You can pass a string of the function name, or pass an array of function names to whitelist
public whitelistFunc ( string | array $name ) | ||
$name | string | array | String of function name, or array of function names to whitelist |
/** * Test whether sandboxed strings do not cause conflicts with is_string, is_object, or is_scalar */ public function testSandboxedStringsMimicStrings() { $this->sandbox->whitelistFunc(array('is_string', 'is_object', 'is_scalar')); $this->assertEquals(true, $this->sandbox->execute(function () { return is_string("system"); })); $this->assertEquals(false, $this->sandbox->execute(function () { return is_object("system"); })); $this->assertEquals(true, $this->sandbox->execute(function () { return is_scalar("system"); })); }
/** Examine the current PhpParser\Node node against the PHPSandbox configuration for whitelisting sandboxed code * * @param Node $node The sandboxed $node to examine * * @return null */ public function leaveNode(Node $node) { if ($node instanceof Node\Stmt\Class_ && is_string($node->name) && $this->sandbox->allow_classes && $this->sandbox->auto_whitelist_classes && !$this->sandbox->hasBlacklistedClasses()) { $this->sandbox->whitelistClass($node->name); $this->sandbox->whitelistType($node->name); } else { if ($node instanceof Node\Stmt\Interface_ && is_string($node->name) && $this->sandbox->allow_interfaces && $this->sandbox->auto_whitelist_interfaces && !$this->sandbox->hasBlacklistedInterfaces()) { $this->sandbox->whitelistInterface($node->name); } else { if ($node instanceof Node\Stmt\Trait_ && is_string($node->name) && $this->sandbox->allow_traits && $this->sandbox->auto_whitelist_traits && !$this->sandbox->hasBlacklistedTraits()) { $this->sandbox->whitelistTrait($node->name); } else { if ($node instanceof Node\Expr\FuncCall && $node->name instanceof Node\Name && $node->name->toString() == 'define' && $this->sandbox->allow_constants && $this->sandbox->auto_whitelist_constants && !$this->sandbox->isDefinedFunc('define') && !$this->sandbox->hasBlacklistedConsts()) { $name = isset($node->args[0]) ? $node->args[0] : null; if ($name && $name instanceof Node\Arg && $name->value instanceof Node\Scalar\String_ && is_string($name->value->value) && $name->value->value) { $this->sandbox->whitelistConst($name->value->value); } } else { if ($node instanceof Node\Stmt\Global_ && $this->sandbox->allow_globals && $this->sandbox->auto_whitelist_globals && $this->sandbox->hasWhitelistedVars()) { foreach ($node->vars as $var) { /** * @var Node\Expr\Variable $var */ if ($var instanceof Node\Expr\Variable) { $this->sandbox->whitelistVar($var->name); } } } else { if ($node instanceof Node\Stmt\Function_ && is_string($node->name) && $node->name && $this->sandbox->allow_functions && $this->sandbox->auto_whitelist_functions && !$this->sandbox->hasBlacklistedFuncs()) { $this->sandbox->whitelistFunc($node->name); } } } } } } }
/** Examine the current PhpParser_Node node against the PHPSandbox configuration for whitelisting trusted code * * @param \PhpParser\Node $node The trusted $node to examine * * @return null|bool Return false if node must be removed, or null if no changes to the node are made */ public function leaveNode(Node $node) { if ($node instanceof Node\Expr\FuncCall && $node->name instanceof Node\Name && !$this->sandbox->hasBlacklistedFuncs()) { $this->sandbox->whitelistFunc($node->name->toString()); } else { if ($node instanceof Node\Stmt\Function_ && is_string($node->name) && $node->name && !$this->sandbox->hasBlacklistedFuncs()) { $this->sandbox->whitelistFunc($node->name); } else { if (($node instanceof Node\Expr\Variable || $node instanceof Node\Stmt\StaticVar) && is_string($node->name) && $this->sandbox->hasWhitelistedVars() && !$this->sandbox->allow_variables) { $this->sandbox->whitelistVar($node->name); } else { if ($node instanceof Node\Expr\FuncCall && $node->name instanceof Node\Name && $node->name->toString() == 'define' && !$this->sandbox->isDefinedFunc('define') && !$this->sandbox->hasBlacklistedConsts()) { $name = isset($node->args[0]) ? $node->args[0] : null; if ($name && $name instanceof Node\Arg && $name->value instanceof Node\Scalar\String_ && is_string($name->value->value) && $name->value->value) { $this->sandbox->whitelistConst($name->value->value); } } else { if ($node instanceof Node\Expr\ConstFetch && $node->name instanceof Node\Name && !$this->sandbox->hasBlacklistedConsts()) { $this->sandbox->whitelistConst($node->name->toString()); } else { if ($node instanceof Node\Stmt\Class_ && is_string($node->name) && !$this->sandbox->hasBlacklistedClasses()) { $this->sandbox->whitelistClass($node->name); } else { if ($node instanceof Node\Stmt\Interface_ && is_string($node->name) && !$this->sandbox->hasBlacklistedInterfaces()) { $this->sandbox->whitelistInterface($node->name); } else { if ($node instanceof Node\Stmt\Trait_ && is_string($node->name) && !$this->sandbox->hasBlacklistedTraits()) { $this->sandbox->whitelistTrait($node->name); } else { if ($node instanceof Node\Expr\New_ && $node->class instanceof Node\Name && !$this->sandbox->hasBlacklistedTypes()) { $this->sandbox->whitelistType($node->class->toString()); } else { if ($node instanceof Node\Stmt\Global_ && $this->sandbox->hasWhitelistedVars()) { foreach ($node->vars as $var) { /** * @var Node\Expr\Variable $var */ if ($var instanceof Node\Expr\Variable) { $this->sandbox->whitelistVar($var->name); } } } else { if ($node instanceof Node\Stmt\Namespace_) { if ($node->name instanceof Node\Name) { $name = $node->name->toString(); $this->sandbox->checkNamespace($name); if (!$this->sandbox->isDefinedNamespace($name)) { $this->sandbox->defineNamespace($name); } } return false; } else { if ($node instanceof Node\Stmt\Use_) { foreach ($node->uses as $use) { /** * @var Node\Stmt\UseUse $use */ if ($use instanceof Node\Stmt\UseUse && $use->name instanceof Node\Name && (is_string($use->alias) || is_null($use->alias))) { $name = $use->name->toString(); $this->sandbox->checkAlias($name); if (!$this->sandbox->isDefinedAlias($name)) { $this->sandbox->defineAlias($name, $use->alias); } } } return false; } } } } } } } } } } } } return null; }