PHPackages axiles/php-sandbox - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Parsing & Serialization](/categories/parsing) 4. / 5. axiles/php-sandbox ArchivedLibrary[Parsing & Serialization](/categories/parsing) axiles/php-sandbox ================== A PHP library that can be used to run PHP code in a sandboxed environment. Fork of Corveda PHPSandbox. v2.0.1(9y ago)018BSD-3-ClausePHPPHP >=5.4 Since Mar 20Pushed 9y ago1 watchersCompare [ Source](https://github.com/IAJcraftDev/PHPSandbox)[ Packagist](https://packagist.org/packages/axiles/php-sandbox)[ Docs](https://phpsandbox.org/)[ RSS](/packages/axiles-php-sandbox/feed)WikiDiscussions master Synced 3d ago READMEChangelogDependencies (4)Versions (9)Used By (0) [![PHPSandbox](https://camo.githubusercontent.com/d988649bf0d33f19aee697c078af70e6952bdb14935ac9d319e759e5d01bd09f/68747470733a2f2f70687073616e64626f782e6f72672f696d616765732f6c6f676f2e706e67)](https://camo.githubusercontent.com/d988649bf0d33f19aee697c078af70e6952bdb14935ac9d319e759e5d01bd09f/68747470733a2f2f70687073616e64626f782e6f72672f696d616765732f6c6f676f2e706e67)Forked from [Cordeva PHPSandbox](https://github.com/Cordeva/PHPSandbox/). A full-scale PHP 5.4+ sandbox class that utilizes [PHP-Parser](https://github.com/nikic/PHP-Parser) to prevent sandboxed code from running unsafe code. ------------------------------------------------------------------------------------------------------------------------------------------------------- [](#a-full-scale-php-54-sandbox-class-that-utilizes-php-parser-to-prevent-sandboxed-code-from-running-unsafe-code) It also utilizes [FunctionParser](https://github.com/jeremeamia/FunctionParser) to disassemble callables passed to the sandbox, so that PHP callables can also be run in sandboxes without first converting them into strings. **Manual:** [https://manual.phpsandbox.org](https://manual.phpsandbox.org/) **Online API Documentation:** [https://docs.phpsandbox.org](https://docs.phpsandbox.org/) [![Build Status](https://camo.githubusercontent.com/95a46df5cccba99fadc08f98aedcdbe23abb02e9c69be355f79c67e84a50cfcd/68747470733a2f2f7472617669732d63692e6f72672f49414a63726166744465762f50485053616e64626f782e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/Corveda/PHPSandbox) [![Latest Stable Version](https://camo.githubusercontent.com/7dbeeaba222182fbed91705dfba1990be1258530d6fa67bce658adf6a366eaf0/68747470733a2f2f706f7365722e707567782e6f72672f6178696c65732f7068702d73616e64626f782f762f737461626c65)](https://packagist.org/packages/corveda/php-sandbox) [![Total Downloads](https://camo.githubusercontent.com/7d0112a6c00345f9df55f025557ae5197dc879537c9c047f7603137672955bfd/68747470733a2f2f706f7365722e707567782e6f72672f6178696c65732f7068702d73616e64626f782f646f776e6c6f616473)](https://packagist.org/packages/corveda/php-sandbox) [![Latest Unstable Version](https://camo.githubusercontent.com/b0b8f8774e550c4fb19a2c76bc522c92bcc04d7966b1790a984de509298315a7/68747470733a2f2f706f7365722e707567782e6f72672f6178696c65732f7068702d73616e64626f782f762f756e737461626c65)](https://packagist.org/packages/corveda/php-sandbox) [![License](https://camo.githubusercontent.com/9df45f95d3ea3737e5a9367e2b90650891c821b3516b82e2eab6d14907dca9d1/68747470733a2f2f706f7365722e707567782e6f72672f6178696c65732f7068702d73616e64626f782f6c6963656e7365)](https://packagist.org/packages/corveda/php-sandbox)[![Dependency Status](https://camo.githubusercontent.com/cbc2ad489390d08be85a84be25058329c423d81f6ef7dc8bfaeb81c1c088503c/68747470733a2f2f7777772e76657273696f6e6579652e636f6d2f757365722f70726f6a656374732f3539313832656235656238353865303032643435643436642f62616467652e7376673f7374796c653d666c6174)](https://www.versioneye.com/user/projects/56ba5cc22a29ed002d2af5e2) Features: --------- [](#features) - Finegrained whitelisting and blacklisting, with sensible defaults configured. - **Includes dynamic demonstration system that allows for local testing of custom sandbox configurations** - Can redefine internal PHP and other functions to make them more secure for sandbox usage. - Can redefine superglobals and magic constants to expose your own values to sandboxed code. - Can overwrite the get\_defined\_\* and get\_declared\_\* functions to show only allowed functions, classes, etc. to the sandboxed code. - Can selectively allow and disallow function creation, class declarations, constant definitions, keywords, and much more. - Can prepend and append trusted code to setup and tear down the sandbox, and automatically whitelist the classes, functions, variables, etc. they define for the sandbox. - Can retrieve the generated sandbox code for later usage. - Can pass arguments directly to the sandboxed code through the execute method to reveal chosen outside variables to the sandbox. - Can access the parsed, prepared and generated code ASTs for further analysis or for serialization. - Can define custom validation functions for fine-grained control of every element of the sandbox. - Can specify a custom error handler to intercept PHP errors and handle them with custom logic. - Can specify a custom exception handler to intercept thrown exceptions and handle them with custom logic. - Can specify a validation error handler to intercept thrown validation errors and handle them with custom logic. - **Can intercept callbacks and validate