Configuration¶
PHP Agent¶
Configuration options for PHP Agent. They are modifiable using Hdiv Toolbar configuration page or more generally using environment variables.
The following configurations go in the file [AGENT_PATH]/settings/core-settings.ini
| Property | Type | Description |
|---|---|---|
| php.run.dir | string | Set this to any existing directory that can be read, written and traversed (g+rwX). It will be used by the agent and core to store runtime files. |
| hdiv.config.dir | string | Same as above. It will be used by the core. It can be the same as php.run.dir. |
| hdiv.mandatory.app.name | string | The name of your app. |
| hdiv.mandatory.app.version | string | The current version of your app. |
| php.core.[platform].bin | string | On the key, change [platform] to the one the architecture chosen at installation. It can be: java, linux, macos, windows (e.g: php.core.linux.bin). The value must be the full path of the core, including the filename. |
| hdiv.console.level | Custom | Define the logging level the following options are available |
| hdiv.file.level | Custom | Define the logging level the following options are available |
| hdiv.log.append | Boolean | Define whether agent traces should be appended during startup or not, by default false |
| hdiv.async.taint.tracking | Boolean | A flag to that vulnerabilities should be tracked in asynchronous threads, it could be enabled at a cost in performance, by default false |
| hdiv.toolbar.enabled | Boolean | Whether Hdiv toolbar should be shown or not, when the agent is not configured to communicate with a Web Console it will be always displayed, otherwise by default is false |
| hdiv.console.url | String | Defines de URL of the Web Console, by default http://localhost:8089/hdiv-console-services |
| hdiv.console.token | String | Authentication token for the environment in the Web Console |
| hdiv.server.name | String | The name that will identify this server in the Web Console |
| php.setup.mode | String | When this is enabled(either HTML or LOG) it will show information to help you troubleshoot problems on your installation. For more information check troubleshot installation problems. By default this value is set to "OFF". |
| hdiv.debug.enabled | Boolean | When this is set to true, none of the exceptions/errors generated by Hdiv are caught. It can help you debug Hdiv agent |
| hdiv.debug.token | String | When this key has a string value and hdiv.debug.enabled is enabled, any request having a get variable called HDIV_DEBUG matching the token set on this key, none of the exceptions/errors generated by HDIV are caught for that request |
| hdiv.excluded.stacks | String | When a vulnerability/attack is reported, the file where the vulnerability/attack took place in gets also reported. Sometimes this place is on a external library file and you would like to know the file/line where that external library was called instead. In order to do so, you can add exclusions to this file. For example, if you want to exclude all the composer libraries, you could add to this configuration /vendor/. Then any file within vendor folder would be excluded and instead the caller of that file would be the one reported. You could also exclude a file adding the filename as exclusion. It is possible to add multiple exclusions separating each by a comma(e.g /vendor/,DatabaseFile.php |
Extension¶
The following configuration go into the file [PHP Additional .ini parsed]/hdiv.ini
| Property | Type | Description |
|---|---|---|
| hdiv.prehook_opcode | Boolean(1/0) | This configuration make te extension to wrap opcodes. Default 1 |
| hdiv.debug_level | Number(0-7) | Debug level for logging. It matches syslog levels. Default 0 |
| hdiv.debug_size | Filesize | It indicates how big the debug log file can be. Default 100M |
| hdiv.debug_rotations | Number | This indicates the maximum amount of rotations the logging file will have. Default 1 |
| hdiv.debug_path | String | It indicates where the logging file will be created. Default /tmp |