Skip to content
Inspekt is a PHP library that makes it easier to write secure web applications
Branch: master
Clone or download
Latest commit 35a148a May 14, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Examples
docs
src/Inspekt Adding test tag to confirm bug fix Mar 3, 2016
tests
.gitignore add .idea to .gitignore Nov 9, 2014
LICENSE
README.md Update README.md May 11, 2019
composer.json Add Faker to dev dependencies Mar 14, 2015
composer.lock Add Faker to dev dependencies Mar 14, 2015

README.md

Inspekt

License

LICENSE

Maintained by

Ben Edmunds benedmunds.com

Created by

Ed Finkler
coj@funkatron.com

Version 0.6.0 2015-09-23

What Is Inspekt?

Inspekt is a comprehensive filtering and validation library for PHP.

Driving principles behind Inspekt

  • Accessing user input via the PHP superglobals is inherently dangerous, because the "default" action is to retrieve raw, potentially dangerous data
  • Piecemeal, "inline" filtering/validation done at various places in an application's source code is too error-prone to be effective
  • The purpose of a library or framework is to make a programmer's job easier. Verbose and/or complex solutions should be avoided unless they are the only solution

Features of Inspekt

  • 'Cage' objects that encapsulate input and require the developer to use the provided filtering and validation methods to access input data
  • Automatic application of filtering as defined in a configuration file
  • A library of static filtering and validation methods
  • A simple, clear API
  • No external dependencies

Documentation

User Docs

API Docs

How Do I Use Inspekt?

The best idea at the moment is to look at the Examples directory.

Quickly creating a cage for common input superglobals

<?php
use Inspekt\Inspekt;

/*
 * creates a cage for $_GET, $_POST, $_COOKIE, $_ENV, $_FILES, $_SERVER
 */
$superCage = Inspekt::makeSuperCage();

echo 'Digits:' . $superCage->server->getDigits('SERVER_SOFTWARE') . '<p/>';
echo 'Alpha:' . $superCage->server->getAlpha('SERVER_SOFTWARE') . '<p/>';
echo 'Alnum:' . $superCage->server->getAlnum('SERVER_SOFTWARE') . '<p/>';
echo 'Raw:' . $superCage->server->getRaw('SERVER_SOFTWARE') . '<p/>';

Creating a cage from an arbitrary array

<?php
/**
 * Demonstration of:
 * - use of static filter methods on arrays
 * - creating a cage on an arbitrary array
 * - accessing a deep key in a multidim array with the "Array Query" approach
 */


require_once dirname(__FILE__) . "/../vendor/autoload.php";

use Inspekt\Cage;

$d = array();
$d['input'] = '<img id="475">yes</img>';
$d['lowascii'] = '������� � � � ';
$d[] = array('foo', 'bar<br />', 'yes<P>', 1776);
$d['x']['woot'] = array(
    'booyah' => 'meet at the bar at 7:30 pm',
    'ultimate' => '<strong>hi there!</strong>',
);
$d['lemon'][][][][][][][][][][][][][][] = 'far';


$d_cage = Cage::Factory($d);

var_dump($d_cage->getAlpha('/x/woot/ultimate'));

var_dump($d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0'));

$x = $d_cage->getAlpha('x');
var_dump($x);

$x = $d_cage->getAlpha('input');
var_dump($x);

Calling an individual validation method

<?php
require_once dirname(__FILE__) . "/../vendor/autoload.php";

use Inspekt\Inspekt;

$rs = Inspekt::isUri('http://www.w3.org/2001/XMLSchema');
var_dump($rs);

How Do I Run Tests

Install PHPUnit, cd to the root dir of Inspekt, and type

phpunit tests/

Changelog

Version 0.6.0 - 2014-11-08

  • Backwards-compatibility breaks! Be aware! Read examples!
  • removed CodeIgniter helper
  • removed all session cage code
  • refactor for PSR2 compliance, including namespaces (BC BREAK)
  • drop mysql for mysqli escaping calls

2014-04-14

  • Added composer.json file

Version 0.4.1 - 2010-01-15

  • Inspekt_Cage::keyExists now returns boolean again, unless second param is TRUE (then it returns the value if key exists)
  • fixed a bunch of missing public/protected definitions
  • renamed Inspekt_CageTest.php to CageTest.php so phpunit would load it correctly
  • wrote a couple unit tests for Inspekt_Cage::testAlnum

Version 0.4.0 - 2009-11-15

  • added new way to add cage accessor methods by extending AccessorAbstract and registering with cage object
  • added Inspekt_Cage::addAccessor() and Inspekt_SuperCage::addAccessor()
  • modified Examples/extending.php to demonstrate adding new accessor methods
  • added HTMLPurifier integration capability and new cage filter getPurifiedHTML()
  • added a library for CodeIgniter to use Inspekt in the standard Input object
  • make Inspekt::isArrayObject() and Inspekt::isArrayOrArrayObject() public
  • added __call() to Inspekt_Cage so we can handle user-defined accessor methods
  • added underscore to path portion of isUri() (Nick Ramsay)
  • added a new folder for Integration_helpers
  • commented out include for Inspekt/Cage/Session in Cage.php because it caused probs generating Cage test skeleton
  • made PHPUnit Inspekt_Cage test skeleton
  • added simple example for a wrapper that will pull from GET or POST

Version 0.3.5 - 2009-07-18

  • refactored and reworked some examples; added db escaping examples
  • did some work to get isInt to handle 64 bit integers better (more to do)
  • fixed bug in isOneOf where a string pattern wasn't converted properly
  • removed some incorrectly optional params for methods
  • isRegex now correctly returns a boolean, not an Int
  • added missing cage methods getROT13, noTagsOrSpecial, escMySQL, escPgSQL, escPgSQLBytea
  • added many more unit tests

Version 0.3.4 - 2009-07-18

  • Added Inspekt::getROT13()
  • Added Inspekt::escMySQL()
  • Added Inspekt::escPgSQL()
  • Added Inspekt::escPgSQLBytea()
  • Now arrays are only converted to ArrayObjects by cages; arrays passed into static filter calls are returned as arrays.
  • More unit tests, and tests moved into InspektTest.php (removed Tests/ subdir)
  • cleanup in Inspekt_SuperCage to fix STRICT notices

Version 0.3.3 - 2009-07-18

  • Caged properties can now be iterated over b/c we're implementing ArrayObject (Matt McKeon)
  • added a number of @assert tests for phpunit testing
  • cleaned up function declarations so they would not raise STRICT notices
  • leveraged Filter Extention in a couple filter methods; can be turned off with Inspekt::useFilterExt()
  • added filter method Inspekt::noTagsOrSpecial() that strips tags, encodes '"&<>, and all low ascii chars (< 32)
  • upped recursion limit to 15
  • Inspekt::_walkArray will now convert a plain array into an ArrayObject (should it always? Not sure)
  • filter methods will now use Inspekt::isArrayOrArrayObject() to determine if they need to walk the array
  • fixed some require_once statements to use dirname() resolution so fewer path issues pop up (they showed up when using phpunit)

Version 0.3.2 - 2009-06-22

PHP5 now required, bug fixes for transposed params

Version 0.3.1 - 2008-02-08

Disables processing of $_SESSION

Version 0.3.0 - 2008-01-16

Final OWASP milestone release

Version 0.1 - 2007-05-19

Initial Release

You can’t perform that action at this time.