Merge remote-tracking branch 'upstream/master'

7 files changed, 158 insertions, 82 deletions

diff --git a/doc/source/config.rst b/doc/source/config.rst
index 89e063f..91e085c 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -81,6 +81,24 @@ This configuration variable contains parameters that are used by multiple featur
 - ``cookie_env_var``: A environment variable used as part of cookies encryption.
   See the :ref:`relevant documentation <config_cookie-encryption>`
 
+log_media
+^^^^^^^^^
+
+This configuration variable allows to specify how logs should be written,
+either via ``php`` or ``syslog``.
+
+::
+
+  sp.log_media("php");
+  sp.log_media("syslog");
+
+The default value for ``sp.log_media`` is ``php``, to respect the `principle of
+least astonishment
+<https://en.wikipedia.org/wiki/Principle_of_least_astonishment>`__. But since
+it's `possible to modify php's logging system via php
+<https://www.php.net/manual/en/errorfunc.configuration.php>`__, it's
+heavily recommended to use the ``syslog`` option instead.
+
 
 Bugclass-killer features
 ------------------------
@@ -181,8 +199,8 @@ argument and various information about it in the environment:
 
 This feature can be used, for example, to check if an uploaded file contains php
 code, using `vld <https://derickrethans.nl/projects.html#vld>`_,
-via `a python script <https://github.com/nbs-system/snuffleupagus/tree/master/scripts/upload_validation.py>`__,
-or `a php one <https://github.com/nbs-system/snuffleupagus/tree/master/scripts/upload_validation.php>`__.
+via `a python script <https://github.com/jvoisin/snuffleupagus/tree/master/scripts/upload_validation.py>`__,
+or `a php one <https://github.com/jvoisin/snuffleupagus/tree/master/scripts/upload_validation.php>`__.
 
 The upload will be **allowed** if the script returns the value ``0``. Every other
 value will prevent the file from being uploaded.
@@ -236,8 +254,11 @@ blacklisted, it'll be allowed.
 Virtual-patching
 ----------------
 
-Snuffleupagus provides virtual-patching via the ``disable_function`` directive, allowing you to stop or control dangerous behaviours.
-In the situation where you have a call to ``system()`` that lacks proper user-input validation, this could cause issues as it would lead to an **RCE**. The virtual-patching would allow this to be prevented.
+Snuffleupagus provides virtual-patching via the ``disable_function`` directive,
+allowing you to stop or control dangerous behaviours.  In the situation where
+you have a call to ``system()`` that lacks proper user-input validation, this
+could cause issues as it would lead to an **RCE**. The virtual-patching would
+allow this to be prevented.
 
 ::
    
@@ -287,8 +308,14 @@ The ``type`` must be one of the following values:
 Actions
 ^^^^^^^
 
+Every rule *must* have one action.
+
 - ``allow()``: **allow** the request if the rule matches
 - ``drop()``: **drop** the request if the rule matches
+
+Modifications
+^^^^^^^^^^^^^
+
 - ``dump(directory)``: dump the request in the ``directory`` if it matches the rule
 - ``simulation()``: enabled the simulation mode
 
@@ -324,7 +351,7 @@ For clarity, the presence of the ``allow`` or ``drop`` action is **mandatory**.
   because it'll match the deny first.
 
 If you're paranoid, we're providing a `php script
-<https://github.com/nbs-system/snuffleupagus/blob/master/scripts/generate_rules.php>`__
+<https://github.com/jvoisin/snuffleupagus/blob/master/scripts/generate_rules.php>`__
 to automatically generate hash of files containing dangerous functions, and
 blacklisting them everywhere else.
 
@@ -340,7 +367,7 @@ It's currently not possible to:
   things like this, odds are that you're doing something wrong anyway.
 - Hooks on ``echo`` and on ``print`` are equivalent: there is no way to hook one
   without hooking the other, at least
-  `for now <https://github.com/nbs-system/snuffleupagus/issues/190>`__).
+  `for now <https://github.com/jvoisin/snuffleupagus/issues/190>`__).
   This is why hooked ``print`` will be displayed as ``echo`` in the logs.
 - Hook `strlen`, since in latest PHP versions, this function is usually
   optimized away by the compiled.
diff --git a/doc/source/debug.rst b/doc/source/debug.rst
index b339366..b2a1f28 100644
--- a/doc/source/debug.rst
+++ b/doc/source/debug.rst
@@ -18,7 +18,7 @@ We're using `php qa <https://qa.php.net/>`__ tests format for our testsuite,
 it is automatically run when you're building snuffleupagus.
 
