1 files changed, 215 insertions, 0 deletions
diff --git a/stories/feature-list.html b/stories/feature-list.html
new file mode 100644
index 0000000..992ca73
--- /dev/null
+++ b/stories/feature-list.html
@@ -0,0 +1,215 @@
+<!DOCTYPE html>
+<html prefix="og: http://ogp.me/ns# article: http://ogp.me/ns/article#
+" lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Suhosin Feature List | SUHOSIN</title>
+<link href="../assets/css/all-nocdn.css" rel="stylesheet" type="text/css">
+<meta name="theme-color" content="#5670d4">
+<meta name="generator" content="Nikola (getnikola.com)">
+<link rel="canonical" href="https://suhosin.org/stories/feature-list.html">
+<link rel="icon" href="../favicon.png" sizes="32x32">
+<link rel="icon" href="../favicon_256x256.png" sizes="256x256">
+<!--[if lt IE 9]><script src="../assets/js/html5.js"></script><![endif]--><meta name="author" content="SektionEins">
+<meta property="og:site_name" content="SUHOSIN">
+<meta property="og:title" content="Suhosin Feature List">
+<meta property="og:url" content="https://suhosin.org/stories/feature-list.html">
+<meta property="og:description" content="Feature List - Suhosin Patch
+Engine Protection
+Protects the internal memory manager against bufferoverflows with Canary and SafeUnlink Protection
+Protects Destructors of Zend Hashtables
+Protects Des">
+<meta property="og:type" content="article">
+<meta property="article:published_time" content="2014-06-11T11:02:00+02:00">
+</head>
+<body>
+<a href="#content" class="sr-only sr-only-focusable">Skip to main content</a>
+<!-- Menubar -->
+<nav class="navbar navbar-expand-md static-top mb-4
+navbar-dark bg-dark
+"><div class="container">
+<!-- This keeps the margins nice -->
+        <a class="navbar-brand" href="https://suhosin.org/">
+            <span id="blog-title">SUHOSIN</span>
+        </a>
+        <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#bs-navbar" aria-controls="bs-navbar" aria-expanded="false" aria-label="Toggle navigation">
+            <span class="navbar-toggler-icon"></span>
+        </button>
+        <div class="collapse navbar-collapse" id="bs-navbar">
+            <ul class="navbar-nav mr-auto">
+<li class="nav-item">
+<a href="download.html" class="nav-link">Download</a>
+            </li>
+<li class="nav-item dropdown">
+<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Documentation</a>
+            <div class="dropdown-menu">
+                    <a href="#" class="dropdown-item active">Feature List <span class="sr-only">(active)</span></a>
+                    <a href="install.html" class="dropdown-item">Installing Suhosin</a>
+                    <a href="configuration.html" class="dropdown-item">Configuration</a>
+                    <a href="howtos.html" class="dropdown-item">HOWTOs</a>
+                    <a href="faq.html" class="dropdown-item">FAQ</a>
+                    <a href="benchmark.html" class="dropdown-item">Benchmark</a>
+            </div>
+            </li>
+<li class="nav-item dropdown">
+<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Github</a>
+            <div class="dropdown-menu">
+                    <a href="https://raw.githubusercontent.com/sektioneins/suhosin/master/Changelog" class="dropdown-item">Changelog</a>
+                    <a href="https://github.com/sektioneins/suhosin" class="dropdown-item">Sources</a>
+                    <a href="https://github.com/sektioneins/suhosin/issues" class="dropdown-item">Bugtracker</a>
+            </div>
+            </li>
+<li class="nav-item dropdown">
+<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">SektionEins</a>
+            <div class="dropdown-menu">
+                    <a href="https://sektioneins.de/en/index.html#services" class="dropdown-item">Security Audits</a>
+                    <a href="https://sektioneins.de/en/index.html#news" class="dropdown-item">News</a>
+                    <a href="https://sektioneins.de/en/kontakt.html" class="dropdown-item">Contact</a>
+            </div>
