Merge remote-tracking branch 'upstream/master'

author: Ben Fuhrmannek 2021-02-16 11:16:59 +0100
committer: Ben Fuhrmannek 2021-02-16 11:16:59 +0100
commit: 5484bcb5eb2714e7438927e2566c86a74d7c51af (patch)
tree: b78326d2999397be4c08e06b23209981f82a4ea9 /doc/source
parent: 7ac1e3866ef4f146c6c93a5ca13b9aebb14e936a (diff)
parent: cecfdd808da67be908dbe7144cc8c74dfb3f855e (diff)
9 files changed, 259 insertions, 61 deletions
diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst
index 55b5c7e..307c92c 100644
--- a/doc/source/changelog.rst
+++ b/doc/source/changelog.rst
@@ -1,9 +1,64 @@
 Changelog
 =========
+0.7.0 - `Los Elefantes <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.7.0>`__ 2021/01/02
+----------------------------------------------------------------------------------------------------------
-0.5.0 - `Elephant Flats <https://github.com/nbs-system/snuffleupagus/releases/tag/v0.5.0>`__ 2019/06/12
+New features
--------------------------------------------------------------------------------------------------------------
+^^^^^^^^^^^^
+* PHP8 support
+* Stacktraces in dumps
+* The ``>`` operator now skips over functions
+Improvements
+^^^^^^^^^^^^
+* Move the CI from travis to gitlab-ci
+* Some code simplifications and constifications
+* PCRE2 is now used when possible
+* The ``generate_rules.php`` script is now more portable
+Bug fixes
+^^^^^^^^^
+* The strict mode is now disableable
+0.6.0 - `Elephant in the room <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.6.0>`__ 2020/11/06
+----------------------------------------------------------------------------------------------------------
+New features
+^^^^^^^^^^^^
+* Allow empty configurations
+Improvements
+^^^^^^^^^^^^
+* More constification
+* Snuffleupagus should now be able to get client's ip addresses in more cases
+* Documented compatibility with Heroku
+* Improved logging
+* Added a couple of tests
+0.5.1 - `Order of the Elephant <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.5.1>`__ 2020/06/20
+-----------------------------------------------------------------------------------------------------------
+New features
+^^^^^^^^^^^^
+* Add support for syslog
+Improvements
+^^^^^^^^^^^^
+* Improve OSX support
+* Improve marginally of php8+ compatibility
+* Improve php7.4 compatibility
+* Improve the default ruleset
+* Improve the documentation
+* Improve the gitlab CI
+0.5.0 - `Elephant Flats <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.5.0>`__ 2019/06/12
+----------------------------------------------------------------------------------------------------
 Improvements
 ^^^^^^^^^^^^
@@ -28,8 +83,8 @@ Bug fixes
-0.4.1 - `Loxodonta <https://github.com/nbs-system/snuffleupagus/releases/tag/v0.4.1>`__ 2018/12/21
+0.4.1 - `Loxodonta <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.4.1>`__ 2018/12/21
--------------------------------------------------------------------------------------------------------------
+-----------------------------------------------------------------------------------------------
 Improvements
 ^^^^^^^^^^^^
@@ -49,8 +104,8 @@ Bug fixes
-0.4.0 - `Oliphant Chuckerbutty <https://github.com/nbs-system/snuffleupagus/releases/tag/v0.4.0>`__ 2018/08/31
+0.4.0 - `Oliphant Chuckerbutty <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.4.0>`__ 2018/08/31
--------------------------------------------------------------------------------------------------------------
+-----------------------------------------------------------------------------------------------------------
 New features
 ^^^^^^^^^^^^
@@ -88,8 +143,8 @@ Bug fixes
-0.3.1 - `Elephant Arch <https://github.com/nbs-system/snuffleupagus/releases/tag/v0.3.1>`__ 2018/08/20
+0.3.1 - `Elephant Arch <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.3.1>`__ 2018/08/20
------------------------------------------------------------------------------------------------------
+---------------------------------------------------------------------------------------------------
 Improvements
 ^^^^^^^^^^^^
@@ -111,21 +166,21 @@ Bug fixes
 - Fix the Arch Linux's PKGBUILD
-0.3.0 - `Dentalium elephantinum <https://github.com/nbs-system/snuffleupagus/releases/tag/v0.3.0>`__ 2018/07/17
+0.3.0 - `Dentalium elephantinum <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.3.0>`__ 2018/07/17
---------------------------------------------------------------------------------------------------------------
+------------------------------------------------------------------------------------------------------------
 New features
 ^^^^^^^^^^^^
- Session cookies can now be `encrypted <https://github.com/nbs-system/snuffleupagus/pull/178>`__
+- Session cookies can now be `encrypted <https://github.com/jvoisin/snuffleupagus/pull/178>`__
- Some occurrences of `type juggling <https://github.com/nbs-system/snuffleupagus/pull/186>`__ can now be eradicated
+- Some occurrences of `type juggling <https://github.com/jvoisin/snuffleupagus/pull/186>`__ can now be eradicated
- It's  `now possible <https://github.com/nbs-system/snuffleupagus/pull/187>`__ to hook `echo` and `print`
+- It's  `now possible <https://github.com/jvoisin/snuffleupagus/pull/187>`__ to hook `echo` and `print`
 Improvements
 ^^^^^^^^^^^^
- The `.filename()` filter is `now matching <https://github.com/nbs-system/snuffleupagus/pull/167>`__ on the file where the function is called instead on the one where it's defined.