 If it happens to have unexpected failures (Since we're using `TDD <https://en.wikipedia.org/wiki/Test-driven_development>`__ as much
-as we can, we do have some expected failures), please do `open an issue <https://github.com/nbs-system/snuffleupagus/issues/new>`__
+as we can, we do have some expected failures), please do `open an issue <https://github.com/jvoisin/snuffleupagus/issues/new>`__
 on our bugtracker, and attach the generated ``.diff`` and ``.out`` files to it,
 so we can see what's happening.
 
@@ -27,7 +27,7 @@ Snuffleupagus is crashing
 
 While we do our very best to make snuffleupagus solid as possible, we're humans,
 and computers are hard, so crashes can happen. If you're encountering one in production,
-please try to launch the `testsuite <https://github.com/nbs-system/snuffleupagus/blob/master/CONTRIBUTING.md#3-get-the-test-suite-running>`__
+please try to launch the `testsuite <https://github.com/jvoisin/snuffleupagus/blob/master/CONTRIBUTING.md#3-get-the-test-suite-running>`__
 to see if it's failing. If it does, please :ref:`tell us <testsuite_fail>`.
 
 If the testsuite is passing, odds are that you're encountering an issue tied to your php code,
diff --git a/doc/source/download.rst b/doc/source/download.rst
index dfe4768..fd61099 100644
--- a/doc/source/download.rst
+++ b/doc/source/download.rst
@@ -4,20 +4,20 @@ Download
 Arch Linux
 ----------
 
-We're providing a `PKGBUILD <https://github.com/nbs-system/snuffleupagus/blob/master/PKGBUILD>`__,
+We're providing a `PKGBUILD <https://github.com/jvoisin/snuffleupagus/blob/master/PKGBUILD>`__,
 so you can build a package yourself.
 
 Alpine Linux
 ------------
 
-We're providing a `APKBUILD <https://github.com/nbs-system/snuffleupagus/blob/master/APKBUILD>`__,
+We're providing a `APKBUILD <https://github.com/jvoisin/snuffleupagus/blob/master/APKBUILD>`__,
 so you can build a package yourself.
 
 Debian and Ubuntu
 -----------------
 
 We're currently not providing a Debian/Ubuntu repository,
-but you can grab the latest release on `github <https://github.com/nbs-system/snuffleupagus/releases>`__,
+but you can grab the latest release on `github <https://github.com/jvoisin/snuffleupagus/releases>`__,
 or build your own package by cloning the source code and typing ``make debian``.
 
 Fedora
@@ -39,4 +39,4 @@ We're currently using *github* as public code repository.
 
 ::
 
-  git clone https://github.com/nbs-system/snuffleupagus
+  git clone https://github.com/jvoisin/snuffleupagus
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index d8ca973..3c09409 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -41,20 +41,20 @@ Who are you and why did you write Snuffleupagus?
 
 We're working for `NBS System <https://nbs-system.com/en/>`__,
 a web hosting company (meaning that we're dealing with PHP code all day long),
-with a strong focus on security. We do have hardening
+with a strong focus on security. We do have several layers of hardening
 (`kernel <https://grsecurity.net/>`_, `WAF <https://naxsi.org>`_,
-`IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, etc)
-below the web stack, but most of the time, when a website is compromised,
-it can be to send ads, spam, deface it, steal data etc.
-This is why we need to harden the website itself too, but we can't touch its
-source code.
+`IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, etc),
+but we had nothing for PHP7.
+
+Nowadays, Snuffleupagus is maintained by Julien (jvoisin) Voisin.
+
 
 Why not Suhosin?
 """"""""""""""""
 
 We're huge fans of `Suhosin <https://suhosin.org>`_, unfortunately:
 
-- it doesn't work very well on PHP 7
+- it doesn't work very well on PHP7
 - it has some oudated features and misses new ones
 - it doesn't cope very well with our various industrialization needs
 - it has some shortcomings by design
@@ -65,18 +65,32 @@ the `system <https://secure.php.net/manual/en/function.system.php#refsect1-funct
 function to perform various mandatory maintenance tasks).
 
