snuffleupagus/src/sp_utils.h, branch masterSecurity module for php7 and php8 - Killing bugclasses and virtual-patching the rest!
http://git.dustri.org/snuffleupagus/atom?h=master2024-06-06T14:36:40ZAdd format attribute to log function and adjust format specifiers2024-06-06T14:36:40ZChristian Göttsche2024-06-06T14:36:40Zurn:sha1:849252c6a48b428dde3ad8930b40a2bdf9874cb7
Annotate the common logging function sp_log_msgf() with the format
attribute so compilers can check the used format string and passed
arguments for discrepancies.
Adjust the lineno printing by using %zu and the type size_t
consistently.
Avoid dropping const qualifier in casts2024-06-06T14:27:35ZChristian Göttsche2024-05-29T18:38:23Zurn:sha1:f40955e03cd361966f927acfaa477cfceb8930e5
Adjusts casts to void dropping const qualifiers. This helps to avoid
mistakes, e.g. modifying string literals.
Also use size_t for length, similar to the upstream php interfaces.
Even more const!2022-07-13T19:25:04Zjvoisin2022-07-13T19:25:04Zurn:sha1:ed87e551efd0160f1944a5e97158ab258db65eafintroduced sp_regexp / store original regex2022-02-05T11:22:13ZBen Fuhrmannek2022-02-05T11:22:13Zurn:sha1:323f818a6ce33d021bc0a6d34064598917e68c91fix: include class name in eval whitelist matching2021-12-14T13:29:43ZBen Fuhrmannek2021-12-14T13:29:43Zurn:sha1:4a45ba42b609d48c8297456d67cc8d955073b567added @log logging feature to config parser2021-11-30T12:06:53ZBen Fuhrmannek2021-11-30T12:06:53Zurn:sha1:aa099cd7a4aa5e3296d39158184e301af9ef2f78config is stack allocated now + some code improvements (see details)2021-09-23T10:23:40ZBen Fuhrmannek2021-09-23T10:23:40Zurn:sha1:54c352c1b5aa08b187dd1e52e544709cad2b0fee
* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible
* SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read
* execution_depth is re-initialized to 0 for each request
* function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1
* execution is actually hooked if recursion protection is enabled
* some line breaks were removed to make the code more readable
fincy new scanner/parser for config rules + fixed a few bugs along the way + fixed related unittests2021-08-16T13:47:01ZBen Fuhrmannek2021-08-16T13:47:01Zurn:sha1:5148ded7268b569fd5e720f90b44645c83ac3e9eprevent STDERR debug output based on SP_NODEBUG environment variable2021-08-07T13:55:48ZBen Fuhrmannek2021-08-07T13:55:48Zurn:sha1:e8bb162220ac17cb9b8cc229666356e88f081887restructured function hooks, implemented unhook2021-08-06T18:17:38ZBen Fuhrmannek2021-08-06T18:17:38Zurn:sha1:260f17f112e2d081783c6dc102f81666ac2435d9