+- The `.filename()` filter is `now matching <https://github.com/jvoisin/snuffleupagus/pull/167>`__ on the file where the function is called instead on the one where it's defined.
- Vastly `optimize <https://github.com/nbs-system/snuffleupagus/issues/166>`__ the way we hook native functions
+- Vastly `optimize <https://github.com/jvoisin/snuffleupagus/issues/166>`__ the way we hook native functions
 - The format of the logs has been streamlined to ease their processing
@@ -134,11 +189,11 @@ Bug fixes
 - Better handling of filters for built-in functions
 - Fix various possible integer overflows
- Fix an `annoying memory leak <https://github.com/nbs-system/snuffleupagus/issues/192#issuecomment-404538124>`__ impacting mostly `mod_php`  
+- Fix an `annoying memory leak <https://github.com/jvoisin/snuffleupagus/issues/192#issuecomment-404538124>`__ impacting mostly `mod_php`  
-0.2.2 - `Elephant Moraine <https://github.com/nbs-system/snuffleupagus/releases/tag/v0.2.2>`__ 2018/04/12
+0.2.2 - `Elephant Moraine <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.2.2>`__ 2018/04/12
---------------------------------------------------------------------------------------------------------
+------------------------------------------------------------------------------------------------------
 New features
 ^^^^^^^^^^^^
@@ -160,8 +215,8 @@ Bug fixes
 - Fix a crash related to variadic functions
-0.2.1 - `Elephant Point <https://github.com/nbs-system/snuffleupagus/releases/tag/v0.2.1>`__ 2018/02/07
+0.2.1 - `Elephant Point <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.2.1>`__ 2018/02/07
-------------------------------------------------------------------------------------------------------
+----------------------------------------------------------------------------------------------------
 Bug fixes
 ^^^^^^^^^
@@ -177,8 +232,8 @@ Improvements
 - Improve a bit the portability of the code
 - Minor code simplification
-0.2.0 - `Elephant Rally <https://github.com/nbs-system/snuffleupagus/releases/tag/v0.2.0>`__ - 2018/01/18
+0.2.0 - `Elephant Rally <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.2.0>`__ - 2018/01/18
---------------------------------------------------------------------------------------------------------
+------------------------------------------------------------------------------------------------------
 New features
 ^^^^^^^^^^^^
@@ -209,7 +264,7 @@ External contributions
 - Simplification and clean up of our linked-list implementation by `smagnin <https://github.com/smagnin>`__
-0.1.0 - `Mighty Mammoth <https://github.com/nbs-system/snuffleupagus/releases/tag/v0.1.0>`__ - 2017/12/21
+0.1.0 - `Mighty Mammoth <https://github.com/jvoisin/snuffleupagus/releases/tag/v0.1.0>`__ - 2017/12/21
---------------------------------------------------------------------------------------------------------
+------------------------------------------------------------------------------------------------------
 - Initial release
diff --git a/doc/source/conf.py b/doc/source/conf.py
index 644af6e..a150403 100644
--- a/doc/source/conf.py
+++ b/doc/source/conf.py
@@ -47,7 +47,7 @@ master_doc = 'index'
 # General information about the project.
 project = u'Snuffleupagus'
-copyright = u'%d, NBS System' % datetime.now().year
+copyright = u'2017-2018 NBS System, 2019-%d Julien (jvoisin) Voisin' % datetime.now().year
 author = u'Sebastien Blot & Julien Voisin'
 # The version info for the project you're documenting, acts as replacement for
@@ -57,7 +57,7 @@ author = u'Sebastien Blot & Julien Voisin'
 # The short X.Y version.
 version = u'0.1'
