diff options
| author | Ben Fuhrmannek | 2021-08-02 10:42:12 +0200 |
|---|---|---|
| committer | Ben Fuhrmannek | 2021-08-02 10:42:12 +0200 |
| commit | 4cda0120313dfd5d71236f6faf87416e93f5f89c (patch) | |
| tree | 0c2c6d15e8ac5287fb3304f96de719547d9e847a /doc/source | |
| parent | 6c132e6a1d8d339a20282afb5a4af52eb6bce9db (diff) | |
| parent | e62f226c3ed885808c832040872fc2d73ca46dac (diff) | |
Merge branch 'master' of https://github.com/jvoisin/snuffleupagus
Diffstat (limited to 'doc/source')
| -rw-r--r-- | doc/source/config.rst | 6 | ||||
| -rw-r--r-- | doc/source/features.rst | 12 | ||||
| -rw-r--r-- | doc/source/papers.rst | 1 |
3 files changed, 10 insertions, 9 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst index 258b1ab..84e3fa9 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst | |||
| @@ -164,6 +164,12 @@ It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` m | |||
| 164 | sp.unserialize_hmac.enable(); | 164 | sp.unserialize_hmac.enable(); |
| 165 | sp.unserialize_hmac.disable(); | 165 | sp.unserialize_hmac.disable(); |
| 166 | 166 | ||
| 167 | |||
| 168 | .. warning:: | ||
| 169 | |||
| 170 | This feature breaks web applications doing checks on the serialized | ||
| 171 | representation of data on their own, like `WordPress <https://wordpress.com/>`__. | ||
| 172 | |||
| 167 | .. _config_cookie-encryption: | 173 | .. _config_cookie-encryption: |
| 168 | 174 | ||
| 169 | Cookies-related mitigations | 175 | Cookies-related mitigations |
diff --git a/doc/source/features.rst b/doc/source/features.rst index 2eebc88..25fd62d 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst | |||
| @@ -480,15 +480,9 @@ to see that people are disabling it on production too. | |||
| 480 | We're detecting/preventing this by not allowing the ``CURLOPT_SSL_VERIFYPEER`` and | 480 | We're detecting/preventing this by not allowing the ``CURLOPT_SSL_VERIFYPEER`` and |
| 481 | ``CURLOPT_SSL_VERIFYHOST`` options from being set to ``0``. | 481 | ``CURLOPT_SSL_VERIFYHOST`` options from being set to ``0``. |
| 482 | 482 | ||
| 483 | *Cheap* SQL injections detection | 483 | *Cheap* error-based SQL injections detection |
| 484 | """""""""""""""""""""""""""""""" | 484 | """""""""""""""""""""""""""""""""""""""""""" |
| 485 | 485 | ||
| 486 | In some SQL injections, attackers might need to use comments, a feature that is | 486 | If a function performing a SQL query returns ``FALSE`` |
| 487 | often not used in production system, so it might be a good idea to filter | ||
| 488 | queries that contains some. The same filtering idea can be used against | ||
| 489 | SQL functions that are frequently used in SQL injections, like ``sleep``, ``benchmark`` | ||
| 490 | or strings like ``version_info``. | ||
| 491 | |||
| 492 | On the topic of SQL injections, if a function performing a query returns ``FALSE`` | ||
| 493 | (indicating an error), it might be useful to dump the request for further analysis. | 487 | (indicating an error), it might be useful to dump the request for further analysis. |
| 494 | 488 | ||
diff --git a/doc/source/papers.rst b/doc/source/papers.rst index 3cdb909..35905dd 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst | |||
| @@ -101,6 +101,7 @@ Articles | |||
| 101 | """" | 101 | """" |
| 102 | 102 | ||
| 103 | - `Sortie de Snuffleupagus 0.7.0 - Los Elefantes <https://linuxfr.org/news/sortie-de-snuffleupagus-0-7-0-los-elefantes>`__ (fr) - linuxfr | 103 | - `Sortie de Snuffleupagus 0.7.0 - Los Elefantes <https://linuxfr.org/news/sortie-de-snuffleupagus-0-7-0-los-elefantes>`__ (fr) - linuxfr |
| 104 | - `Virtual patching CVE-2021-29447 with Snuffleupagus <https://dustri.org/b/virtual-patching-cve-2021-29447-with-snuffleupagus.html>`__ - dustri.org | ||
| 104 | 105 | ||
| 105 | 106 | ||
| 106 | Papers | 107 | Papers |