disallowed-dangerous-calls.neon

parameters:
	disallowedFunctionCalls:
		-
			function: 'apache_setenv()'
			message: 'might overwrite existing variables'
		-
			function: 'dl()'
			message: 'removed from most SAPIs, might load untrusted code'
		-
			function: 'eval()'
			message: 'eval is evil, please write more code and do not use eval()'
		-
			function: 'extract()'
			message: 'do not use extract() and especially not on untrusted data'
		-
			function: 'posix_getpwuid()'
			message: 'might reveal system user information'
		-
			function: 'posix_kill()'
			message: 'do not send signals to processes from the script'
		-
			function: 'posix_mkfifo()'
			message: 'do not create named pipes in the script'
		-
			function: 'posix_mknod()'
			message: 'do not create special files in the script'
		-
			function: 'highlight_file()'
			message: 'might reveal source code or config files'
		-
			function: 'show_source()'
			message: 'might reveal source code or config files (alias of highlight_file())'
		-
			function: 'pfsockopen()'
			message: 'use fsockopen() to create non-persistent socket connections'
		-
			function: 'print_r()'
			message: 'use some logger instead'
			allowParamsAnywhere:
				2: true
		-
			function: 'proc_nice()'
			message: 'changes the priority of the current process'
		-
			function: 'putenv()'
			message: 'might overwrite existing variables'
		-
			function: 'socket_create_listen()'
			message: 'do not accept new socket connections in the PHP script'
		-
			function: 'socket_listen()'
			message: 'do not accept new socket connections in the PHP script'
		-
			function: 'var_dump()'
			message: 'use some logger instead'
		-
			function: 'var_export()'
			message: 'use some logger instead'
			allowParamsAnywhere:
				2: true