Enhance security settings in php.ini and streamline codebase

Additional security settings have been added in php.ini to prohibit inclusion of URLs in scripts. Runtime exception handling across the codebase has also been simplified. For improving maintainability, redundant code has been eliminated in csv-blueprint.php, particularly where PHP_SAPI is checked.
JBZoo · Apr 10, 2024 · 599c239 · 599c239
1 parent 3411600
commit 599c239
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 10 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -24,7 +24,6 @@ ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/relea
 RUN install-php-extensions opcache parallel @composer
 
 # Install application
-# run `make build-version` before!
 WORKDIR /app
 ENV COMPOSER_ALLOW_SUPERUSER=1
 COPY . /app

diff --git a/csv-blueprint.php b/csv-blueprint.php
@@ -19,19 +19,14 @@
 use JBZoo\CsvBlueprint\Workers\WorkerPool;
 
 \define('PATH_ROOT', __DIR__);
-$autoloader = __DIR__ . '/vendor/autoload.php';
-require_once $autoloader;
-
-if ('cli' !== \PHP_SAPI) {
-    throw new \RuntimeException('This script must be run from the command line.');
-}
-
-WorkerPool::setBootstrap($autoloader);
+require_once __DIR__ . '/vendor/autoload.php';
 
 if ('cli' !== \PHP_SAPI) {
     throw new Exception('This script must be run from the command line.');
 }
 
+WorkerPool::setBootstrap(__DIR__ . '/vendor/autoload.php');
+
 // Fix for GitHub actions. See action.yml
 $_SERVER['argv'] = Utils::fixArgv($_SERVER['argv'] ?? []);
 $_SERVER['argc'] = \count($_SERVER['argv']);

diff --git a/docker/php.ini b/docker/php.ini
@@ -45,9 +45,12 @@ max_input_time=60
 memory_limit=2G
 realpath_cache_size = 64M
 realpath_cache_ttl = 100000
+allow_url_fopen=0
+allow_url_include=0
 
 ;error_reporting = E_ALL
 ;display_errors = On
 ;display_startup_errors = On
 
+
 ;opcache.preload=/app/docker/preload.php
diff --git a/src/Workers/WorkerPool.php b/src/Workers/WorkerPool.php
@@ -119,7 +119,7 @@ private function maintainTaskPool(): void
     {
         $bootstrap = self::$bootstrap;
         if ($bootstrap === null) {
-            throw new \RuntimeException('Bootstrap file is not set');
+            throw new Exception('Bootstrap file is not set');
         }
 
         while (\count($this->runningTasks) < $this->maxThreads && !$this->tasksQueue->isEmpty()) {