Go WAF Plugin (#400)

plugins/wasm-go/extensions/waf/wasmplugin/rules/crs/php-config-directives.data

@@ -0,0 +1,571 @@
+# This list comes mainly from:
+# - https://www.php.net/manual/en/ini.core.php
+# - https://www.php.net/manual/en/ini.list.php
+#
+# There are additional directives defined in some of the modules, that can be parsed from each modules's configuration page:
+# - https://www.php.net/manual/en/$book.configuration.php (book comes from funcref.php)
+#
+# As the source code is in docbook format with many dependencies, the easiest
+# way to get it is using an xpath parser on the ini list and getting all
+# using '//table/tbody/tr/td[1]'. A simple helper tool you can use is https://www.videlibri.de/xidel.html
+#
+# Small post-processing is needed to remove numbers coming from a column,
+# and `*` chars (e.g. `pdo.dsn.*`).
+# Also removed single words like `engine`, `extension`, `from` and `precision`, to prevent FP.
+#
+# Example usage:
+# `xidel https://www.php.net/manual/en/ini.core.php https://www.php.net/manual/en/ini.list.php --xpath '//table/tbody/tr/td[1]' | sort | uniq`
+#
+# And for configuration in submodules:
+#
+# for book in $(xidel  https://www.php.net/manual/en/funcref.php -e '//a/extract(@href, "book\.(.+)\.php", 1)[. != ""]')                                                                                                 ─╯
+# do
+#   xidel https://www.php.net/manual/en/$book.configuration.php --xpath '//table/tbody/tr/td[1]' >> php-config-directives.txt
+# done
+#
+# ** Remember to always `sort` the output so its easy to spot the changes, and remove duplicates if any.
+
+allow_url_fopen
+allow_url_include
+apc.coredump_unmap
+apc.enable_cli
+apc.enabled
+apc.entries_hint
+apc.gc_ttl
+apc.mmap_file_mask
+apc.preload_path
+apc.serializer
+apc.shm_segments
+apc.shm_size
+apc.slam_defense
+apc.ttl
+apc.use_request_time
+arg_separator.input
+arg_separator.output
+assert.active
+assert.bail
+assert.callback
+assert.exception
+assert.quiet_eval
+assert.warning
+auto_append_file
+auto_detect_line_endings
+auto_globals_jit
+auto_prepend_file
+bcmath.scale
+browscap
+cgi.check_shebang_line
+cgi.discard_path
+cgi.fix_pathinfo
+cgi.force_redirect
+cgi.nph
+cgi.redirect_status_env
+cgi.rfc2616_headers
+child_terminate
+cli_server.color
+cli.pager
+cli.prompt
+com.allow_dcom
+com.autoregister_casesensitive
+com.autoregister_typelib
+com.autoregister_verbose
+com.code_page
+com.dotnet_version
+com.typelib_file
+curl.cainfo
+date.default_latitude
+date.default_longitude
+date.sunrise_zenith
+date.sunset_zenith
+date.timezone
+dba.default_handler
+default_charset
+default_mimetype
+default_socket_timeout
+disable_classes
+disable_functions
+display_errors
+display_startup_errors
+doc_root
+docref_ext
+docref_root
+enable_dl
+enable_post_data_reading
+engine
+error_append_string
+error_log
+error_prepend_string
+error_reporting
+exif.decode_jis_intel
+exif.decode_jis_motorola
+exif.decode_unicode_intel
+exif.decode_unicode_motorola
+exif.encode_jis
+exif.encode_unicode
+exit_on_timeout
+extension
+expect.logfile
+expect.loguser
+expect.match_max
+expect.timeout
+expose_php
+extension_dir
+fastcgi.impersonate
+fastcgi.logging
+ffi.enable
+ffi.preload
+file_uploads
+filter.default
+filter.default_flags
+gd.jpeg_ignore_warning
+geoip.custom_directory
+hard_timeout
+highlight.comment
+highlight.default