 # The full version, including alpha/beta/rc tags.
-release = u'beta'
+release = u'stable'
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
diff --git a/doc/source/config.rst b/doc/source/config.rst
index 91e085c..258b1ab 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -327,7 +327,11 @@ The ``function`` filter is able to do various dereferencing:
 - ``function("AwesomeClass::my_method")`` will match the method ``my_method`` in the class ``AwesomeClass``
 - ``function("AwesomeNamespace\\my_function")`` will match the function ``my_function`` in the namespace ``AwesomeNamespace``
-The ``param`` filter is also able to do some dereferencing:
+It's also able to have calltrace constrains: ``function(func1>func2)`` will
+match only if ``func2`` is called **inside** of ``func1``. Do note that their
+might be other functions called between them.
+The ``param`` filter is able to do some dereferencing as well:
 - ``param($foo[bar])`` will get a match on the value corresponding to the ``bar`` key in the hashtable ``foo``.
  Remember that in PHP, almost every data structure is a hashtable. You can of course nest this like
diff --git a/doc/source/download.rst b/doc/source/download.rst
index fd61099..a41af12 100644
--- a/doc/source/download.rst
+++ b/doc/source/download.rst
@@ -4,14 +4,25 @@ Download
 Arch Linux
 ----------
-We're providing a `PKGBUILD <https://github.com/jvoisin/snuffleupagus/blob/master/PKGBUILD>`__,
+Thanks to `kpcyrd <https://github.com/kpcyrd>`__, Snuffleupagus is
-so you can build a package yourself.
+`available <https://www.archlinux.org/packages/community/x86_64/php-snuffleupagus/>`__
+in Archlinux' community repository.
+We're also providing a `PKGBUILD <https://github.com/jvoisin/snuffleupagus/blob/master/PKGBUILD>`__
+if you want to build the package yourself.
 Alpine Linux
 ------------
-We're providing a `APKBUILD <https://github.com/jvoisin/snuffleupagus/blob/master/APKBUILD>`__,
+We're maintaining the `package in Alpine <https://github.com/alpinelinux/aports/blob/master/testing/php7-snuffleupagus/APKBUILD>`__:
-so you can build a package yourself.
+you can simply ``apk add`` it.
+CloudLinux
+----------
+Snuffleupagus is packaged there `since 2019 <https://www.cloudlinux.com/cloudlinux-os-blog/entry/alt-php-updated-1-98>`__:
+you can ``yum install alt-php*-snuffleupagus`` it.
 Debian and Ubuntu
 -----------------
@@ -20,17 +31,20 @@ We're currently not providing a Debian/Ubuntu repository,
 but you can grab the latest release on `github <https://github.com/jvoisin/snuffleupagus/releases>`__,
 or build your own package by cloning the source code and typing ``make debian``.
+There is a `bug open <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894821>`__
+Debian-side to track the inclusion.
 Fedora
 ------
-Thanks to [Rémo Collet](https://twitter.com/RemiCollet), Snuffleupagus is
+Thanks to `Rémo Collet <https://twitter.com/RemiCollet>`__, Snuffleupagus is
-[packaged](https://pkgs.org/download/php-snuffleupagus) in Fedora!
+`packaged <https://pkgs.org/download/php-snuffleupagus>`__ in Fedora!
 FreeBSD
 -------
-Thanks to [Franco Fichtner](https://twitter.com/fitchitis), Snuffleupagus is
+Thanks to `Franco Fichtner <https://twitter.com/fitchitis>`__, Snuffleupagus is
-[packaged](https://www.freshports.org/security/snuffleupagus/) in FreeBSD!
+`packaged <https://www.freshports.org/security/snuffleupagus/>`__ in FreeBSD!
