PHPackages ipedis/security-file-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. ipedis/security-file-bundle ActiveLibrary[Security](/categories/security) ipedis/security-file-bundle =========================== Symfony bundle for file security 2.0.1(4mo ago)07↓90%PHPPHP >=8.2CI passing Since Jun 7Pushed 2mo agoCompare [ Source](https://github.com/ipedis/security-file-bundle)[ Packagist](https://packagist.org/packages/ipedis/security-file-bundle)[ RSS](/packages/ipedis-security-file-bundle/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependencies (12)Versions (7)Used By (0) Security File Bundle ==================== [](#security-file-bundle) [![CI](https://github.com/ipedis/security-file-bundle/actions/workflows/ci.yml/badge.svg)](https://github.com/ipedis/security-file-bundle/actions/workflows/ci.yml)[![Latest Version on Packagist](https://camo.githubusercontent.com/caf4a4b80aa49a741d574a210605dbec84117f7fdcc0cbb04c7111673b1492c3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6970656469732f73656375726974792d66696c652d62756e646c652e737667)](https://packagist.org/packages/ipedis/security-file-bundle)[![PHP Version](https://camo.githubusercontent.com/76dbdd8a7fc0bb2042eb625b03187ab4b71eb25fe0fc3742109888b76f7a8689/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6970656469732f73656375726974792d66696c652d62756e646c652e737667)](https://packagist.org/packages/ipedis/security-file-bundle)[![License](https://camo.githubusercontent.com/48af62e3438f582e4bd1e16f5b9eeda96ca4d28f9238669f1bef6f20fbe537b3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f6970656469732f73656375726974792d66696c652d62756e646c652e737667)](https://packagist.org/packages/ipedis/security-file-bundle) Symfony bundle providing file security: HTML/XML sanitization, archive bomb detection, and file validation. Combines [`ipedis/file-sanitizer`](https://github.com/ipedis/file-sanitizer) and [`ipedis/validation-handler`](https://github.com/ipedis/validation-handler) with a configurable bomb scanner. Installation ------------ [](#installation) ``` composer require ipedis/security-file-bundle ``` Configuration ------------- [](#configuration) ``` # config/packages/security_file.yaml security_file: sanitizers: html_sanitizer: type: html xml_sanitizer: type: xml html_strict: type: html config: ignored_step: - Ipedis\FileSanitizer\Pipeline\Steps\PhpTagCleanupStep scanner: engines: - zip - rar - png ``` Quick Start ----------- [](#quick-start) ### Sanitize file content [](#sanitize-file-content) ``` use Ipedis\FileSanitizer\Contract\SanitizerInterface; class FileProcessor { public function __construct( private SanitizerInterface $htmlSanitizer, ) {} public function clean(string $html): string { return $this->htmlSanitizer->sanitize($html)->getContent(); } } ``` Sanitizers are injected by argument name matching the configuration key in camelCase (`html_sanitizer` → `$htmlSanitizer`). ### Scan for archive bombs [](#scan-for-archive-bombs) ``` use Ipedis\SecurityFileBundle\Service\BombScanner\BombScannerInterface; class UploadHandler { public function __construct( private BombScannerInterface $bombScanner, ) {} public function handle(\SplFileObject $file): void { $result = $this->bombScanner->scanFile($file); if ($result->isBomb()) { throw new \RuntimeException('Archive bomb detected'); } } } ``` ### Validate files [](#validate-files) ``` use Ipedis\SecurityFileBundle\Service\Validator\FileValidatorInterface; use Ipedis\ValidationHandler\Data\Constraints\FileSize; use Ipedis\ValidationHandler\Data\Constraints\MimeTypes; class UploadValidator { public function __construct( private FileValidatorInterface $fileValidator, ) {} public function validate(\SplFileInfo $file): void { $result = $this->fileValidator->validate($file, [ new FileSize(5, 'M'), new MimeTypes(['application/pdf', 'image/png']), ]); if ($result->isFailed()) { throw new \RuntimeException($result->getErrorMessage()); } } } ``` Available Services ------------------ [](#available-services) InterfaceDescription`SanitizerInterface`Inject by argument name matching config key`BombScannerInterface`Archive bomb scanner (zip, rar, png engines)`FileValidatorInterface`File validation against constraintsDependencies ------------ [](#dependencies) - [`ipedis/file-sanitizer`](https://github.com/ipedis/file-sanitizer) — HTML/XML sanitization engine - [`ipedis/validation-handler`](https://github.com/ipedis/validation-handler) — file validation chain Compatibility ------------- [](#compatibility) PHPSymfonyStatus8.27.x✅8.37.x✅8.47.x✅8.57.x✅Local Development ----------------- [](#local-development) Requires [Docker](https://www.docker.com/). ``` make up # Start container make install # Install dependencies make qa # Run full QA suite (rector + pint + phpstan + tests) ``` Available targets: CommandDescription`make up`Start container`make down`Stop container`make install`Install Composer dependencies`make update`Update Composer dependencies`make test`Run PHPUnit tests`make phpstan`Run static analysis (level max)`make pint`Fix code style (PSR-12)`make rector`Run automated refactoring`make qa`Run all checks`make shell`Open container shellDisclaimer ---------- [](#disclaimer) This package is maintained by [Ipedis](https://www.ipedis.com). It is provided as-is under the terms of its license. ### Health Score 43 — FairBetter than 90% of packages Maintenance82 Actively maintained with recent releases Popularity5 Limited adoption so far Community11 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 50% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~268 days Recently: every ~335 days Total 6 Last Release 138d ago Major Versions 1.0.3 → 2.0.02026-02-05 ### Community Maintainers ![](https://www.gravatar.com/avatar/97cc863f90ac18a7a620893a0a9cbf099dab4f8e5f853e1fe5a28c64b6dec9cc?d=identicon)[yanis-git](/maintainers/yanis-git) --- Top Contributors [![MelchiorIpedis](https://avatars.githubusercontent.com/u/126576609?v=4)](https://github.com/MelchiorIpedis "MelchiorIpedis (12 commits)")[![yanis-git](https://avatars.githubusercontent.com/u/4113879?v=4)](https://github.com/yanis-git "yanis-git (5 commits)")[![lucasdsm78](https://avatars.githubusercontent.com/u/66834518?v=4)](https://github.com/lucasdsm78 "lucasdsm78 (4 commits)")[![tejaskgosai](https://avatars.githubusercontent.com/u/126658306?v=4)](https://github.com/tejaskgosai "tejaskgosai (2 commits)")[![lucas-dsm](https://avatars.githubusercontent.com/u/126459347?v=4)](https://github.com/lucas-dsm "lucas-dsm (1 commits)") ### Code Quality TestsPHPUnit Static AnalysisRector Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/ipedis-security-file-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/ipedis-security-file-bundle/health.svg)](https://phpackages.com/packages/ipedis-security-file-bundle) ``` ### Alternatives [2lenet/crudit-bundle The easy like Crud'it Bundle. 1615.6k12](/packages/2lenet-crudit-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)