+highlight.html
+highlight.keyword
+highlight.string
+html_errors
+ibase.allow_persistent
+ibase.dateformat
+ibase.default_charset
+ibase.default_db
+ibase.default_password
+ibase.default_user
+ibase.max_links
+ibase.max_persistent
+ibase.timeformat
+ibase.timestampformat
+ibm_db2.binmode
+ibm_db2.i5_all_pconnect
+ibm_db2.i5_allow_commit
+ibm_db2.i5_dbcs_alloc
+ibm_db2.i5_ignore_userid
+ibm_db2.instance_name
+iconv.input_encoding
+iconv.internal_encoding
+iconv.output_encoding
+igbinary.compact_strings
+ignore_repeated_errors
+ignore_repeated_source
+ignore_user_abort
+imagick.locale_fix
+imagick.progress_monitor
+imagick.skip_version_check
+imap.enable_insecure_rsh
+implicit_flush
+include_path
+input_encoding
+internal_encoding
+intl.default_locale
+intl.error_level
+intl.use_exceptions
+ldap.max_links
+log_errors
+log_errors_max_len
+magic_quotes_gpc
+magic_quotes_runtime
+mail.add_x_header
+mail.force_extra_parameters
+mail.log
+mailparse.def_charset
+max_execution_time
+max_file_uploads
+max_input_nesting_level
+max_input_time
+max_input_vars
+mbstring.detect_order
+mbstring.encoding_translation
+mbstring.func_overload
+mbstring.http_input
+mbstring.http_output
+mbstring.http_output_conv_mimetypes
+mbstring.internal_encoding
+mbstring.language
+mbstring.regex_retry_limit
+mbstring.regex_stack_limit
+mbstring.strict_detection
+mbstring.substitute_character
+mcrypt.algorithms_dir
+mcrypt.modes_dir
+memcache.allow_failover
+memcache.chunk_size
+memcache.compress_threshold
+memcache.default_port
+memcache.hash_function
+memcache.hash_strategy
+memcache.lock_timeout
+memcache.max_failover_attempts
+memcache.protocol
+memcache.redundancy
+memcache.session_redundancy
+memcached.compression_factor
+memcached.compression_threshold
+memcached.compression_type
+memcached.default_binary_protocol
+memcached.default_connect_timeout
+memcached.default_consistent_hash
+memcached.serializer
+memcached.sess_binary
+memcached.sess_binary_protocol
+memcached.sess_connect_timeout
+memcached.sess_consistent_hash
+memcached.sess_consistent_hash_type
+memcached.sess_lock_expire
+memcached.sess_lock_retries
+memcached.sess_lock_wait
+memcached.sess_lock_wait_max
+memcached.sess_lock_wait_min
+memcached.sess_locking
+memcached.sess_number_of_replicas
+memcached.sess_persistent
+memcached.sess_prefix
+memcached.sess_randomize_replica_read
+memcached.sess_remove_failed
+memcached.sess_remove_failed_servers
+memcached.sess_sasl_password
+memcached.sess_sasl_username
+memcached.sess_server_failure_limit
+memcached.store_retry_count
+memcached.use_sasl
+memory_limit
+mysql.allow_local_infile
+mysql.allow_persistent
+mysql.connect_timeout
+mysql.default_host
+mysql.default_password
+mysql.default_port
+mysql.default_socket
+mysql.default_user
+mysql.max_links
+mysql.max_persistent
+mysql.trace_mode
+mysqli.allow_local_infile
+mysqli.allow_persistent
+mysqli.default_host
+mysqli.default_port
+mysqli.default_pw
+mysqli.default_socket
+mysqli.default_user
+mysqli.local_infile_directory
+mysqli.max_links
+mysqli.max_persistent
+mysqli.reconnect
+mysqli.rollback_on_cached_plink
+mysqlnd.collect_memory_statistics
+mysqlnd.collect_statistics
+mysqlnd.debug
+mysqlnd.fetch_data_copy
+mysqlnd.log_mask
+mysqlnd.mempool_default_size
+mysqlnd.net_cmd_buffer_size
+mysqlnd.net_read_buffer_size
+mysqlnd.net_read_timeout
+mysqlnd.sha256_server_public_key