 Source code
 -----------
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 3c09409..bdfc7c1 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -39,14 +39,14 @@ we thought that using an elephant as a mascot would be a great idea.
 Who are you and why did you write Snuffleupagus?
 """"""""""""""""""""""""""""""""""""""""""""""""
-We're working for `NBS System <https://nbs-system.com/en/>`__,
+The project started at `NBS System <https://nbs-system.com/en/>`__,
 a web hosting company (meaning that we're dealing with PHP code all day long),
 with a strong focus on security. We do have several layers of hardening
 (`kernel <https://grsecurity.net/>`_, `WAF <https://naxsi.org>`_,
 `IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, etc),
 but we had nothing for PHP7.
-Nowadays, Snuffleupagus is maintained by Julien (jvoisin) Voisin.
+Nowadays, Snuffleupagus is maintained by Julien (`jvoisin <https://dustri.org>`__) Voisin.
 Why not Suhosin?
@@ -107,8 +107,8 @@ How mature is this project?
 """""""""""""""""""""""""""
 This project has been floating around since early 2016 and we did the first commit
-the 28ᵗʰ of December of the same year. We're currently in an beta phase,
+the 28ᵗʰ of December of the same year. It's currently stable,
-finding and fixing as many bugs as possible before declaring it stable.
+and is usable and used in production.
 Are you saying that PHP isn't secure?
 """""""""""""""""""""""""""""""""""""
@@ -187,8 +187,8 @@ Will Snuffleupagus run on my old PHP 5?
 """""""""""""""""""""""""""""""""""""""
 No.
-Since PHP5 `will be deprecated at the end of 2018 <http://php.net/supported-versions.php>`_,
+Since PHP5 `is deprecated since the end of 2018 <http://php.net/supported-versions.php>`_,
-you should think about moving to PHP7 anyway. You can (and should) use
+you should think about moving to PHP7. You can (and should) use
 `Suhosin <https://suhosin.org>`_ in the meantime.
 Help and support
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 0c23dc1..2eebc88 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -30,10 +30,13 @@ This feature is even more effective when used along with :ref:`readonly_exec <re
 Examples of related vulnerabilities
 """""""""""""""""""""""""""""""""""
- `CVE-2017-7981 <https://tuleap.net/plugins/tracker/?aid=10159>`_: Authenticated remote code execution on Tuleap
+- `CVE-2013-3630 <https://www.rapid7.com/db/modules/exploit/multi/http/moodle_cmd_exec>`__: Authenticated remote code execution in Moodle
- `CVE-2014-4688 <https://www.pfsense.org/security/advisories/pfSense-SA-14_10.webgui.asc>`_: Authenticated remote code execution on pfSense
+- `CVE-2014-1610 <https://www.rapid7.com/db/modules/exploit/multi/http/mediawiki_thumb>`__: Unauthenticated remote code execution in DokuWiki
- `CVE-2014-1610 <https://www.rapid7.com/db/modules/exploit/multi/http/mediawiki_thumb>`_: Unauthenticated remote code execution on DokuWiki
+- `CVE-2014-4688 <https://www.pfsense.org/security/advisories/pfSense-SA-14_10.webgui.asc>`__: Authenticated remote code execution in pfSense
- `CVE-2013-3630 <https://www.rapid7.com/db/modules/exploit/multi/http/moodle_cmd_exec>`_: Authenticated remote code execution on Moodle
+- `CVE-2017-7981 <https://tuleap.net/plugins/tracker/?aid=10159>`__: Authenticated remote code execution in Tuleap
+- `CVE-2018-20434 <https://www.exploit-db.com/exploits/47044>`__: Authenticated remote code execution in LibreNMS
+- `CVE-2020-5791 <https://www.tenable.com/security/research/tra-2020-58)>`__: Authenticated remote code execution in Nagios XI
+- `CVE-2020-8813 <https://www.exploit-db.com/exploits/48159>`__: Unauthenticated remote code execution in Cacti
 - Every single `modem/router/switch/IoT/… <https://twitter.com/internetofshit>`_.
