fix(scanner): avoid SVG/XML false positives; add allowlist and .gitignore
Relax payload scanner for XML/SVG by passing content-type into checks Skip JS-style eval() detection when content-type is XML/SVG Pass request Content-Type through sniff_file_for_php_payload() and raw-body checks Add common XML/SVG content-types to allowlist.json Add repository .gitignore (ignore logs, quarantine/, state/, env, vendor, IDE files)
This commit is contained in:
33
.gitignore
vendored
Normal file
33
.gitignore
vendored
Normal file
@@ -0,0 +1,33 @@
|
||||
# Upload Logger repository .gitignore
|
||||
|
||||
# Runtime logs and quarantine/state directories (do not commit)
|
||||
/logs/
|
||||
/quarantine/
|
||||
/state/
|
||||
*.log
|
||||
uploads.log
|
||||
|
||||
# Peek allow marker (local only)
|
||||
/.upload_logger_allow_peek
|
||||
|
||||
# Local environment files
|
||||
.env
|
||||
.env.*
|
||||
|
||||
# Composer / vendor
|
||||
/vendor/
|
||||
/composer.lock
|
||||
|
||||
# Node
|
||||
/node_modules/
|
||||
|
||||
# IDEs and OS files
|
||||
.vscode/
|
||||
.idea/
|
||||
*.iml
|
||||
.DS_Store
|
||||
Thumbs.db
|
||||
|
||||
# Temp/cache
|
||||
*.cache
|
||||
*.tmp
|
||||
Reference in New Issue
Block a user