them against function whitelists and blacklists, even if they are called as strings** Example usage: -------------- [](#example-usage) ``` function test($string){ return 'Hello ' . $string; } $sandbox = new PHPSandbox\PHPSandbox; $sandbox->whitelistFunc('test'); $result = $sandbox->execute(function(){ return test('world'); }); var_dump($result); //Hello world ``` Custom validation example: -------------------------- [](#custom-validation-example) ``` function custom_func(){ echo 'I am valid!'; } $sandbox = new PHPSandbox\PHPSandbox; //this will mark any function valid that begins with "custom_" $sandbox->setFuncValidator(function($function_name, PHPSandbox\PHPSandbox $sandbox){ return (substr($function_name, 0, 7) == 'custom_'); //return true if function is valid, false otherwise }); $sandbox->execute(function(){ custom_func(); }); //echoes "I am valid!" ``` Custom validation error handler example: ---------------------------------------- [](#custom-validation-error-handler-example) ``` $sandbox = new PHPSandbox\PHPSandbox; //this will intercept parser validation errors and quietly exit, otherwise it will throw the validation error $sandbox->setValidationErrorHandler(function(PHPSandbox\Error $error, PHPSandbox\PHPSandbox $sandbox){ if($error->getCode() == PHPSandbox\Error::PARSER_ERROR){ //PARSER_ERROR == 1 exit; } throw $error; }); $sandbox->execute(''); //does nothing ``` Disable validation example: --------------------------- [](#disable-validation-example) ``` $sandbox = new PHPSandbox\PHPSandbox; //this will disable function validation $sandbox->setOption('validate_functions', false); // or $sandbox->validate_functions = false; $sandbox->execute(''); //Pinging google.com. . . ``` Requirements ------------ [](#requirements) - PHP 5.4+ - [PHP-Parser](https://github.com/nikic/PHP-Parser) - [FunctionParser](https://github.com/jeremeamia/FunctionParser) (if you wish to use closures) - PHP should be compiled with *--enable-tokenizer* option (it typically is) Installation ------------ [](#installation) To install using [composer](http://getcomposer.org/), simply add the following to your composer.json file in the root of your project: ``` { "require": { "axiles/php-sandbox": "2.*" } } ``` Then run *composer install --dry-run* to check for any potential problems, and *composer install* to install. LICENSE ------- [](#license) ``` Copyright (c) 2013-2016 by Corveda, LLC. Some rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * The names of the contributors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ``` ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community15 Small or concentrated contributor base Maturity63 Established project with proven stability Bus Factor1 Top contributor holds 92.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~99 days Recently: every ~143 days Total 9 Last Release 3646d ago Major Versions v1.3.11 → v2.02016-02-11 PHP version history (2 changes)v1.3.5PHP >=5.3.2 v2.0PHP >=5.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/4a028a79383b16f2b89ad3f2915f9af8646f5880d39b042944e45e876f21605d?d=identicon)[IAJcraftDev](/maintainers/IAJcraftDev) --- Top Contributors [![fieryprophet](https://avatars.githubusercontent.com/u/533700?v=4)](https://github.com/fieryprophet "fieryprophet (164 commits)")[![IAJcraftDev](https://avatars.githubusercontent.com/u/12152768?v=4)](https://github.com/IAJcraftDev "IAJcraftDev (6 commits)")[![filp](https://avatars.githubusercontent.com/u/382538?v=4)](https://github.com/filp "filp (1 commits)")[![jecknig](https://avatars.githubusercontent.com/u/14073355?v=4)](https://github.com/jecknig "jecknig (1 commits)")[![ne0h12](https://avatars.githubusercontent.com/u/5797539?v=4)](https://github.com/ne0h12 "ne0h12 (1 commits)")[![reiz](https://avatars.githubusercontent.com/u/652130?v=4)](https://github.com/reiz "reiz (1 commits)")[![aazon](https://avatars.githubusercontent.com/u/378058?v=4)](https://github.com/aazon "aazon (1 commits)")[![santouras](https://avatars.githubusercontent.com/u/358368?v=4)](https://github.com/santouras "santouras (1 commits)")[![enov](https://avatars.githubusercontent.com/u/4045110?v=4)](https://github.com/enov "enov (1 commits)") --- Tags phpparserblacklistsandboxwhitelist ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/axiles-php-sandbox/health.svg) ``` [![Health](https://phpackages.com/badges/axiles-php-sandbox/health.svg)](https://phpackages.com/packages/axiles-php-sandbox) ``` ### Alternatives [doctrine/lexer PHP Doctrine Lexer parser library that can be used in Top-Down, Recursive Descent Parsers. 11.2k910.8M118](/packages/doctrine-lexer)[corveda/php-sandbox A PHP library that can be used to run PHP code in a sandboxed environment 23483.5k2](/packages/corveda-php-sandbox)[simplehtmldom/simplehtmldom A fast, simple and reliable HTML document parser for PHP. 1921.3M14](/packages/simplehtmldom-simplehtmldom)[psx/sandbox PHP sandbox to execute a safe subset of the PHP programming language 1745.8k1](/packages/psx-sandbox)[atanamo/php-codeshift A PHP code transformation toolkit based on 'PHP-Parser' 32158.4k1](/packages/atanamo-php-codeshift)[voku/simple-php-code-parser Get a simple data structure from your php code. 485.6k3](/packages/voku-simple-php-code-parser) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)