@@ -62,6 +65,7 @@ Examples of related vulnerabilities
 - `CVE-2016-10074 <https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html>`_: remote code execution in SwiftMailer
 - `CVE-2016-10033 <https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html>`_: remote code execution in PHPMailer
 - `CVE-2016-9920 <https://www.ripstech.com/blog/2016/roundcube-command-execution-via-email/>`_: Unauthenticated remote code execution in Roundcube
+- `CVE-2019-???? <https://www.exploit-db.com/exploits/46136>`__:  Unauthenticated remote code execution in Horde
 .. _cookie-encryption-feature:
@@ -115,6 +119,9 @@ Examples of related vulnerabilities
 - `CVE-2017-6090 <https://sysdream.com/news/lab/2017-09-29-cve-2017-6090-phpcollab-2-5-1-arbitrary-file-upload-unauthenticated/>`_: Unauthenticated remote code execution in PhpCollab
 - `EDB-38407 <https://www.exploit-db.com/exploits/38407/>`_: Authenticated remote code execution in GLPI
 - `CVE-2013-5576 <https://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads>`_: Authenticated remote code execution in Joomla
+- `CVE-2019-15813 <https://www.exploit-db.com/exploits/48955>`__: Authenticated remote code execution in Sentrifugo
+- `CVE-2019-17132 <http://karmainsecurity.com/KIS-2019-02>`__: Authenticated remote code execution in vBulletin
+- `CVE-2020-10682 <http://dev.cmsmadesimple.org/bug/view/12275>`__: Authenticated remote code execution in CMS Made Simple
 - `EDB-19154 <https://www.rapid7.com/db/modules/exploit/multi/http/qdpm_upload_exec>`_: Authenticated remote code execution in qdPM
@@ -154,21 +161,26 @@ without the need to invalidate any data.
 A nice side-effect of this feature is that it will defeat various memory corruption
 issues related to the complexity of ``unserialize``'s implementation,
-and the amount of control if provides to an attacker, like `CVE-2016-9137, CVE-2016-9138 <https://bugs.php.net/bug.php?id=73147>`_,
+and the amount of control if provides to an attacker, like `CVE-2016-9137,
-`2016-7124 <https://bugs.php.net/bug.php?id=72663>`_, `CVE-2016-5771 and CVE-2016-5773 <https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/>`_.
+CVE-2016-9138 <https://bugs.php.net/bug.php?id=73147>`_, `2016-7124
+<https://bugs.php.net/bug.php?id=72663>`_, `CVE-2016-5771 and CVE-2016-5773
+<https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/>`_.
 Examples of related vulnerabilities
 """""""""""""""""""""""""""""""""""
- `CVE-2016-???? <https://www.computest.nl/advisories/CT-2016-1110_Observium.txt>`_: Unauthenticated remote code execution in Observium (leading to remote root)
+- `CVE-2012-5692 <https://www.rapid7.com/db/modules/exploit/unix/webapp/invision_pboard_unserialize_exec>`_: Unauthenticated remote code execution in IP.Board
- `CVE-2016-5726 <http://seclists.org/oss-sec/2016/q2/521>`_: Unauthenticated remote code execution in Simple Machines Forums
+- `CVE-2014-1691 <http://seclists.org/oss-sec/2014/q1/153>`_: Unauthenticated remote code execution in Horde
+- `CVE-2015-7808 <https://www.rapid7.com/db/modules/exploit/multi/http/vbulletin_unserialize>`_: Unauthenticated remote code execution in vBulletin
+- `CVE-2015-8562 <https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce>`_: Unauthenticated remote code execution in Joomla
 - `CVE-2016-4010 <http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/>`_: Unauthenticated remote code execution in Magento
+- `CVE-2016-5726 <http://seclists.org/oss-sec/2016/q2/521>`_: Unauthenticated remote code execution in Simple Machines Forums
+- `CVE-2016-???? <https://www.computest.nl/advisories/CT-2016-1110_Observium.txt>`_: Unauthenticated remote code execution in Observium (leading to remote root)
 - `CVE-2017-2641 <http://netanelrub.in/2017/03/20/moodle-remote-code-execution/>`_: Unauthenticated remote code execution in Moodle
- `CVE-2015-8562 <https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce>`_: Unauthenticated remote code execution in Joomla
+- `CVE-2018-17057 <https://www.exploit-db.com/exploits/46634>`: Unauthenticated remote code execution in LimeSurvey
- `CVE-2015-7808 <https://www.rapid7.com/db/modules/exploit/multi/http/vbulletin_unserialize>`_: Unauthenticated remote code execution in vBulletin
+- `CVE-2018-19274 <https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution/>`__: Authenticated remote code execution in phpBB
- `CVE-2014-1691 <http://seclists.org/oss-sec/2014/q1/153>`_: Unauthenticated remote code execution in Horde
+- `CVE-2019-6340 <https://www.ambionics.io/blog/drupal8-rce>`__:  Unauthenticated remote code execution in Drupal
- `CVE-2012-5692 <https://www.rapid7.com/db/modules/exploit/unix/webapp/invision_pboard_unserialize_exec>`_: Unauthenticated remote code execution in IP.Board
 .. _harden-rand-feature:
@@ -317,6 +329,8 @@ and various other types mismatch.
