PHPackages abdian/laravel-safeguard - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. abdian/laravel-safeguard ActiveLibrary[Security](/categories/security) abdian/laravel-safeguard ======================== Secure file upload validation for Laravel — scans for malware, fake MIME types, malicious scripts, and hidden threats. 05PHPCI passing Since Feb 3Pushed 3mo agoCompare [ Source](https://github.com/abdian/laravel-safeguard)[ Packagist](https://packagist.org/packages/abdian/laravel-safeguard)[ RSS](/packages/abdian-laravel-safeguard/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Laravel Safeguard ================= [](#laravel-safeguard) **Secure file upload validation for Laravel** — Protects your application from malicious file uploads using magic bytes detection, PHP code scanning, and comprehensive security checks. [![Latest Version](https://camo.githubusercontent.com/ce96b2d0091cb0a573ad0c27ea733448c48cb92f8e68b70ed2d2e0f3f7c7a882/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f61626469616e2f6c61726176656c2d7361666567756172642e737667)](https://packagist.org/packages/abdian/laravel-safeguard)[![License](https://camo.githubusercontent.com/451524ce256d5b8bfd2f794ed87d6ebcb49d50d5fbab656884d3d8e666de8046/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f61626469616e2f6c61726176656c2d7361666567756172642e737667)](https://github.com/abdian/laravel-safeguard/blob/main/LICENSE)[![PHP Version](https://camo.githubusercontent.com/7cd1c77cfaeba710d034922e3ea23335f5e7b7a26033a399939b5003414ec440/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f61626469616e2f6c61726176656c2d7361666567756172642e737667)](https://packagist.org/packages/abdian/laravel-safeguard) --- Features -------- [](#features) - **All-in-One Security** — Single validation rule runs all checks - **Magic Bytes Detection** — Real MIME type validation (70+ formats) - **Malware Scanning** — Detects PHP code, XSS, JavaScript in PDFs - **Image Security** — EXIF metadata scanning, GPS detection - **PDF Protection** — JavaScript and dangerous actions detection - **Archive Scanning** — ZIP/TAR content analysis, zip bomb detection - **Office Macro Detection** — VBA macro and ActiveX detection in DOCX/XLSX/PPTX - **XXE Protection** — Prevents XML External Entity attacks in SVG files - **Symlink Protection** — Prevents TOCTOU (time-of-check-time-of-use) attacks - **Size Validation** — Image dimensions and PDF page limits - **Auto-Blocking** — Executables and scripts blocked by default - **Security Logging** — Comprehensive threat monitoring - **Fully Customizable** — Fluent API and config-based control --- Installation ------------ [](#installation) Install via Composer: ``` composer require abdian/laravel-safeguard ``` The package will auto-register via Laravel's package discovery. ### Publish Configuration (Optional) [](#publish-configuration-optional) ``` php artisan vendor:publish --tag=safeguard-config ``` --- Quick Start ----------- [](#quick-start) ### Basic Usage (Recommended) [](#basic-usage-recommended) Use the `safeguard` rule for comprehensive security: ``` use Illuminate\Http\Request; public function upload(Request $request) { $request->validate([ 'file' => 'required|safeguard', ]); // File is safe to process } ``` This single rule performs: - Real MIME type detection - PHP code scanning - XSS vulnerability detection - Image metadata analysis - PDF security scanning ### Advanced Configuration [](#advanced-configuration) ``` use Abdian\LaravelSafeguard\Rules\Safeguard; $request->validate([ // Images only with security 'avatar' => ['required', (new Safeguard()) ->imagesOnly() ->maxDimensions(1920, 1080) ->blockGps() ->stripMetadata() ], // PDFs with restrictions 'document' => ['required', (new Safeguard()) ->pdfsOnly() ->maxPages(50) ->blockJavaScript() ], // Office documents without macros 'report' => ['required', (new Safeguard()) ->documentsOnly() ->blockMacros() ], // Archives with content scanning 'backup' => ['required', (new Safeguard()) ->archivesOnly() ->scanArchives() ], ]); ``` ### Individual Security Rules [](#individual-security-rules) For granular control, use specific validation rules: ``` $request->validate([ 'avatar' => 'required|safeguard_mime:image/jpeg,image/png|safeguard_image', 'icon' => 'required|safeguard_svg', 'document' => 'required|safeguard_pdf|safeguard_pages:1,10', 'archive' => 'required|safeguard_archive', 'report' => 'required|safeguard_office', ]); ``` --- Validation Rules ---------------- [](#validation-rules) ### String Rules [](#string-rules) RuleDescription`safeguard`All-in-one comprehensive security check`safeguard_mime:type1,type2`Validate real MIME type via magic bytes`safeguard_php`Scan for malicious PHP code`safeguard_svg`Scan SVG for XSS and XXE attacks`safeguard_image`Analyze image EXIF metadata`safeguard_pdf`Scan PDF for JavaScript and threats`safeguard_archive`Scan archive