+                
+            </li>
+</ul>
+<ul class="navbar-nav navbar-right"></ul>
+</div>
+<!-- /.navbar-collapse -->
+    </div>
+<!-- /.container -->
+</nav><!-- End of Menubar --><div class="container" id="content" role="main">
+    <div class="body-content">
+        <!--Body content-->
+        
+        
+<article class="post-text storypage" itemscope="itemscope" itemtype="http://schema.org/Article"><header><h1 class="p-name entry-title" itemprop="headline name"><a href="#" class="u-url">Suhosin Feature List</a></h1>
+        
+    </header><div class="e-content entry-content" itemprop="articleBody text">
+    <div>
+<div class="section" id="feature-list-suhosin-patch">
+<h2>Feature List - Suhosin Patch</h2>
+<div class="section" id="engine-protection">
+<h3>Engine Protection</h3>
+<ul class="simple">
+<li>Protects the internal memory manager against bufferoverflows with Canary and SafeUnlink Protection</li>
+<li>Protects Destructors of Zend Hashtables</li>
+<li>Protects Destructors of Zend Linked-Lists</li>
+<li>Protects the PHP core and extensions against format string vulnerabilities</li>
+<li>Protects against errors in certain libc realpath() implementations</li>
+</ul>
+</div>
+</div>
+<div class="section" id="feature-list-suhosin-extension">
+<h2>Feature List - Suhosin Extension</h2>
+<div class="section" id="misc-features">
+<h3>Misc Features</h3>
+<ul class="simple">
+<li>Protection Simulation mode :!:</li>
+<li>Adds the functions sha256() and sha256_file() to the PHP core</li>
+<li>Adds support for CRYPT_BLOWFISH to crypt() on all platforms</li>
+<li>Transparent protection of open phpinfo() pages</li>
+<li>EXPERIMENTAL SQL database user protection</li>
+</ul>
+</div>
+<div class="section" id="runtime-protection">
+<h3>Runtime Protection</h3>
+<ul class="simple">
+<li>Transparent Cookie Encryption :!:</li>
+<li>Protects against different kinds of (Remote-)Include Vulnerabilities<ul>
+<li>disallows Remote URL inclusion (optional: black-/whitelisting)</li>
+<li>disallows inclusiong of uploaded files</li>
+</ul>
+</li>
+<li>optionally stops directory traversal attacks</li>
+<li>Allows disabling the preg_replace() /e modifier</li>
+<li>Allows disabling eval()</li>
+<li>Protects against infinite recursion through a configureabel maximum execution depth</li>
+<li>Supports per Virtual Host / Directory configureable function black- and whitelists</li>
+<li>Supports a separated function black- and whitelist for evaluated code</li>
+<li>Protects against HTTP Response Splitting Vulnerabilities</li>
+<li>Protects against scripts manipulating the memory_limit</li>
+<li>Protects PHP‘s superglobals against extract() and import_request_vars()</li>
+<li>Adds protection against newline attacks to mail()</li>
+<li>Adds protection against 0 attack on preg_replace()</li>
+</ul>
+</div>
+<div class="section" id="session-protection">
+<h3>Session Protection</h3>
+<ul class="simple">
+<li>Transparent encryption of session data :!:</li>
+<li>Transparent session hijacking protection :!:</li>
+<li>Protection against overlong session identifiers</li>
+<li>Protection against malicious chars in session identifiers</li>
+</ul>
+</div>
+<div class="section" id="filtering-features">
+<h3>Filtering Features</h3>
+<ul class="simple">
+<li>Filters ASCIIZ characters from user input</li>
+<li>Ignores GET, POST, COOKIE variables with the following names:
+GLOBALS, _COOKIE, _ENV, _FILES, _GET, _POST, _REQUEST
+_SERVER, _SESSION, HTTP_COOKIE_VARS, HTTP_ENV_VARS
+HTTP_GET_VARS, HTTP_POST_VARS, HTTP_POST_FILES
+HTTP_RAW_POST_DATA, HTTP_SERVER_VARS, HTTP_SESSION_VARS</li>
+<li>Allows enforcing limits on REQUEST variables or separated by type (GET, POST, COOKIE)<ul>
+<li>Supports a number of variables per request limit</li>
+<li>Supports a maximum length of variable names [with and without indicies]</li>
+<li>Supports a maximum length of array indicies</li>
+<li>Supports a maximum length of variable values</li>
+<li>Supports a maximum depth of arrays</li>
+</ul>
+</li>