 This feature is largely inspired from the
 `autostrict <https://github.com/krakjoe/autostrict>`_ module from `krakjoe <http://krakjoe.ninja>`__.
+PHP8 already has [this feature](https://wiki.php.net/rfc/consistent_type_errors) for internal functions.
 .. _sloppy-comparisons-feature:
@@ -339,6 +353,9 @@ but also the `in_array
 <https://secure.php.net/manual/en/function.array-search.php>`__ and `array_keys
 <https://secure.php.net/manual/en/function.array-keys.php>`__ functions.
+PHP8 is implementing [a subset](https://wiki.php.net/rfc/consistent_type_errors) of this feature.
 .. _readonly-exec-feature:
 Preventing execution of writable PHP files
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 955cebb..443abf6 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -1,7 +1,8 @@
 Snuffleupagus
 =============
-Snuffleupagus is a `PHP7+ <http://php.net/manual/en/migration70.php>`_
+Snuffleupagus is a `PHP7+ <https://php.net/manual/en/migration70.php>`__ and
+`PHP8+ <https://www.php.net/manual/en/migration80.php>`__
 module designed to drastically raise the cost of attacks against websites. This is achieved
 by killing entire bug classes and providing a powerful virtual-patching system,
 allowing the administrator to fix specific vulnerabilities without having to touch the PHP code.
diff --git a/doc/source/installation.rst b/doc/source/installation.rst
index a6b0ff8..c4cc355 100644
--- a/doc/source/installation.rst
+++ b/doc/source/installation.rst
@@ -73,7 +73,85 @@ solvable via:
  make
+Heroku installation
+-------------------
+Heroku's official `buildpack <https://github.com/heroku/heroku-buildpack-php/>`_
+uses ``Composer`` to install all dependencies required by your PHP application.
+Careful with the `default set of rules
+<https://github.com/jvoisin/snuffleupagus/blob/master/config/default.rules>`__,
+since it might block the composer deployment, leading to the following errors:
+::
+  heroku[web.1]: Starting process with command `vendor/bin/heroku-php-apache2 -F fpm_custom.conf public/`
+  heroku[web.1]: Stopping all processes with SIGTERM
+  app[web.1]: Stopping httpd...
+  app[web.1]: SIGTERM received, attempting graceful shutdown...
+  app[web.1]: Stopping php-fpm...
+  app[web.1]: Shutdown complete.
+  heroku[web.1]: Process exited with status 143
+  app[web.1]: [heroku-exec] Starting
+  app[web.1]: Unable to determine Composer vendor-dir setting; is 'composer' executable on path or 'composer.phar' in current working directory?
+  heroku[web.1]: Process exited with status 1
+  heroku[web.1]: State changed from starting to crashed
+Requirements
+^^^^^^^^^^^^
+To install snuffleupagus on heroku, simply follow the `documentation <https://devcenter.heroku.com/articles/php-support#custom-compile-step>`_,
+and edit the ``composer.json`` file, as well as the ``Procfile`` to load the additional PHP-FPM configuration.
+composer.json
+"""""""""""""
+::
+    {
+        "require": {
+            "php": "~7.4.6"
+        },
+        "config": {
+            "platform": {
+                "php": "7.4.6"
+            }
+        },
+        "scripts": {
+            "compile": [
+                "git clone https://github.com/jvoisin/snuffleupagus /tmp/snuffleupagus",
+                "cd /tmp/snuffleupagus/src && phpize && ./configure --enable-snuffleupagus && make && make install",
+                "echo 'extension=snuffleupagus.so\nsp.allow_broken_configuration=on\nsp.configuration_file=/dev/null' > /app/.heroku/php/etc/php/conf.d/999-ext-snuffleupagus.ini"
+            ]
+        }
+    }
+This configuration will compile Snuffleupagus to shared library, install it to the proper
+location and specify an empty configuration in ``sp.configuration_file`` to ensure
+that the ``composer`` deployment phase won't get killed by some rules.
