustomSensitiveFiles
diff --git a/src/SubCommands/AddSecurityHeaders.php b/src/SubCommands/AddSecurityHeaders.php
@@ -9,6 +9,7 @@ class AddSecurityHeaders extends SubCommand {
     public string $removalMessage= 'Add Security Headers rule has been removed.';
 
     public function getTemplateVars() : array {
+
         $default_headers = [
             'Strict-Transport-Security' => '"max-age=63072000; includeSubDomains; preload"',
             'Referrer-Policy' => 'strict-origin-when-cross-origin',
diff --git a/src/SubCommands/BlockAccessToCustomSensitiveFiles.php b/src/SubCommands/BlockAccessToCustomSensitiveFiles.php
@@ -20,12 +20,21 @@ public function getTemplateVars(): array {
             $files_array = [];
 
             foreach ($files as $key => $value) {
-                $file = (isset($this->commandArguments['server']) && $this->commandArguments['server'] === 'nginx') ?
-                    preg_quote($value) : $value;
-
-                $files_array[] = ['file' => $file];
+                if ( preg_match( '/.+\/.+/', $value ) ) {
+                    $file_with_directory = $this->setRuleContent( false, 'block_access_to_sensitive_files_with_directories' );
+                    if ( isset( $this->commandArguments['server'] ) && $this->commandArguments['server'] === 'nginx' ) {
+                        $file = $value;
+                    } else {
+                        $file = preg_quote( ltrim( $value, '/' ) );
+                    }
+                    $files_array[] = [ $file => $file_with_directory ];
+                } else {
+                    $file = (isset($this->commandArguments['server']) && $this->commandArguments['server'] === 'nginx') ?
+                        preg_quote($value) : $value;
+                    $files_array[] = ['file' => $file];
+                }
             }
-            
+
             return $files_array;
         }
 
diff --git a/src/SubCommands/BlockAccessToSensitiveFiles.php b/src/SubCommands/BlockAccessToSensitiveFiles.php
@@ -8,6 +8,7 @@ class BlockAccessToSensitiveFiles extends SubCommand {
     public string $successMessage = 'Block Access to Sensitive Files rule has been deployed.';
     public string $removalMessage= 'Block Access to Sensitive Files rule has been removed.';
 
+
     /**
      * @var string List of files that we are protecting by default
      */
@@ -37,4 +38,5 @@ public function getTemplateVars() : array {
         }
         return [];
     }
+
 }

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ class BlockAccessToSensitiveFiles extends SubCommand {`
`8`	`8`	`public string $successMessage = 'Block Access to Sensitive Files rule has been deployed.';`
`9`	`9`	`public string $removalMessage= 'Block Access to Sensitive Files rule has been removed.';`
`10`	`10`
	`11`	`+`
`11`	`12`	`/**`
`12`	`13`	`* @var string List of files that we are protecting by default`
`13`	`14`	`*/`
`@@ -37,4 +38,5 @@ public function getTemplateVars() : array {`
`37`	`38`	`}`
`38`	`39`	`return [];`
`39`	`40`	`}`
	`41`	`+`
`40`	`42`	`}`