System\Twig\SecurityPolicy

Overview

SecurityPolicy is a security policy using an allow-list

Implements
  • Twig\Sandbox\SecurityPolicyInterface

Protected Properties

protected array $blockedClassMethods

blockedClassMethods override list of known forbidden methods on class types that are included in the allow-list.

protected array $blockMethods

blockMethods is a list of forbidden methods

protected array $allowMethods

allowMethods is a list of allowed methods


Public Methods

public __construct()

public __construct(): void

public static addExtensionToTwig()

public static addExtensionToTwig($twig): void

addExtensionToTwig will add the appropriate policy based on configuration. The policy only used in safe mode.

public castMethodObjectToSafeObject()

public castMethodObjectToSafeObject($object): void

castMethodObjectToSafeObject casts unsafe objects used by method calls to proxy objects that protect from arbitrary callable methods, such as using 'passthru' to execute shell commands.

public checkMethodAllowed()

public checkMethodAllowed($obj, $method): void 

public checkPropertyAllowed()

public checkPropertyAllowed($obj, $property): void 

public checkSecurity()

public checkSecurity($tags, $filters, $functions): void 

Protected Methods

protected checkMethodAllowedAllowlist()

protected checkMethodAllowedAllowlist($obj, $method): void

protected checkMethodAllowedBlocklist()

protected checkMethodAllowedBlocklist($obj, $method): void