+PHP-FPM
+"""""""
+::
+    ; ext-snuffleupagus
+    php_admin_flag[sp.allow_broken_configuration] = off
+    php_admin_value[sp.configuration_file]        = /app/default.rules
+The final step is to point ``sp.configuration_file`` to a rule set by setting
+the preference in an additional `PHP-FPM
+configuration <https://devcenter.heroku.com/articles/custom-php-settings#php-fpm-configuration-include>`_.
+You should now be running Snuffleupagus in PHP on heroku:
+::
+  app[web.1]: [05-Jul-2020 07:45:22 UTC] PHP Fatal error:  [snuffleupagus][0.0.0.0][disabled_function] Aborted execution on call of the function 'exec', because its argument '$command' content (id;whoami) matched a rule in /app/public/test2.php on line 1
+  app[web.1]: 10.9.226.141 - - [05/Jul/2020:07:45:22 +0000] "GET /test2.php?cmd=id;whoami HTTP/1.1" 500 - "-" "curl/7.68.0
+  heroku[router]: at=info method=GET path="/test2.php?cmd=id;whoami" host=heroku-x-snuffleupagus.herokuapp.com request_id=012345678-9012-3456-7890-123456789012 fwd="1.2.3.4" dyno=web.1 connect=0ms service=7ms status=500 bytes=169 protocol=http
 Upgrading
 ---------
-Upgrading the Snuffleupagus is as simple as recompiling it (or using a binary), replacing the file and restarting your webserver.
+Upgrading Snuffleupagus is as simple as recompiling it (or using a binary), replacing the file and restarting your webserver.
diff --git a/doc/source/papers.rst b/doc/source/papers.rst
index 3d5e42a..3cdb909 100644
--- a/doc/source/papers.rst
+++ b/doc/source/papers.rst
@@ -9,15 +9,15 @@ Talks
 2017
 """"
- `BerlinSide0x08 <https://berlinsides.org/?page_id=2168>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/berlinsides_2017.pdf>`__
+- `BerlinSide0x08 <https://berlinsides.org/?page_id=2168>`_ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/berlinsides_2017.pdf>`__
- `Hack.lu 2017 <https://2017.hack.lu/talks/>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/hacklu_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=RzaRiuJ6MkI>`__
+- `Hack.lu 2017 <https://2017.hack.lu/talks/>`_ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/hacklu_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=RzaRiuJ6MkI>`__
- `BlackAlps <https://blackalps.ch/2017program.php>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/blackalps_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=2GeUnOzDGxc>`__
+- `BlackAlps <https://blackalps.ch/2017program.php>`_ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/blackalps_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=2GeUnOzDGxc>`__
 2018
 """"
- `Pass the Salt <https://2018.pass-the-salt.org/schedule/#snuffleupagus>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/passthesalt_2018.pdf>`__ - `video <https://passthesalt.ubicast.tv/videos/snuffleupagus-killing-bug-classes-and-virtual-patching-the-rest/>`__
+- `Pass the Salt <https://2018.pass-the-salt.org/schedule/#snuffleupagus>`_ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/passthesalt_2018.pdf>`__ - `video <https://passthesalt.ubicast.tv/videos/snuffleupagus-killing-bug-classes-and-virtual-patching-the-rest/>`__
- `44con <https://44con.com/44con/44con-2018/44con-2018-talks/>`__ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/44con_2018.pdf>`__
+- `44con <https://44con.com/44con/44con-2018/44con-2018-talks/>`__ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/44con_2018.pdf>`__
 2020
 """"
@@ -31,13 +31,17 @@ Mentions
 - `Habr - PHP-Дайджест № 118 – свежие новости, материалы и инструменты <https://habr.com/en/company/zfort/blog/339630/>`__ (ru) - Habr
