Mirror-Flowers/core/analyzers/config_analyzer.py

class ConfigAnalyzer:
    def __init__(self):
        self.dangerous_configs = {
            'php': {
                'allow_url_fopen': 'On',
                'allow_url_include': 'On',
                'display_errors': 'On',
                'expose_php': 'On'
            },
            'java': {
                'debug': 'true',
                'trace': 'true',
                'security.basic.enabled': 'false'
            }
        }
        
        # 添加更多配置检查规则
        self.security_rules = {
            'authentication': {
                'required_settings': ['session.cookie_secure', 'session.cookie_httponly'],
                'forbidden_settings': ['session.use_only_cookies=0']
            },
            'file_upload': {
                'check_settings': ['upload_max_filesize', 'max_file_uploads'],
                'risk_values': ['unlimited', '-1']
            },
            'error_reporting': {
                'production_settings': {
                    'display_errors': 'Off',
                    'log_errors': 'On',
                    'error_reporting': 'E_ALL & ~E_DEPRECATED & ~E_STRICT'
                }
            }
        }
        
    def analyze(self, config_files):
        """增强的配置分析"""
        issues = []
        
        for file_path in config_files:
            config_type = self._detect_config_type(file_path)
            
            # 基本配置检查
            basic_issues = self._check_dangerous_settings(file_path, config_type)
            issues.extend(basic_issues)
            
            # 环境特定检查
            env_issues = self._check_environment_specific(file_path, config_type)
            issues.extend(env_issues)
            
            # 安全规则检查
            security_issues = self._check_security_rules(file_path, config_type)
            issues.extend(security_issues)
            
        return self._prioritize_issues(issues)
Add files via upload 2025-02-06 21:10:34 +08:00			`class ConfigAnalyzer:`
			`def __init__(self):`
			`self.dangerous_configs = {`
			`'php': {`
			`'allow_url_fopen': 'On',`
			`'allow_url_include': 'On',`
			`'display_errors': 'On',`
			`'expose_php': 'On'`
			`},`
			`'java': {`
			`'debug': 'true',`
			`'trace': 'true',`
			`'security.basic.enabled': 'false'`
			`}`
			`}`

			`# 添加更多配置检查规则`
			`self.security_rules = {`
			`'authentication': {`
			`'required_settings': ['session.cookie_secure', 'session.cookie_httponly'],`
			`'forbidden_settings': ['session.use_only_cookies=0']`
			`},`
			`'file_upload': {`
			`'check_settings': ['upload_max_filesize', 'max_file_uploads'],`
			`'risk_values': ['unlimited', '-1']`
			`},`
			`'error_reporting': {`
			`'production_settings': {`
			`'display_errors': 'Off',`
			`'log_errors': 'On',`
			`'error_reporting': 'E_ALL & ~E_DEPRECATED & ~E_STRICT'`
			`}`
			`}`
			`}`

			`def analyze(self, config_files):`
			`"""增强的配置分析"""`
			`issues = []`

			`for file_path in config_files:`
			`config_type = self._detect_config_type(file_path)`

			`# 基本配置检查`
			`basic_issues = self._check_dangerous_settings(file_path, config_type)`
			`issues.extend(basic_issues)`

			`# 环境特定检查`
			`env_issues = self._check_environment_specific(file_path, config_type)`
			`issues.extend(env_issues)`

			`# 安全规则检查`
			`security_issues = self._check_security_rules(file_path, config_type)`
			`issues.extend(security_issues)`

			`return self._prioritize_issues(issues)`