+<li>Allows only a configureable number of uploaded files</li>
+<li>Supports verification of uploaded files through an external script</li>
+<li>Supports automatic banning of uploaded ELF executables</li>
+<li>Supports automatic banning of uploaded binary files</li>
+<li>Supports automatic stripping of binary content in uploaded files</li>
+<li>Configureable action on violation<ul>
+<li>just block violating variables</li>
+<li>send HTTP response code</li>
+<li>redirect the browser</li>
+<li>execute another PHP script</li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="logging-features">
+<h3>Logging Features</h3>
+<ul class="simple">
+<li>Supports multiple log devices (syslog, SAPI module error log, external logging script)</li>
+<li>Supports freely configureable syslog facility and priority</li>
+<li>Supports log device separated selection of alert types to log</li>
+<li>Alerts contain filename and linenumber that triggered it</li>
+<li>Alerts contain the IP address of the user triggering it</li>
+<li>The IP Address can also be extracted from X-Forwarded-For HTTP headers (f.e. for reverse proxy setups)</li>
+</ul>
+</div>
+</div>
+</div>
+    </div>
+    
+</article><!--End of body content--><footer id="footer"><a href="https://sektioneins.de/en/"><img src="../images/s1-logo-transparent-small.png" id="footerimg"></a><div id="footertext">© 2019 <a href="https://sektioneins.de/en/">SektionEins GmbH</a> • <a href="https://sektioneins.de/en/impressum.html">Imprint</a> • <a href="https://sektioneins.de/en/privacy.html">Privacy Statement</a>
+</div>
+            
+        </footer>
+</div>
+</div>
+        <script src="../assets/js/all-nocdn.js"></script><script>
+    baguetteBox.run('div#content', {
+        ignoreClass: 'islink',
+        captions: function(element) {
+            return element.getElementsByTagName('img')[0].alt;
+    }});
+    </script>
+</body>
+</html>

diff --git a/stories/feature-list.html b/stories/feature-list.html new file mode 100644 index 0000000..992ca73 --- /dev/null +++ b/stories/feature-list.html
@@ -0,0 +1,215 @@
	1	<!DOCTYPE html>
	2	<html prefix="og: http://ogp.me/ns# article: http://ogp.me/ns/article#
	3	" lang="en">
	4	<head>
	5	<meta charset="utf-8">
	6	<meta name="viewport" content="width=device-width, initial-scale=1">
	7	<title>Suhosin Feature List \| SUHOSIN</title>
	8	<link href="../assets/css/all-nocdn.css" rel="stylesheet" type="text/css">
	9	<meta name="theme-color" content="#5670d4">
	10	<meta name="generator" content="Nikola (getnikola.com)">
	11	<link rel="canonical" href="https://suhosin.org/stories/feature-list.html">
	12	<link rel="icon" href="../favicon.png" sizes="32x32">
	13	<link rel="icon" href="../favicon_256x256.png" sizes="256x256">
	14	<!--[if lt IE 9]><script src="../assets/js/html5.js"></script><![endif]--><meta name="author" content="SektionEins">
	15	<meta property="og:site_name" content="SUHOSIN">
	16	<meta property="og:title" content="Suhosin Feature List">
	17	<meta property="og:url" content="https://suhosin.org/stories/feature-list.html">
	18	<meta property="og:description" content="Feature List - Suhosin Patch
	19
	20	Engine Protection
	21
	22	Protects the internal memory manager against bufferoverflows with Canary and SafeUnlink Protection
	23	Protects Destructors of Zend Hashtables
	24	Protects Des">
	25	<meta property="og:type" content="article">
	26	<meta property="article:published_time" content="2014-06-11T11:02:00+02:00">
	27	</head>
	28	<body>
	29	<a href="#content" class="sr-only sr-only-focusable">Skip to main content</a>
	30
	31	<!-- Menubar -->
	32
	33	<nav class="navbar navbar-expand-md static-top mb-4
	34	navbar-dark bg-dark
	35	"><div class="container">
	36	<!-- This keeps the margins nice -->
	37	<a class="navbar-brand" href="https://suhosin.org/">
	38
	39	<span id="blog-title">SUHOSIN</span>
	40	</a>
	41	<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#bs-navbar" aria-controls="bs-navbar" aria-expanded="false" aria-label="Toggle navigation">
