Merge branch 'master' of https://github.com/nbs-system/snuffleupagus

author: Ben Fuhrmannek 2019-07-16 20:05:24 +0200
committer: Ben Fuhrmannek 2019-07-16 20:05:24 +0200
commit: c3b5fc85dad5a4e20f2e2ca7b95b0c7407a3b8b6 (patch)
tree: 5f1aef8493e9bb12c577a52bf3b9b316ec2fd7be
parent: f0142b35616b28dc81247859e93a891c065561f9 (diff)
parent: f7e25b29c1cd5273675dbb3d6883c40377d8315d (diff)
6 files changed, 65 insertions, 9 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 85b03eb..73181c5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,7 +6,7 @@ testsuite:debian:
  stage: testsuite
  script:
    - apt-get -qqy update
-    - apt-get -qqy install --no-install-recommends php-dev gcc make
+    - apt-get -qqy install --no-install-recommends php-dev gcc make libpcre3-dev
    - make debug
 testsuite:fedora:
@@ -29,7 +29,7 @@ testsuite:alpine:
  stage: testsuite
  script:
    - apk update
-    - apk add php7-dev php7-cgi php7-simplexml php7-xml make gcc musl-dev pcre
+    - apk add php7-dev php7-cgi php7-simplexml php7-xml make gcc musl-dev pcre-dev
    - make compile_debug
    - TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 make -C src test TESTS="tests/cookies_encryption tests/deny_writable tests/disable_function"
    - TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 make -C src test TESTS="tests/dump_request tests/eval_blacklist tests/global_strict"
diff --git a/.travis.yml b/.travis.yml
index 9596726..7eade9f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -33,8 +33,6 @@ matrix:
  - env: TARGET="gcc php nightly novld" CC="gcc"
    php: "nightly"
  allow_failures:
-  - env: TARGET="gcc php7.4 novld" CC="gcc"
-    php: "7.4snapshot"
  - env: TARGET="gcc php nightly novld" CC="gcc"
    php: "nightly"
diff --git a/README.md b/README.md
index 110fb39..418ae84 100644
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ without having to touch the PHP code.
 ## Key Features
-* Close to zero performance impact
+* No [noticeable performance impact](https://dustri.org/b/snuffleupagus-030-dentalium-elephantinum.html)
 * Powerful yet simple to write virtual-patching rules
 * Killing several classes of vulnerabilities
  * [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution
@@ -75,10 +75,10 @@ without having to touch the PHP code.
  * Whitelist/blacklist for `eval`
  * Enforcing TLS certificate validation when using [curl](https://secure.php.net/manual/en/book.curl.php)
  * Request dumping capability
-* A relatively sane codebase:
+* A relatively sane code base:
-  * A [comprehensive](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master) testsuite
+  * A [comprehensive](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master) test suite close to 100% coverage
  * Every commit is tested on [several distributions](https://gitlab.com/jvoisin/snuffleupagus/pipelines)
-  * An `clang-format`-enfored code style
+  * An `clang-format`-enforced code style
  * A [comprehensive documentation](https://snuffleupagus.rtfd.io)
  * Usage of [coverity](https://scan.coverity.com/projects/nbs-system-snuffleupagus)
diff --git a/doc/source/installation.rst b/doc/source/installation.rst
index 3240b7a..74d5d4f 100644
--- a/doc/source/installation.rst
+++ b/doc/source/installation.rst
@@ -46,6 +46,33 @@ prefer:
 Be careful, on some distribution, there are separate configurations for
 cli/fmp/cgi/… be sure to edit the right one.
+If you're using `Gentoo <https://gentoo.org>`__, you might encounter the
+following error:
+::
+  $ make                                                                                                                                         
+  $ /bin/sh /root/snuffleupagus-0.5.0/src/libtool --mode=compile cc  -I. -I/root/snuffleupagus-0.5.0/src -DPHP_ATOM_INC -I/root/snuffleupagus-0.5.0/src/include -I/root/snuffleupagus-0.5.0/src/main -I/root/snuffleupagus-0.5.0/src -I/usr/lib64/php7.3/include/php -I/usr/lib64/php7.3/include/php/main -I/usr/lib64/php7.3/include/php/TSRM -I/usr/lib64/php7.3/include/php/Zend -I/usr/lib64/php7.3/include/php/ext -I/usr/lib64/php7.3/include/php/ext/date/lib  -DHAVE_CONFIG_H  -g -O2 -Wall -Wextra -Wno-unused-parameter -Wformat=2 -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector   -c /root/snuffleupagus-0.5.0/src/snuffleupagus.c -o snuffleupagus.lo 
+  libtool: Version mismatch error.  This is libtool 2.4.6, but the
+  libtool: definition of this LT_INIT comes from an older release.
