Fix sensitive directories/files functions

Author: Lucisu

src/Exceptions/RuleAlreadyExist.php

@@ -8,5 +8,5 @@ class RuleAlreadyExist extends Exception {
     /**
      * @var string
      */
-    protected $message = 'The rule already exist in the file';
+    protected $message = 'The rule already exists in the file';
 }

src/RuleContent.php

@@ -29,11 +29,15 @@ public function getContent() : array {
         $result = '';
         $templateContent = implode( PHP_EOL, $this->content );
 
-
         foreach ( $this->templateVars as $var => $replacements ) {
             $tmp_result = $templateContent;
             foreach ( $replacements as $key => $replacement ) {
-                $tmp_result = str_replace( sprintf( '{{%s}}', $key ), $replacement, $tmp_result );
+                if ( preg_match( '/.+\/.+/', $key ) ) {
+                    $tmp_result = implode( PHP_EOL, $replacement );
+                    $tmp_result = str_replace( '{{file}}', $key, $tmp_result );
+                } else {
+                    $tmp_result = str_replace( sprintf( '{{%s}}', $key ), $replacement, $tmp_result );
+                }
             }
             $result .= $tmp_result;
         }

src/SubCommands/BlockAccessToSensitiveDirectories.php

@@ -9,7 +9,7 @@ class BlockAccessToSensitiveDirectories extends SubCommand {
     public string $removalMessage= 'Block Access to Sensitive Directories rule has been removed.';
 
     public function getTemplateVars() {
-        $directories = isset( $this->commandArguments['directories'] ) ? $this->commandArguments['directories'] : 'git,svn,vendors,cache';
+        $directories = isset( $this->commandArguments['directories'] ) ? $this->commandArguments['directories'] : '.git,svn,vendors,cache';
         if ( ! empty( $directories ) ) {
             $directories = explode( ',', $directories );
             $directories = array_map( 'trim', $directories );

src/SubCommands/BlockAccessToSensitiveFiles.php

@@ -9,15 +9,24 @@ class BlockAccessToSensitiveFiles extends SubCommand {
     public string $removalMessage= 'Block Access to Sensitive Files rule has been removed.';
 
     public function getTemplateVars() {
-        $files = isset( $this->commandArguments['files'] ) ? $this->commandArguments['files'] : 'readme.html, readme.txt, wp-config.php, wp-admin/install.php';
+        $files = isset( $this->commandArguments['files'] ) ? $this->commandArguments['files'] : 'readme.html,readme.txt,wp-config.php,nginx.conf,/wp-admin/install.php,/wp-admin/upgrade.php';
         if ( ! empty( $files ) ) {
             $files = explode( ',', $files );
             $files = array_map( 'trim', $files );
             $files_array = [];
 
             foreach ( $files as $key => $value ) {
-                $file = isset( $this->commandArguments['server'] ) && $this->commandArguments['server'] === 'nginx' ? preg_quote( $value ) : $value;
-                $files_array[] = [ 'file' => $file ];
+                if ( preg_match( '/.+\/.+/', $value ) ) {
+                    $file_with_directory = $this->setRuleContent( false, 'block_access_to_sensitive_files_with_directories' );
+                    if ( isset( $this->commandArguments['server'] ) && $this->commandArguments['server'] === 'nginx' ) {
+                        $file = $value;
+                    } else {
+                        $file = preg_quote( ltrim( $value, '/' ) );
+                    }
+                    $files_array[] = [ $file => $file_with_directory ];
+                } else {
+                    $files_array[] = [ 'file' => isset( $this->commandArguments['server'] ) && $this->commandArguments['server'] === 'nginx' ? preg_quote( $value ) : $value ];
+                }
             }
 
             return $files_array;

src/SubCommands/SubCommand.php

@@ -101,27 +101,33 @@ private function setFilePath() : string {
     /**
      * Reads rule template file. Depending on output type, returns string or an array
      *
+     * @param boolean $loadVars Whether to load the template vars or not.
+     * @param boolean $template Template name to return instead of the loaded one.
+     * 
      * @return string|array
      */
-    private function setRuleContent() : string|array {
+    protected function setRuleContent( bool $loadVars = true, bool|string $template = false ) : string|array {
         //Return an empty array in case when the executed command does not require a template
-        if($this->ruleTemplate === '') {
+        if($this->ruleTemplate === '' && ! $template ) {
             return [];
         }
 
         $templateFilePath = dirname(__DIR__) . DIRECTORY_SEPARATOR . 'Templates' . DIRECTORY_SEPARATOR . $this->serverType . DIRECTORY_SEPARATOR .
-            $this->ruleTemplate . '.tpl';
+            ( $template ? $template : $this->ruleTemplate ) . '.tpl';
 
         $result = [];
         $file = new \SplFileObject($templateFilePath);
+
         while(!$file->eof()) {
             $result[] = rtrim($file->current(), "\n");
             $file->next();
         }
         unset($file);
 
-        $result = new RuleContent( $result, $this->getTemplateVars() );
-        $result = $result->getContent();
+        if ( $loadVars ) {
+            $result = new RuleContent( $result, $this->getTemplateVars() );
+            $result = $result->getContent();
+        }
 
         return $result;
     }

src/Templates/apache/block_access_to_sensitive_files_with_directories.tpl

@@ -0,0 +1,4 @@
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteRule ^{{file}}$ - [F]
+</IfModule>

src/Templates/nginx/block_access_to_sensitive_directories.tpl

@@ -1,15 +1,3 @@
-location ~ ^.*/\.git/.*$ {
-    deny all;
-}
-
-location ~ ^.*/\.svn/.*$ {
-    deny all;
-}
-
-location ~ ^.*/vendors/.*$ {
-    deny all;
-}
-
-location ~ ^.*/cache/.*$ {
+location ~ ^.*/{{directories}}/.*$ {
     deny all;
 }

src/Templates/nginx/block_access_to_sensitive_files_with_directories.tpl

@@ -0,0 +1,3 @@
+location = {{file}} {
+    deny all;
+}