Merge pull request #36 from igorhrcek/custom-files-fix

fix: Fix BlockAccessToCustomSensitiveFiles
igorhrcek · Mar 21, 2022 · 56e7b1c · 56e7b1c
2 parents 2c935ac + bdc4003
commit 56e7b1c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 5 deletions.
diff --git a/src/SubCommands/AddSecurityHeaders.php b/src/SubCommands/AddSecurityHeaders.php
@@ -9,6 +9,7 @@ class AddSecurityHeaders extends SubCommand {
     public string $removalMessage= 'Add Security Headers rule has been removed.';
 
     public function getTemplateVars() : array {
+
         $default_headers = [
             'Strict-Transport-Security' => '"max-age=63072000; includeSubDomains; preload"',
             'Referrer-Policy' => 'strict-origin-when-cross-origin',

diff --git a/src/SubCommands/BlockAccessToCustomSensitiveFiles.php b/src/SubCommands/BlockAccessToCustomSensitiveFiles.php
@@ -20,12 +20,21 @@ public function getTemplateVars(): array {
             $files_array = [];
 
             foreach ($files as $key => $value) {
-                $file = (isset($this->commandArguments['server']) && $this->commandArguments['server'] === 'nginx') ?
-                    preg_quote($value) : $value;
-
-                $files_array[] = ['file' => $file];
+                if ( preg_match( '/.+\/.+/', $value ) ) {
+                    $file_with_directory = $this->setRuleContent( false, 'block_access_to_sensitive_files_with_directories' );
+                    if ( isset( $this->commandArguments['server'] ) && $this->commandArguments['server'] === 'nginx' ) {
+                        $file = $value;
+                    } else {
+                        $file = preg_quote( ltrim( $value, '/' ) );
+                    }
+                    $files_array[] = [ $file => $file_with_directory ];
+                } else {
+                    $file = (isset($this->commandArguments['server']) && $this->commandArguments['server'] === 'nginx') ?
+                        preg_quote($value) : $value;
+                    $files_array[] = ['file' => $file];
+                }
             }
-            
+
             return $files_array;
         }
 

diff --git a/src/SubCommands/BlockAccessToSensitiveFiles.php b/src/SubCommands/BlockAccessToSensitiveFiles.php
@@ -8,6 +8,7 @@ class BlockAccessToSensitiveFiles extends SubCommand {
     public string $successMessage = 'Block Access to Sensitive Files rule has been deployed.';
     public string $removalMessage= 'Block Access to Sensitive Files rule has been removed.';
 
+
     /**
      * @var string List of files that we are protecting by default
      */
@@ -37,4 +38,5 @@ public function getTemplateVars() : array {
         }
         return [];
     }
+
 }