	42	<span class="navbar-toggler-icon"></span>
	43	</button>
	44
	45	<div class="collapse navbar-collapse" id="bs-navbar">
	46	<ul class="navbar-nav mr-auto">
	47	<li class="nav-item">
	48	<a href="download.html" class="nav-link">Download</a>
	49	</li>
	50	<li class="nav-item dropdown">
	51	<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Documentation</a>
	52	<div class="dropdown-menu">
	53	<a href="#" class="dropdown-item active">Feature List <span class="sr-only">(active)</span></a>
	54	<a href="install.html" class="dropdown-item">Installing Suhosin</a>
	55	<a href="configuration.html" class="dropdown-item">Configuration</a>
	56	<a href="howtos.html" class="dropdown-item">HOWTOs</a>
	57	<a href="faq.html" class="dropdown-item">FAQ</a>
	58	<a href="benchmark.html" class="dropdown-item">Benchmark</a>
	59	</div>
	60	</li>
	61	<li class="nav-item dropdown">
	62	<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Github</a>
	63	<div class="dropdown-menu">
	64	<a href="https://raw.githubusercontent.com/sektioneins/suhosin/master/Changelog" class="dropdown-item">Changelog</a>
	65	<a href="https://github.com/sektioneins/suhosin" class="dropdown-item">Sources</a>
	66	<a href="https://github.com/sektioneins/suhosin/issues" class="dropdown-item">Bugtracker</a>
	67	</div>
	68	</li>
	69	<li class="nav-item dropdown">
	70	<a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">SektionEins</a>
	71	<div class="dropdown-menu">
	72	<a href="https://sektioneins.de/en/index.html#services" class="dropdown-item">Security Audits</a>
	73	<a href="https://sektioneins.de/en/index.html#news" class="dropdown-item">News</a>
	74	<a href="https://sektioneins.de/en/kontakt.html" class="dropdown-item">Contact</a>
	75	</div>
	76
	77
	78	</li>
	79	</ul>
	80	<ul class="navbar-nav navbar-right"></ul>
	81	</div>
	82	<!-- /.navbar-collapse -->
	83	</div>
	84	<!-- /.container -->
	85	</nav><!-- End of Menubar --><div class="container" id="content" role="main">
	86	<div class="body-content">
	87	<!--Body content-->
	88
	89
	90	<article class="post-text storypage" itemscope="itemscope" itemtype="http://schema.org/Article"><header><h1 class="p-name entry-title" itemprop="headline name"><a href="#" class="u-url">Suhosin Feature List</a></h1>
	91
	92
	93
	94	</header><div class="e-content entry-content" itemprop="articleBody text">
	95	<div>
	96	<div class="section" id="feature-list-suhosin-patch">
	97	<h2>Feature List - Suhosin Patch</h2>
	98	<div class="section" id="engine-protection">
	99	<h3>Engine Protection</h3>
	100	<ul class="simple">
	101	<li>Protects the internal memory manager against bufferoverflows with Canary and SafeUnlink Protection</li>
	102	<li>Protects Destructors of Zend Hashtables</li>
	103	<li>Protects Destructors of Zend Linked-Lists</li>
	104	<li>Protects the PHP core and extensions against format string vulnerabilities</li>
	105	<li>Protects against errors in certain libc realpath() implementations</li>
	106	</ul>
	107	</div>
	108	</div>
	109	<div class="section" id="feature-list-suhosin-extension">
	110	<h2>Feature List - Suhosin Extension</h2>
	111	<div class="section" id="misc-features">
	112	<h3>Misc Features</h3>
	113	<ul class="simple">
	114	<li>Protection Simulation mode :!:</li>
	115	<li>Adds the functions sha256() and sha256_file() to the PHP core</li>
	116	<li>Adds support for CRYPT_BLOWFISH to crypt() on all platforms</li>
	117	<li>Transparent protection of open phpinfo() pages</li>
	118	<li>EXPERIMENTAL SQL database user protection</li>
	119	</ul>
	120	</div>
	121	<div class="section" id="runtime-protection">
	122	<h3>Runtime Protection</h3>
	123	<ul class="simple">
	124	<li>Transparent Cookie Encryption :!:</li>
	125	<li>Protects against different kinds of (Remote-)Include Vulnerabilities<ul>
	126	<li>disallows Remote URL inclusion (optional: black-/whitelisting)</li>
	127	<li>disallows inclusiong of uploaded files</li>
	128	</ul>
	129	</li>
	130	<li>optionally stops directory traversal attacks</li>
	131	<li>Allows disabling the preg_replace() /e modifier</li>
