rspec/rules/S3337/php/rule.adoc

``++enable_dl++`` is on by default and allows ``++open_basedir++`` restrictions, which limit the files a script can access, to be ignored. For that reason, it's a dangerous option and should be explicitly turned off.


This rule raises an issue when ``++enable_dl++`` is not explicitly set to 0 in _php.ini_.

== Noncompliant Code Example

----
; php.ini
enable_dl=1  ; Noncompliant
----

== Compliant Solution

----
; php.ini
enable_dl=0
----

== See

* https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
* https://cwe.mitre.org/data/definitions/23.html[MITRE, CWE-23] - Relative Path Traversal
* https://cwe.mitre.org/data/definitions/36.html[MITRE, CWE-36] - Absolute Path Traversal
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			``++enable_dl++`` is on by default and allows ``++open_basedir++`` restrictions, which limit the files a script can access, to be ignored. For that reason, it's a dangerous option and should be explicitly turned off.


			This rule raises an issue when ``++enable_dl++`` is not explicitly set to 0 in _php.ini_.

			`== Noncompliant Code Example`

			`----`
			`; php.ini`
			`enable_dl=1 ; Noncompliant`
			`----`

			`== Compliant Solution`

			`----`
			`; php.ini`
			`enable_dl=0`
			`----`

			`== See`

			`* https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration`
			`* https://cwe.mitre.org/data/definitions/23.html[MITRE, CWE-23] - Relative Path Traversal`
			`* https://cwe.mitre.org/data/definitions/36.html[MITRE, CWE-36] - Absolute Path Traversal`