+  libtool: You should recreate aclocal.m4 with macros from libtool 2.4.6
+  libtool: and run autoconf again.
+  make: *** [Makefile:193: snuffleupagus.lo] Error 63
+  $
+This is a `documented php bug <https://bugs.php.net/bug.php?id=58979>`__,
+solvable via:
+::
+  rm -f aclocal.m4
+  phpize
+  aclocal && libtoolize --force && autoreconf
+  ./configure --enable-snuffleupagus
+  make
 Upgrading
 ---------
diff --git a/src/tests/stream_wrapper/stream_wrapper.phpt b/src/tests/stream_wrapper/stream_wrapper.phpt
index fdea50c..3336ef6 100644
--- a/src/tests/stream_wrapper/stream_wrapper.phpt
+++ b/src/tests/stream_wrapper/stream_wrapper.phpt
@@ -1,7 +1,10 @@
 --TEST--
 Stream wrapper
 --SKIPIF--
-<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php
+if (!extension_loaded("snuffleupagus")) print "skip snuffleupagus extension missing";
+if (!extension_loaded("openssl")) print "skip openssl extension missing";
+?>
 --INI--
 sp.configuration_file={PWD}/config/config_stream_wrapper.ini
 --FILE--
diff --git a/src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt b/src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt
new file mode 100644
index 0000000..5a11c8f
--- /dev/null
+++ b/src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Stream wrapper, without a dependency on openssl
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_stream_wrapper.ini
+--FILE--
+<?php 
+file_get_contents('http://qweqwezxc');
+file_get_contents('ftp://qweqwezxc');
+file_get_contents('lelel://qweqwezxc');
+?>
+--EXPECTF--
+Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it when you configured PHP? in Unknown on line 0
+Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it when you configured PHP? in Unknown on line 0
+Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it when you configured PHP? in Unknown on line 0
+Warning: file_get_contents(): Unable to find the wrapper "http" - did you forget to enable it when you configured PHP? in %a/stream_wrapper_without_openssl.php on line 2
+Warning: file_get_contents(http://qweqwezxc): failed to open stream: No such file or directory in %a/stream_wrapper_without_openssl.php on line 2
+Warning: file_get_contents(ftp://qweqwezxc): failed to open stream: operation failed in %a/stream_wrapper_without_openssl.php on line 3
+Warning: file_get_contents(): Unable to find the wrapper "lelel" - did you forget to enable it when you configured PHP? in %a/stream_wrapper_without_openssl.php on line 4
+Warning: file_get_contents(lelel://qweqwezxc): failed to open stream: No such file or directory in %a/stream_wrapper_without_openssl.php on line 4
author	Ben Fuhrmannek	2019-07-16 20:05:24 +0200
committer	Ben Fuhrmannek	2019-07-16 20:05:24 +0200
commit	c3b5fc85dad5a4e20f2e2ca7b95b0c7407a3b8b6 (patch)
tree	5f1aef8493e9bb12c577a52bf3b9b316ec2fd7be
parent	f0142b35616b28dc81247859e93a891c065561f9 (diff)
parent	f7e25b29c1cd5273675dbb3d6883c40377d8315d (diff)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 85b03eb..73181c5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml
@@ -6,7 +6,7 @@ testsuite:debian:
6	stage: testsuite	6	stage: testsuite
7	script:	7	script:
8	- apt-get -qqy update	8	- apt-get -qqy update
9	- apt-get -qqy install --no-install-recommends php-dev gcc make	9	- apt-get -qqy install --no-install-recommends php-dev gcc make libpcre3-dev
10	- make debug	10	- make debug
11		11
12	testsuite:fedora:	12	testsuite:fedora:
@@ -29,7 +29,7 @@ testsuite:alpine:
29	stage: testsuite	29	stage: testsuite
30	script:	30	script:
31	- apk update	31	- apk update
32	- apk add php7-dev php7-cgi php7-simplexml php7-xml make gcc musl-dev pcre	32	- apk add php7-dev php7-cgi php7-simplexml php7-xml make gcc musl-dev pcre-dev
