Configuration

PHP Agent

Configuration options for PHP Agent. They are modifiable using Hdiv Toolbar configuration page or more generally using environment variables.

The following configurations go in the file [AGENT_PATH]/settings/core-settings.ini

Property Type Description
php.run.dir string Set this to any existing directory that can be read, written and traversed (g+rwX). It will be used by the agent and core to store runtime files.
hdiv.config.dir string Same as above. It will be used by the core. It can be the same as php.run.dir.
hdiv.mandatory.app.name string The name of your app.
hdiv.mandatory.app.version string The current version of your app.
php.core.[platform].bin string On the key, change [platform] to the one the architecture chosen at installation. It can be: java, linux, macos, windows (e.g: php.core.linux.bin). The value must be the full path of the core, including the filename.
hdiv.console.level Custom Define the logging level the following options are available
  • OFF
  • SEVERE (default)
  • WARNING
  • INFO
  • FINE
  • FINER
  • hdiv.file.level Custom Define the logging level the following options are available
  • OFF
  • SEVERE
  • WARNING
  • INFO (default)
  • FINE
  • FINER
  • hdiv.log.append Boolean Define whether agent traces should be appended during startup or not, by default false
    hdiv.async.taint.tracking Boolean A flag to that vulnerabilities should be tracked in asynchronous threads, it could be enabled at a cost in performance, by default false
    hdiv.toolbar.enabled Boolean Whether Hdiv toolbar should be shown or not, when the agent is not configured to communicate with a Web Console it will be always displayed, otherwise by default is false
    hdiv.console.url String Defines de URL of the Web Console, by default http://localhost:8089/hdiv-console-services
    hdiv.console.token String Authentication token for the environment in the Web Console
    hdiv.server.name String The name that will identify this server in the Web Console
    php.setup.mode String When this is enabled(either HTML or LOG) it will show information to help you troubleshoot problems on your installation. For more information check troubleshot installation problems. By default this value is set to "OFF".
    hdiv.debug.enabled Boolean When this is set to true, none of the exceptions/errors generated by Hdiv are caught. It can help you debug Hdiv agent
    hdiv.debug.token String When this key has a string value and hdiv.debug.enabled is enabled, any request having a get variable called HDIV_DEBUG matching the token set on this key, none of the exceptions/errors generated by HDIV are caught for that request
    hdiv.excluded.stacks String When a vulnerability/attack is reported, the file where the vulnerability/attack took place in gets also reported. Sometimes this place is on a external library file and you would like to know the file/line where that external library was called instead. In order to do so, you can add exclusions to this file. For example, if you want to exclude all the composer libraries, you could add to this configuration /vendor/. Then any file within vendor folder would be excluded and instead the caller of that file would be the one reported. You could also exclude a file adding the filename as exclusion. It is possible to add multiple exclusions separating each by a comma(e.g /vendor/,DatabaseFile.php

    Extension

    The following configuration go into the file [PHP Additional .ini parsed]/hdiv.ini

    Property Type Description
    hdiv.prehook_opcode Boolean(1/0) This configuration make te extension to wrap opcodes. Default 1
    hdiv.debug_level Number(0-7) Debug level for logging. It matches syslog levels. Default 0
    hdiv.debug_size Filesize It indicates how big the debug log file can be. Default 100M
    hdiv.debug_rotations Number This indicates the maximum amount of rotations the logging file will have. Default 1
    hdiv.debug_path String It indicates where the logging file will be created. Default /tmp