contents for threats`safeguard_office`Detect macros in Office documents`safeguard_dimensions:w,h`Validate image dimensions`safeguard_pages:min,max`Validate PDF page count### Fluent API Methods [](#fluent-api-methods) ``` use Abdian\LaravelSafeguard\Rules\Safeguard; (new Safeguard()) // Type filters ->imagesOnly() ->pdfsOnly() ->documentsOnly() ->archivesOnly() // MIME control ->allowedMimes(['image/jpeg', 'image/png']) ->strictExtensionMatching() // Image control ->maxDimensions(1920, 1080) ->minDimensions(100, 100) ->blockGps() ->stripMetadata() // PDF control ->maxPages(50) ->minPages(1) ->blockJavaScript() ->blockExternalLinks() // Archive control ->scanArchives() // Office control ->blockMacros() ``` --- Security Features ----------------- [](#security-features) ### XXE Protection [](#xxe-protection) Automatically prevents XML External Entity attacks in SVG files: ``` DOCTYPE svg [ENTITY xxe SYSTEM "file:///etc/passwd">]> &xxe; ``` ### Archive Scanning [](#archive-scanning) Scans ZIP/TAR/RAR archives for: - Dangerous file extensions (.php, .exe, .bat, etc.) - Path traversal attacks (`../`) - Zip bombs (high compression ratio) - Excessive file counts - Nested archives ``` // Enable archive scanning 'backup' => ['required', (new Safeguard())->scanArchives()] // Or use dedicated rule 'archive' => 'required|safeguard_archive' ``` ### Office Macro Detection [](#office-macro-detection) Detects VBA macros and ActiveX controls in Office documents: ``` // Block documents with macros 'document' => ['required', (new Safeguard())->blockMacros()] // Or use dedicated rule 'report' => 'required|safeguard_office' // Allow macros explicitly 'report' => 'required|safeguard_office:allow_macros' ``` ### Symlink Protection [](#symlink-protection) Prevents TOCTOU attacks by validating file paths: - Rejects symbolic links - Validates files are in allowed directories - Prevents path traversal --- Configuration ------------- [](#configuration) ### Archive Scanning [](#archive-scanning-1) ``` // config/safeguard.php 'archive_scanning' => [ 'enabled' => false, // Enable by default 'max_compression_ratio' => 100, // Zip bomb detection (100:1) 'max_uncompressed_size' => 500 * 1024 * 1024, // 500MB 'max_files_count' => 10000, // Max files in archive 'max_nesting_depth' => 3, // Nested archive depth 'blocked_extensions' => [ 'php', 'phar', 'exe', 'bat', 'sh', 'cmd', 'ps1', ], ], ``` ### Office Scanning [](#office-scanning) ``` 'office_scanning' => [ 'enabled' => true, 'block_macros' => true, // Block VBA macros 'block_activex' => true, // Block ActiveX controls 'allowed_macro_extensions' => ['docm', 'xlsm', 'pptm'], ], ``` ### Security Settings [](#security-settings) ``` 'security' => [ 'check_symlinks' => true, // TOCTOU protection 'allowed_upload_paths' => null, // null = auto-detect ], ``` ### Environment Variables [](#environment-variables) ``` SAFEGUARD_ARCHIVE_SCAN=false SAFEGUARD_OFFICE_SCAN=true SAFEGUARD_BLOCK_MACROS=true SAFEGUARD_BLOCK_ACTIVEX=true SAFEGUARD_CHECK_SYMLINKS=true ``` --- Requirements ------------ [](#requirements) - PHP 8.1 or higher - Laravel 10.x, 11.x, or 12.x - `fileinfo` PHP extension (enabled by default) - `zip` PHP extension (for archive scanning) --- Security -------- [](#security) Laravel Safeguard protects against: ThreatProtectionFile Type SpoofingMagic bytes detectionPHP Code InjectionPattern-based scanningXSS AttacksSVG script/event detectionXXE AttacksEntity declaration blockingMetadata ExploitsEXIF code detectionPDF MalwareJavaScript/action detectionZip BombsCompression ratio analysisOffice MacrosVBA/ActiveX detectionTOCTOU AttacksSymlink validationPath TraversalArchive path validationFor security vulnerabilities, please email instead of using the issue tracker. --- License ------- [](#license) Laravel Safeguard is open-sourced software licensed under the [MIT license](LICENSE). --- Links ----- [](#links) - [Full Documentation](https://abdian.github.io/laravel-safeguard/) - [GitHub Repository](https://github.com/abdian/laravel-safeguard) - [Issue Tracker](https://github.com/abdian/laravel-safeguard/issues) - [Changelog](CHANGELOG.md) ### Health Score 19 — LowBetter than 10% of packages Maintenance54 Moderate activity, may be stable Popularity4 Limited adoption so far Community6 Small or concentrated contributor base Maturity12 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/81bc533a0ac96db13cac3155c258cd8de0e5e16a5f1a18953dbab1c019198844?d=identicon)[abdian](/maintainers/abdian) --- Top Contributors [![abdian](https://avatars.githubusercontent.com/u/25894542?v=4)](https://github.com/abdian "abdian (18 commits)") ### Embed Badge ![Health badge](/badges/abdian-laravel-safeguard/health.svg) ``` [![Health](https://phpackages.com/badges/abdian-laravel-safeguard/health.svg)](https://phpackages.com/packages/abdian-laravel-safeguard) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)