 This is why we decided to write our own hardening module, in the spirit of Suhosin,
-via virtual-patching support, and other cool new features.
+with virtual-patching support, as well as other cool new features.
 
-What license is Snuffleupagus under and why?
-""""""""""""""""""""""""""""""""""""""""""""
+
+What license is Snuffleupagus released under and why?
+"""""""""""""""""""""""""""""""""""""""""""""""""""""
 
 Snuffleupagus is licensed under the `LGPL <https://www.gnu.org/copyleft/lesser.html>`_
-and is developed by the fine people from `NBS System <https://nbs-system.com/>`__.
+was developed by the fine people from `NBS System <https://nbs-system.com/>`__,
+and is maintained by Julien (jvoisin) Voisin.
 
 We chose the LGPL because we don't care that much how you're using Snuffleupagus,
 but we'd like to force people to make their improvements/contributions
 available to everyone.
 
+
+What is the different between SNuffleupaugs and a (WAF) like ModSecurity?
+"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+
+`ModSecurity <https://modsecurity.org/>`__ and the other `Web Application
+Firewall (WAF) <https://en.wikipedia.org/wiki/Web_application_firewall>`__ are
+working by inspecting the http traffic. Snuffleupagus being a PHP module, is
+operating directly inside your website's code, with a lesser overhead, as well
+as a better understanding of what is currently happening inside your
+application.
+
+
 Should I use Snuffleupagus?
 """""""""""""""""""""""""""
 
@@ -113,6 +127,18 @@ is still a security issue, and should be treated as such.
 We don't have the pretension to state that Snuffleupagus will magically solve
 all your security issues, but we believe that it might definitely help.
 
+
+Sounds great, but is it working?
+""""""""""""""""""""""""""""""""
+
+We've been using it in production since a couple of years, and it thwarted
+numerous known and unknown attacks. If you want some evidences, one of the
+developer published in June 2019 a `blogpost
+<https://dustri.org/b/snuffleupagus-versus-recent-high-profile-vulnerabilities.html>`__
+showcasing how efficient Snuffleupagus was versus *major* web
+vulnerabilities from 2018/2019.
+
+
 Why should I send you bugs, security issues and patches?
 """""""""""""""""""""""""""""""""""""""""""""""""""""""""
 Snuffleupagus is an open-source security software, by reporting (or fixing)
@@ -148,7 +174,7 @@ By checking the logs; Snuffleupagus systematically prefix them with ``[snuffleup
 
 Does Snuffleupagus run on Windows?
 """"""""""""""""""""""""""""""""""
-No idea, feel free to `try <https://github.com/nbs-system/snuffleupagus/issues/2>`_.
+No idea, feel free to `try <https://github.com/jvoisin/snuffleupagus/issues/2>`_.
 
 
 Does Snuggleupagus run on `HHVM <http://hhvm.com/>`_?
@@ -181,46 +207,13 @@ discuss potential impact of the vulnerability,
 reference applicable patches or workarounds,
 and credit the discoverer.
 
-Please send it us a mail to the ``security`` user,
-on ``nbs-system.com``, using the gpg key
-``498C46FF087EDC36E7EAF9D445414A82A9B22D78``:
-
-::
-
-    -----BEGIN PGP PUBLIC KEY BLOCK-----
+Please do send a mail to [Julien (jvoisin) Voisin](https://dustri.org) should
+you find a security issue.
 
