##! Please refer to the documentation at
##! https://coreruleset.org/docs/development/regex_assembly/.

##! PHP Wrappers
##!
##! PHP comes with many built-in wrappers for various URL-style protocols for
##! use with the filesystem functions such as fopen(), copy(), file_exists() and
##! filesize(). Abusing of PHP wrappers like phar:// could lead to RCE as
##! describled by Sam Thomas at BlackHat USA 2018 (https://bit.ly/2yaKV5X), even
##! wrappers like zlib://, glob://, rar://, zip://, etc... could lead to LFI and
##! expect:// to RCE.
##!
##! Valid PHP wrappers can be found in the PHP documentation here:
##! https://www.php.net/manual/en/wrappers.php

##! Suffix marker: all options end with ://
##!$ ://

bzip2
expect
glob
ogg
phar
rar
ssh2
ssh2.shell
ssh2.exec
ssh2.tunnel
ssh2.sftp
ssh2.scp
zip
zlib