 - `Intrinsec's blog - Hack.lu 2017 <https://securite.intrinsec.com/2017/10/20/hack-lu-2017/>`__ (fr) - Intrinsec's blog
- `Paragon Initiative Enterprises Blog - The 2018 Guide to Building Secure PHP Software <https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software>`__ - 2017-12-12
+- `Paragon Initiative Enterprises Blog - The 2018 Guide to Building Secure PHP Software <https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software>`__
 2018
 """"
 - `Habr - PHP-Дайджест № 138 <https://habr.com/en/company/zfort/blog/422069/>`__ (ru) - Habr
 - `PhpStorm's blog - PHP Annotated Monthly <https://blog.jetbrains.com/phpstorm/2018/08/php-annotated-monthly-august-2018/>`__ - PhpStorm's blog
+- `PHP Weekly <http://www.phpweekly.com/archive/2018-02-08.html>`__
+- `New variant in wp-gdpr-compliance vulnerability and fixing it with virtual
+  patching <https://medium.com/alertot/new-variant-in-wp-gdpr-compliance-vulnerability-and-fixing-it-with-virtual-patching-4b72d7496c1c>`__
+  - alertot
 2019
 """"
@@ -46,6 +50,17 @@ Mentions
 - `Habr - PHP-Дайджест № 160 <https://habr.com/ru/post/460022/>`__ (ru) - Habr
+2020
+""""
+- `Modern PHP Security Part 2: Breaching and hardening the PHP engine <https://labs.detectify.com/2020/08/20/modern-php-security-part-2-breaching-and-hardening-the-php-engine/>`__ - Detectify's blog
+2021
+""""
+- `Habr - PHP Дайджест № 196 <https://habr.com/ru/post/536726/>`__ (ru) - Habr
 Articles
 --------
@@ -72,6 +87,20 @@ Articles
 - `Проект Snuffleupagus развивает PHP-модуль для блокирования уязвимостей <https://www.opennet.ru/opennews/art.shtml?num=51031>`__ (ru) - opennet.ru
 - `What the f*ck is a Snuffleupagus?  <https://medium.com/@live_the_dream/what-the-f-ck-is-a-snuffleupagus-f838fb64f857>`__ - Living The Dream
 - `Snuffleupagus: Open source security tool hardens PHP sites against cyber-attacks <https://portswigger.net/daily-swig/snuffleupagus-open-source-security-tool-hardens-php-sites-against-cyber-attacks>`__ - The Daily Swig
+- `Snuffleupagus versus recent high-profile vulnerabilities <https://dustri.org/b/snuffleupagus-versus-recent-high-profile-vulnerabilities.html>`__ - dustri.org
+2020
+""""
+- `Snuffleupagus, un excelente módulo para bloquear vulnerabilidades en aplicaciones PHP <https://www.linuxadictos.com/snuffleupagus-un-excelente-modulo-para-bloquear-vulnerabilidades-en-aplicaciones-php.html>`__ (es) - linuxadictos.com
+- `Выпуск Snuffleupagus 0.5.1, модуля для блокирования уязвимостей в PHP-приложениях <https://www.opennet.ru/opennews/art.shtml?num=53211>`__ (ru) - opennet.ru
+- `Snuffleupagus versus recent high-profile vulnerabilities, again! <https://dustri.org/b/snuffleupagus-versus-recent-high-profile-vulnerabilities-again.html>`__ - dustri.org
+- `Snuffleupagus, módulo para bloquear vulnerabilidades en aplicaciones PHP <https://underc0de.org/foro/seguridad-en-servidores/snuffleupagus-modulo-para-bloquear-vulnerabilidades-en-aplicaciones-php/>`__ - (es) - underc0de.org
+2021
+""""
+- `Sortie de Snuffleupagus 0.7.0 - Los Elefantes <https://linuxfr.org/news/sortie-de-snuffleupagus-0-7-0-los-elefantes>`__ (fr) - linuxfr
 Papers
author	Ben Fuhrmannek	2021-02-16 11:16:59 +0100
committer	Ben Fuhrmannek	2021-02-16 11:16:59 +0100
commit	5484bcb5eb2714e7438927e2566c86a74d7c51af (patch)
tree	b78326d2999397be4c08e06b23209981f82a4ea9 /doc/source
parent	7ac1e3866ef4f146c6c93a5ca13b9aebb14e936a (diff)
parent	cecfdd808da67be908dbe7144cc8c74dfb3f855e (diff)