• Stars
    star
    135
  • Rank 269,297 (Top 6 %)
  • Language
    PHP
  • License
    Other
  • Created almost 16 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Inspekt is a PHP library that makes it easier to write secure web applications

Inspekt

License

LICENSE

Maintained by

Ben Edmunds benedmunds.com

Created by

Ed Finkler [email protected]

Version 0.6.3 2022-02-21

What Is Inspekt?

Inspekt is a comprehensive filtering and validation library for PHP.

Driving principles behind Inspekt

  • Accessing user input via the PHP superglobals is inherently dangerous, because the "default" action is to retrieve raw, potentially dangerous data
  • Piecemeal, "inline" filtering/validation done at various places in an application's source code is too error-prone to be effective
  • The purpose of a library or framework is to make a programmer's job easier. Verbose and/or complex solutions should be avoided unless they are the only solution

Features of Inspekt

  • 'Cage' objects that encapsulate input and require the developer to use the provided filtering and validation methods to access input data
  • Automatic application of filtering as defined in a configuration file
  • A library of static filtering and validation methods
  • A simple, clear API
  • No external dependencies

Documentation

User Docs

API Docs

How Do I Use Inspekt?

The best idea at the moment is to look at the Examples directory.

Quickly creating a cage for common input superglobals

<?php
use Inspekt\Inspekt;

/*
 * creates a cage for $_GET, $_POST, $_COOKIE, $_ENV, $_FILES, $_SERVER
 */
$superCage = Inspekt::makeSuperCage();

echo 'Digits:' . $superCage->server->getDigits('SERVER_SOFTWARE') . '<p/>';
echo 'Alpha:' . $superCage->server->getAlpha('SERVER_SOFTWARE') . '<p/>';
echo 'Alnum:' . $superCage->server->getAlnum('SERVER_SOFTWARE') . '<p/>';
echo 'Raw:' . $superCage->server->getRaw('SERVER_SOFTWARE') . '<p/>';

Creating a cage from an arbitrary array

<?php
/**
 * Demonstration of:
 * - use of static filter methods on arrays
 * - creating a cage on an arbitrary array
 * - accessing a deep key in a multidim array with the "Array Query" approach
 */


require_once dirname(__FILE__) . "/../vendor/autoload.php";

use Inspekt\Cage;

$d = array();
$d['input'] = '<img id="475">yes</img>';
$d['lowascii'] = '������� � � � ';
$d[] = array('foo', 'bar<br />', 'yes<P>', 1776);
$d['x']['woot'] = array(
    'booyah' => 'meet at the bar at 7:30 pm',
    'ultimate' => '<strong>hi there!</strong>',
);
$d['lemon'][][][][][][][][][][][][][][] = 'far';


$d_cage = Cage::Factory($d);

var_dump($d_cage->getAlpha('/x/woot/ultimate'));

var_dump($d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0'));

$x = $d_cage->getAlpha('x');
var_dump($x);

$x = $d_cage->getAlpha('input');
var_dump($x);

Calling an individual validation method

<?php
require_once dirname(__FILE__) . "/../vendor/autoload.php";

use Inspekt\Inspekt;

$rs = Inspekt::isUri('http://www.w3.org/2001/XMLSchema');
var_dump($rs);

How Do I Run Tests

Install PHPUnit, cd to the root dir of Inspekt, and type

phpunit tests/

Changelog

Version 0.6.4 - 2022-02-21

  • Release to force a composer update

Version 0.6.3 - 2022-02-21

  • Bug fix for array_key_exists using ArrayObject instead of Array

Version 0.6.2 - 2021-03-12

  • Bug fix for isInt()

Version 0.6.1 - 2016-03-03

  • Bug fix for isFloat()

Version 0.6.0 - 2014-11-08

  • Backwards-compatibility breaks! Be aware! Read examples!
  • removed CodeIgniter helper
  • removed all session cage code
  • refactor for PSR2 compliance, including namespaces (BC BREAK)
  • drop mysql for mysqli escaping calls

2014-04-14

  • Added composer.json file

Version 0.4.1 - 2010-01-15

  • Inspekt_Cage::keyExists now returns boolean again, unless second param is TRUE (then it returns the value if key exists)
  • fixed a bunch of missing public/protected definitions
  • renamed Inspekt_CageTest.php to CageTest.php so phpunit would load it correctly
  • wrote a couple unit tests for Inspekt_Cage::testAlnum

Version 0.4.0 - 2009-11-15

  • added new way to add cage accessor methods by extending AccessorAbstract and registering with cage object
  • added Inspekt_Cage::addAccessor() and Inspekt_SuperCage::addAccessor()
  • modified Examples/extending.php to demonstrate adding new accessor methods
  • added HTMLPurifier integration capability and new cage filter getPurifiedHTML()
  • added a library for CodeIgniter to use Inspekt in the standard Input object
  • make Inspekt::isArrayObject() and Inspekt::isArrayOrArrayObject() public
  • added __call() to Inspekt_Cage so we can handle user-defined accessor methods
  • added underscore to path portion of isUri() (Nick Ramsay)
  • added a new folder for Integration_helpers
  • commented out include for Inspekt/Cage/Session in Cage.php because it caused probs generating Cage test skeleton
  • made PHPUnit Inspekt_Cage test skeleton
  • added simple example for a wrapper that will pull from GET or POST