	132	<li>Allows disabling eval()</li>
	133	<li>Protects against infinite recursion through a configureabel maximum execution depth</li>
	134	<li>Supports per Virtual Host / Directory configureable function black- and whitelists</li>
	135	<li>Supports a separated function black- and whitelist for evaluated code</li>
	136	<li>Protects against HTTP Response Splitting Vulnerabilities</li>
	137	<li>Protects against scripts manipulating the memory_limit</li>
	138	<li>Protects PHP‘s superglobals against extract() and import_request_vars()</li>
	139	<li>Adds protection against newline attacks to mail()</li>
	140	<li>Adds protection against 0 attack on preg_replace()</li>
	141	</ul>
	142	</div>
	143	<div class="section" id="session-protection">
	144	<h3>Session Protection</h3>
	145	<ul class="simple">
	146	<li>Transparent encryption of session data :!:</li>
	147	<li>Transparent session hijacking protection :!:</li>
	148	<li>Protection against overlong session identifiers</li>
	149	<li>Protection against malicious chars in session identifiers</li>
	150	</ul>
	151	</div>
	152	<div class="section" id="filtering-features">
	153	<h3>Filtering Features</h3>
	154	<ul class="simple">
	155	<li>Filters ASCIIZ characters from user input</li>
	156	<li>Ignores GET, POST, COOKIE variables with the following names:
	157	GLOBALS, _COOKIE, _ENV, _FILES, _GET, _POST, _REQUEST
	158	_SERVER, _SESSION, HTTP_COOKIE_VARS, HTTP_ENV_VARS
	159	HTTP_GET_VARS, HTTP_POST_VARS, HTTP_POST_FILES
	160	HTTP_RAW_POST_DATA, HTTP_SERVER_VARS, HTTP_SESSION_VARS</li>
	161	<li>Allows enforcing limits on REQUEST variables or separated by type (GET, POST, COOKIE)<ul>
	162	<li>Supports a number of variables per request limit</li>
	163	<li>Supports a maximum length of variable names [with and without indicies]</li>
	164	<li>Supports a maximum length of array indicies</li>
	165	<li>Supports a maximum length of variable values</li>
	166	<li>Supports a maximum depth of arrays</li>
	167	</ul>
	168	</li>
	169	<li>Allows only a configureable number of uploaded files</li>
	170	<li>Supports verification of uploaded files through an external script</li>
	171	<li>Supports automatic banning of uploaded ELF executables</li>
	172	<li>Supports automatic banning of uploaded binary files</li>
	173	<li>Supports automatic stripping of binary content in uploaded files</li>
	174	<li>Configureable action on violation<ul>
	175	<li>just block violating variables</li>
	176	<li>send HTTP response code</li>
	177	<li>redirect the browser</li>
	178	<li>execute another PHP script</li>
	179	</ul>
	180	</li>
	181	</ul>
	182	</div>
	183	<div class="section" id="logging-features">
	184	<h3>Logging Features</h3>
	185	<ul class="simple">
	186	<li>Supports multiple log devices (syslog, SAPI module error log, external logging script)</li>
	187	<li>Supports freely configureable syslog facility and priority</li>
	188	<li>Supports log device separated selection of alert types to log</li>
	189	<li>Alerts contain filename and linenumber that triggered it</li>
	190	<li>Alerts contain the IP address of the user triggering it</li>
	191	<li>The IP Address can also be extracted from X-Forwarded-For HTTP headers (f.e. for reverse proxy setups)</li>
	192	</ul>
	193	</div>
	194	</div>
	195	</div>
	196	</div>
	197
	198
	199	</article><!--End of body content--><footer id="footer"><a href="https://sektioneins.de/en/"><img src="../images/s1-logo-transparent-small.png" id="footerimg"></a><div id="footertext">© 2019 <a href="https://sektioneins.de/en/">SektionEins GmbH</a> • <a href="https://sektioneins.de/en/impressum.html">Imprint</a> • <a href="https://sektioneins.de/en/privacy.html">Privacy Statement</a>
	200	</div>
	201
	202	</footer>
	203	</div>
	204	</div>
	205
	206
	207	<script src="../assets/js/all-nocdn.js"></script><script>
	208	baguetteBox.run('div#content', {
	209	ignoreClass: 'islink',
	210	captions: function(element) {
	211	return element.getElementsByTagName('img')[0].alt;
	212	}});
	213	</script>
	214	</body>
	215	</html>