+mysqlnd.trace_alloc
+oci8.connection_class
+oci8.default_prefetch
+oci8.events
+oci8.max_persistent
+oci8.old_oci_close_semantics
+oci8.persistent_timeout
+oci8.ping_interval
+oci8.prefetch_lob_size
+oci8.privileged_connect
+oci8.statement_cache_size
+odbc.allow_persistent
+odbc.check_persistent
+odbc.default_cursortype
+odbc.default_db
+odbc.default_pw
+odbc.default_user
+odbc.defaultbinmode
+odbc.defaultlrl
+odbc.max_links
+odbc.max_persistent
+opcache.blacklist_filename
+opcache.cache_id
+opcache.consistency_checks
+opcache.dups_fix
+opcache.enable
+opcache.enable_cli
+opcache.enable_file_override
+opcache.error_log
+opcache.fast_shutdown
+opcache.file_cache
+opcache.file_cache_consistency_checks
+opcache.file_cache_fallback
+opcache.file_cache_only
+opcache.file_update_protection
+opcache.force_restart_timeout
+opcache.huge_code_pages
+opcache.inherited_hack
+opcache.interned_strings_buffer
+opcache.jit
+opcache.jit_bisect_limit
+opcache.jit_blacklist_root_trace
+opcache.jit_blacklist_side_trace
+opcache.jit_buffer_size
+opcache.jit_debug
+opcache.jit_hot_func
+opcache.jit_hot_loop
+opcache.jit_hot_return
+opcache.jit_hot_side_exit
+opcache.jit_max_exit_counters
+opcache.jit_max_loop_unrolls
+opcache.jit_max_polymorphic_calls
+opcache.jit_max_recursive_calls
+opcache.jit_max_recursive_returns
+opcache.jit_max_root_traces
+opcache.jit_max_side_traces
+opcache.jit_prof_threshold
+opcache.lockfile_path
+opcache.log_verbosity_level
+opcache.max_accelerated_files
+opcache.max_file_size
+opcache.max_wasted_percentage
+opcache.memory_consumption
+opcache.mmap_base
+opcache.opt_debug_level
+opcache.optimization_level
+opcache.preferred_memory_model
+opcache.preload
+opcache.preload_user
+opcache.protect_memory
+opcache.record_warnings
+opcache.restrict_api
+opcache.revalidate_freq
+opcache.revalidate_path
+opcache.save_comments
+opcache.use_cwd
+opcache.validate_permission
+opcache.validate_root
+opcache.validate_timestamps
+open_basedir
+openssl.cafile
+openssl.capath
+output_buffering
+output_encoding
+output_handler
+pcre.backtrack_limit
+pcre.jit
+pcre.recursion_limit
+pdo_odbc.connection_pooling
+pdo_odbc.db2_instance_name
+pdo.dsn
+pgsql.allow_persistent
+pgsql.auto_reset_persistent
+pgsql.ignore_notice
+pgsql.log_notice
+pgsql.max_links
+pgsql.max_persistent
+phar.cache_list
+phar.readonly
+phar.require_hash
+phpdbg.eol
+phpdbg.path
+precision
+post_max_size
+realpath_cache_size
+realpath_cache_ttl
+register_argc_argv
+report_memleaks
+report_zend_debug
+request_order
+runkit.internal_override
+runkit.superglobal
+seaslog.appender
+seaslog.appender_retry
+seaslog.buffer_disabled_in_cli
+seaslog.buffer_size
+seaslog.default_basepath
+seaslog.default_datetime_format
+seaslog.default_logger
+seaslog.default_template
+seaslog.disting_by_hour
+seaslog.disting_folder
+seaslog.disting_type
+seaslog.ignore_warning
+seaslog.level
+seaslog.recall_depth
+seaslog.remote_host
+seaslog.remote_port
+seaslog.remote_timeout
+seaslog.throw_exception
+seaslog.trace_error
+seaslog.trace_exception
+seaslog.trace_notice
+seaslog.trace_warning
+seaslog.trim_wrap
+seaslog.use_buffer
+sendmail_from
+sendmail_path
+serialize_precision
+session.auto_start
+session.cache_expire
+session.cache_limiter
+session.cookie_domain
+session.cookie_httponly
+session.cookie_lifetime
+session.cookie_path
+session.cookie_samesite