33	- make compile_debug	33	- make compile_debug
34	- TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 make -C src test TESTS="tests/cookies_encryption tests/deny_writable tests/disable_function"	34	- TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 make -C src test TESTS="tests/cookies_encryption tests/deny_writable tests/disable_function"
35	- TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 make -C src test TESTS="tests/dump_request tests/eval_blacklist tests/global_strict"	35	- TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 make -C src test TESTS="tests/dump_request tests/eval_blacklist tests/global_strict"


diff --git a/.travis.yml b/.travis.yml index 9596726..7eade9f 100644 --- a/.travis.yml +++ b/.travis.yml
@@ -33,8 +33,6 @@ matrix:
33	- env: TARGET="gcc php nightly novld" CC="gcc"	33	- env: TARGET="gcc php nightly novld" CC="gcc"
34	php: "nightly"	34	php: "nightly"
35	allow_failures:	35	allow_failures:
36	- env: TARGET="gcc php7.4 novld" CC="gcc"
37	php: "7.4snapshot"
38	- env: TARGET="gcc php nightly novld" CC="gcc"	36	- env: TARGET="gcc php nightly novld" CC="gcc"
39	php: "nightly"	37	php: "nightly"
40		38


diff --git a/README.md b/README.md index 110fb39..418ae84 100644 --- a/README.md +++ b/README.md
@@ -57,7 +57,7 @@ without having to touch the PHP code.
57		57
58	## Key Features	58	## Key Features
59		59
60	* Close to zero performance impact	60	* No [noticeable performance impact](https://dustri.org/b/snuffleupagus-030-dentalium-elephantinum.html)
61	* Powerful yet simple to write virtual-patching rules	61	* Powerful yet simple to write virtual-patching rules
62	* Killing several classes of vulnerabilities	62	* Killing several classes of vulnerabilities
63	* [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution	63	* [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution
@@ -75,10 +75,10 @@ without having to touch the PHP code.
75	* Whitelist/blacklist for `eval`	75	* Whitelist/blacklist for `eval`
76	* Enforcing TLS certificate validation when using [curl](https://secure.php.net/manual/en/book.curl.php)	76	* Enforcing TLS certificate validation when using [curl](https://secure.php.net/manual/en/book.curl.php)
77	* Request dumping capability	77	* Request dumping capability
78	* A relatively sane codebase:	78	* A relatively sane code base:
79	* A [comprehensive](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master) testsuite	79	* A [comprehensive](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master) test suite close to 100% coverage
80	* Every commit is tested on [several distributions](https://gitlab.com/jvoisin/snuffleupagus/pipelines)	80	* Every commit is tested on [several distributions](https://gitlab.com/jvoisin/snuffleupagus/pipelines)
81	* An `clang-format`-enfored code style	81	* An `clang-format`-enforced code style
82	* A [comprehensive documentation](https://snuffleupagus.rtfd.io)	82	* A [comprehensive documentation](https://snuffleupagus.rtfd.io)
83	* Usage of [coverity](https://scan.coverity.com/projects/nbs-system-snuffleupagus)	83	* Usage of [coverity](https://scan.coverity.com/projects/nbs-system-snuffleupagus)
84		84


diff --git a/doc/source/installation.rst b/doc/source/installation.rst index 3240b7a..74d5d4f 100644 --- a/doc/source/installation.rst +++ b/doc/source/installation.rst
@@ -46,6 +46,33 @@ prefer:
46	Be careful, on some distribution, there are separate configurations for	46	Be careful, on some distribution, there are separate configurations for
47	cli/fmp/cgi/… be sure to edit the right one.	47	cli/fmp/cgi/… be sure to edit the right one.