Version 0.3.5 - 2009-07-18

  • refactored and reworked some examples; added db escaping examples
  • did some work to get isInt to handle 64 bit integers better (more to do)
  • fixed bug in isOneOf where a string pattern wasn't converted properly
  • removed some incorrectly optional params for methods
  • isRegex now correctly returns a boolean, not an Int
  • added missing cage methods getROT13, noTagsOrSpecial, escMySQL, escPgSQL, escPgSQLBytea
  • added many more unit tests

Version 0.3.4 - 2009-07-18

  • Added Inspekt::getROT13()
  • Added Inspekt::escMySQL()
  • Added Inspekt::escPgSQL()
  • Added Inspekt::escPgSQLBytea()
  • Now arrays are only converted to ArrayObjects by cages; arrays passed into static filter calls are returned as arrays.
  • More unit tests, and tests moved into InspektTest.php (removed Tests/ subdir)
  • cleanup in Inspekt_SuperCage to fix STRICT notices

Version 0.3.3 - 2009-07-18

  • Caged properties can now be iterated over b/c we're implementing ArrayObject (Matt McKeon)
  • added a number of @assert tests for phpunit testing
  • cleaned up function declarations so they would not raise STRICT notices
  • leveraged Filter Extention in a couple filter methods; can be turned off with Inspekt::useFilterExt()
  • added filter method Inspekt::noTagsOrSpecial() that strips tags, encodes '"&<>, and all low ascii chars (< 32)
  • upped recursion limit to 15
  • Inspekt::_walkArray will now convert a plain array into an ArrayObject (should it always? Not sure)
  • filter methods will now use Inspekt::isArrayOrArrayObject() to determine if they need to walk the array
  • fixed some require_once statements to use dirname() resolution so fewer path issues pop up (they showed up when using phpunit)

Version 0.3.2 - 2009-06-22

PHP5 now required, bug fixes for transposed params

Version 0.3.1 - 2008-02-08

Disables processing of $_SESSION

Version 0.3.0 - 2008-01-16

Final OWASP milestone release

Version 0.1 - 2007-05-19

Initial Release

More Repositories

1

CodeIgniter-Ion-Auth

Simple and Lightweight Auth System for CodeIgniter
PHP
2,347
star
2

codeigniter-cache

Cache Money!
PHP
223
star
3

CodeIgniter-Standard-Project

A default template CodeIgniter project with custom MY_Controller and basic layout
PHP
116
star
4

CodeIgniter-Twilio

CodeIgniter library wrapper for the Twilio API class
PHP
103
star
5

Node-Express-MVR-Example

Example Node.js Express project to get you started with a MVR architecture
JavaScript
62
star
6

CodeIgniter-Breadcrumbs-Library

CodeIgniter Library to generate dynamic breadcrumbs based of the pages setup in the database
41
star
7

Building-Secure-PHP-Apps-Examples

Code Examples from the Building Secure PHP Apps ebook
24
star
8

Laravel-Composer

Automatically loads Composer (http://packagist.org/) packages
PHP
19
star
9

phptownhall.com

A simple podcast where Phil, Ben and a super-star guest answer questions and talk about current events in the PHP world.
HTML
18
star
10

CodeIgniter-MY_Controller

MY_Controller custom extension of controller class
15
star
11

Laravel-Twilio

Twilio Bundle for Laravel
PHP
15
star
12

CodeIgniter-Mongo_DB

MongoDB class for CodeIgniter
14
star
13

CodeIgniter-Appcelerator

A CodeIgniter library that is a simple port of the Appcelerator ACS Javascript SDK to PHP
PHP
13
star
14

CodeIgniter-Google-Checkout-Library

CodeIgniter Google Checkout Library - this library is in-complete but a good starting point
PHP
13
star
15

CodeIgniter-Soundcloud-Library

CodeIgniter Library for the Soundcloud API
PHP
11
star
16

codeigniter-events

A simple events library for CodeIgniter
PHP
11
star
17

PHP-Appcelerator

A simple port of the Appcelerator ACS Javascript SDK to PHP
PHP
11
star
18

CodeIgniter-Standard-DMZ-Project

A default template CodeIgniter project using DMZ ORM
10
star
19

Laravel-MongoDB

MongoDB Bundle for Laravel PHP
PHP
9
star
20

CodeIgniter-Boxcar

Boxcar.io API library for CodeIgniter
PHP
8
star
21

CodeIgniter-ESendEX

CodeIgniter Library to interface with ESendEX SMS API
PHP
8
star
22

Building-Secure-Node-Apps-Examples

7
star
23

AwesomeTabs-NodeJS

A simple guitar tab site written on Node.js using MongoDB with Bootstrap on the frontend
JavaScript
6
star
24

jquery-duplicator

Jquery plugin to duplicate/remove blocks of code
JavaScript
5
star
25

Laravel-Appcelerator

A Laravel bundle that is a simple port of the Appcelerator ACS Javascript SDK to PHP
PHP
5
star
26

Laravel-Boxcar

Boxcar.io API bundle for Laravel
PHP
4
star
27

demo_app

Playing with rails...
Ruby
3
star
28

Laravel-Tumblr

A basic Laravel bundle to read from the Tumblr API
PHP
3
star
29

auto_retweeter

Automatically retweets and randomly replaces words with a selected word. Made for retweet bots.
JavaScript
2
star
30

ConfTalk-MoreThanJustAHammer

JavaScript
1
star
31

VolatilityEstimator

JavaScript
1
star
32

Node-Appcelerator

Appcelerator ACS API package for Node.js
JavaScript
1
star
33

RocketChat-Close-Channels

JavaScript
1
star