+session.cookie_secure
+session.entropy_file
+session.entropy_length
+session.gc_divisor
+session.gc_maxlifetime
+session.gc_probability
+session.hash_bits_per_character
+session.hash_function
+session.lazy_write
+session.name
+session.referer_check
+session.save_handler
+session.save_path
+session.serialize_handler
+session.sid_bits_per_character
+session.sid_length
+session.trans_sid_hosts
+session.trans_sid_tags
+session.upload_progress.cleanup
+session.upload_progress.enabled
+session.upload_progress.freq
+session.upload_progress.min_freq
+session.upload_progress.name
+session.upload_progress.prefix
+session.use_cookies
+session.use_only_cookies
+session.use_strict_mode
+session.use_trans_sid
+short_open_tag
+smtp
+smtp_port
+soap.wsdl_cache
+soap.wsdl_cache_dir
+soap.wsdl_cache_enabled
+soap.wsdl_cache_limit
+soap.wsdl_cache_ttl
+sql.safe_mode
+sqlite3.defensive
+sqlite3.extension_dir
+stomp.default_broker
+stomp.default_connection_timeout_sec
+stomp.default_connection_timeout_usec
+stomp.default_read_timeout_sec
+stomp.default_read_timeout_usec
+swoole.aio_thread_num
+swoole.display_errors
+swoole.enable_coroutine
+swoole.enable_library
+swoole.enable_preemptive_scheduler
+swoole.fast_serialize
+swoole.unixsock_buffer_size
+swoole.use_namespace
+swoole.use_shortname
+sys_temp_dir
+syslog.facility
+syslog.filter
+syslog.ident
+sysvshm.init_mem
+taint.enable
+taint.error_level
+tidy.clean_output
+tidy.default_config
+track_errors
+trader.real_precision
+trader.real_round_mode
+unserialize_callback_func
+unserialize_max_depth
+uopz.disable
+uopz.exit
+uopz.overloads
+upload_max_filesize
+upload_tmp_dir
+uploadprogress.file.filename_template
+url_rewriter.hosts
+url_rewriter.tags
+user_agent
+user_dir
+user_ini.cache_ttl
+user_ini.filename
+v8js.flags
+v8js.max_disposed_contexts
+variables_order
+vld.active
+vld.execute
+vld.skip_append
+vld.skip_prepend
+wincache.chkinterval
+wincache.enablecli
+wincache.fcachesize
+wincache.fcenabled
+wincache.fcenabledfilter
+wincache.fcndetect
+wincache.filecount
+wincache.filemapdir
+wincache.ignorelist
+wincache.maxfilesize
+wincache.namesalt
+wincache.ocachesize
+wincache.ocenabled
+wincache.ocenabledfilter
+wincache.reroute_enabled
+wincache.rerouteini
+wincache.scachesize
+wincache.srwlocks
+wincache.ttlmax
+wincache.ucachesize
+wincache.ucenabled
+windows.show_crt_warning
+wkhtmltox.graphics
+xbithack
+xhprof.output_dir
+xmlrpc_error_number
+xmlrpc_errors
+yac.compress_threshold
+yac.debug
+yac.enable
+yac.enable_cli
+yac.keys_memory_size
+yac.serializer
+yac.values_memory_size
+yaconf.check_delay
+yaconf.directory
+yaf.action_prefer
+yaf.cache_config
+yaf.environ
+yaf.forward_limit
+yaf.library
+yaf.lowcase_path
+yaf.name_separator
+yaf.name_suffix
+yaf.use_namespace
+yaf.use_spl_autoload
+yaml.decode_binary
+yaml.decode_php
+yaml.decode_timestamp
+yaml.output_canonical
+yaml.output_indent
+yaml.output_width
+yar.connect_timeout
+yar.debug
+yar.expose_info
+yar.packager
+yar.timeout
+yaz.keepalive
+yaz.log_mask
+zend_extension
+zend.assertions
+zend.detect_unicode
+zend.enable_gc
+zend.exception_ignore_args
+zend.exception_string_param_max_len
+zend.multibyte
+zend.script_encoding
+zend.signal_check
+zlib.output_compression
+zlib.output_compression_level
+zlib.output_handler
+zookeeper.recv_timeout
+zookeeper.sess_lock_wait
+zookeeper.session_lock