48		48
		49	If you're using `Gentoo <https://gentoo.org>`__, you might encounter the
		50	following error:
		51
		52	::
		53
		54	$ make
		55	$ /bin/sh /root/snuffleupagus-0.5.0/src/libtool --mode=compile cc -I. -I/root/snuffleupagus-0.5.0/src -DPHP_ATOM_INC -I/root/snuffleupagus-0.5.0/src/include -I/root/snuffleupagus-0.5.0/src/main -I/root/snuffleupagus-0.5.0/src -I/usr/lib64/php7.3/include/php -I/usr/lib64/php7.3/include/php/main -I/usr/lib64/php7.3/include/php/TSRM -I/usr/lib64/php7.3/include/php/Zend -I/usr/lib64/php7.3/include/php/ext -I/usr/lib64/php7.3/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -Wall -Wextra -Wno-unused-parameter -Wformat=2 -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector -c /root/snuffleupagus-0.5.0/src/snuffleupagus.c -o snuffleupagus.lo
		56	libtool: Version mismatch error. This is libtool 2.4.6, but the
		57	libtool: definition of this LT_INIT comes from an older release.
		58	libtool: You should recreate aclocal.m4 with macros from libtool 2.4.6
		59	libtool: and run autoconf again.
		60	make: *** [Makefile:193: snuffleupagus.lo] Error 63
		61	$
		62
		63	This is a `documented php bug <https://bugs.php.net/bug.php?id=58979>`__,
		64	solvable via:
		65
		66
		67	::
		68
		69	rm -f aclocal.m4
		70	phpize
		71	aclocal && libtoolize --force && autoreconf
		72	./configure --enable-snuffleupagus
		73	make
		74
		75
49	Upgrading	76	Upgrading
50	---------	77	---------
51		78


diff --git a/src/tests/stream_wrapper/stream_wrapper.phpt b/src/tests/stream_wrapper/stream_wrapper.phpt index fdea50c..3336ef6 100644 --- a/src/tests/stream_wrapper/stream_wrapper.phpt +++ b/src/tests/stream_wrapper/stream_wrapper.phpt
@@ -1,7 +1,10 @@
1	--TEST--	1	--TEST--
2	Stream wrapper	2	Stream wrapper
3	--SKIPIF--	3	--SKIPIF--
4	<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>	4	<?php
		5	if (!extension_loaded("snuffleupagus")) print "skip snuffleupagus extension missing";
		6	if (!extension_loaded("openssl")) print "skip openssl extension missing";
		7	?>
5	--INI--	8	--INI--
6	sp.configuration_file={PWD}/config/config_stream_wrapper.ini	9	sp.configuration_file={PWD}/config/config_stream_wrapper.ini
7	--FILE--	10	--FILE--


diff --git a/src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt b/src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt new file mode 100644 index 0000000..5a11c8f --- /dev/null +++ b/src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt
@@ -0,0 +1,28 @@
		1	--TEST--
		2	Stream wrapper, without a dependency on openssl
		3	--SKIPIF--
		4	<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
		5	--INI--
		6	sp.configuration_file={PWD}/config/config_stream_wrapper.ini
		7	--FILE--
		8	<?php
		9	file_get_contents('http://qweqwezxc');
		10	file_get_contents('ftp://qweqwezxc');
		11	file_get_contents('lelel://qweqwezxc');
		12	?>
		13	--EXPECTF--
		14	Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it when you configured PHP? in Unknown on line 0
		15
		16	Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it when you configured PHP? in Unknown on line 0
		17
		18	Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it when you configured PHP? in Unknown on line 0
		19
		20	Warning: file_get_contents(): Unable to find the wrapper "http" - did you forget to enable it when you configured PHP? in %a/stream_wrapper_without_openssl.php on line 2
		21
		22	Warning: file_get_contents(http://qweqwezxc): failed to open stream: No such file or directory in %a/stream_wrapper_without_openssl.php on line 2
		23
		24	Warning: file_get_contents(ftp://qweqwezxc): failed to open stream: operation failed in %a/stream_wrapper_without_openssl.php on line 3
		25
		26	Warning: file_get_contents(): Unable to find the wrapper "lelel" - did you forget to enable it when you configured PHP? in %a/stream_wrapper_without_openssl.php on line 4
		27
		28	Warning: file_get_contents(lelel://qweqwezxc): failed to open stream: No such file or directory in %a/stream_wrapper_without_openssl.php on line 4