-    mQENBFnKHhoBCADaOa0MKEqRy0h2ohIzczblzkMQCbU9oD1HwJ1VkYnn7TGW2iKi
-    NISxisExIXpy2Bn/pA27GiV0V/Do3NL6D9r0oOCrGR27muGM0N/dk9UMv7MWw8zv
-    K8cO+Sa28s0cAv7r2ogUJj5YOo8D4wHEpE8424TE89V9+Qg/SaFCxKoELFP0c7wu
-    mtsm0PnL65piZ1EB7lQo2gxg+8AV45MD1Y2rREMKUoZE23X+nXKsmEh9BFEPaU5M
-    7WQp0NasqeMNoGhwfw9ttVAeLhkEkaTjW1PkNRIb7vrtV9KVb5uKucflfbOnDlzu
-    tQ9U3tYto0mcSCRchAClfEmoSi/0mKyb5N6ZABEBAAG0NVNlY3VyaXR5IHRlYW0g
-    b2YgTkJTIFN5c3RlbSA8c2VjdXJpdHlAbmJzLXN5c3RlbS5jb20+iQE3BBMBCAAh
-    BQJZyh4aAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEEVBSoKpsi14jy0H
-    /1/XB9THhvmG0ow81sld2Zx8qhnNed8VvYDS6mEjpDWNVPxENwDbnakEjisq1Hrb
-    2UQPYCyQ5dekPNFVwQHIGXkX0eb1Ank+4esBJuEpQ2985tgNhJy5ZX+Imb5C8nZC
-    90uYSN1UUg559nUsFeElOXSEH6tIXK/TvjsvMYoi2Ukl6lb7PbIU2fjLY9Iqv3QY
-    32p8/Bl1fVKWbXOk0HDgJ6zA3Kr56QhZOLBkxjOa2XAnnIE76jZxUJ9qPCwWd1vW
-    GFxtx1Y+eZriqHiC9CPe6aBWcIHaTXSu1WBbXrFu8/eCWw243Rxm8l9wgA/a7VWq
-    WBfO45IhJUwh95naRpw8/4a5AQ0EWcoeGgEIAJtzSyyzfn2RX+BsyoRFANUpIgrV
-    /9eohYQVNqK3AFthmq7Kjmt4+hszF5+0wCFmWwYqGnqk1/dsWmqpkXsJldEn6oPJ
-    Bng+Dc67Yki2dR3TroAf95UmI08fhyM7TMXp8m46BPRRMzPNwalEeEm49Oclmfxb
-    JsWWCChWVLWGz2xgPEAv3fPHqus7Rwz/WIl53l/qy1Wf0ewmjRpVEfnEMKBExtBK
-    4kRxQ40LzUZ1SfpyGc3nMbswhevT7/klqrdJdCnlu67Y/IfRGxGZuNj1n1Dib3Hx
-    zTBHo3Y2R3BB93Ix8dkbLaxLqFbOYVdijCgJklqUWhx7btpQ2xnZyzyCMuUAEQEA
-    AYkBHwQYAQgACQUCWcoeGgIbDAAKCRBFQUqCqbIteFRvB/9u3Mae8n8ELrJKOn+P
-    PEbWjutObIuTplvY4QcbnNb9dsgsKryamp4CFJsA5XuitPpC31GDMXBZO5/LLOuH
-    HoMaXFJdic0NToL/3REhu+aZkNIU6S/iaPRNVhkSV4lwQsvncz+nBaiDUJjyfJm2
-    kEjVcRTM8yqzcNo/9Gn0ts+XCUqRj7+S1M4Bj3NySoO/w2n+7OLbIAj+wQZcj3Gf
-    5QhBYaY4YaFxrJE0IZxyXGHw8xhKR6AN+u4TO7LRCW+cWV/sHWir1MXieJoEG8+R
-    W/BhrB0Rz5uxOXMoGCCD2TUiHq7zpuHGnYFVmAnHQZaaQxXve4VrcmznxgpV8lpW
-    mZug
-    =+eIv
-    -----END PGP PUBLIC KEY BLOCK-----
 
 I found a bug. How can I report it?
 """""""""""""""""""""""""""""""""""
-We do have an issue tracker on `Github <https://github.com/nbs-system/snuffleupagus/issues>`_.
+We do have an issue tracker on `Github <https://github.com/jvoisin/snuffleupagus/issues>`_.
 Please make sure to include as much information as possible when reporting your issue,
 such as your operating system, your version of PHP 7, your version of Snuffleupagus,
 your logs, the problematic php code, the request, a brief description, … long story short,
@@ -232,12 +225,9 @@ it's not that hard.
 Where can I find even more help?
 """"""""""""""""""""""""""""""""
 The :doc:`configuration page <config>` might be what you're looking for.
-If you're adventurous, you can also check the `issue tracker <https://github.com/nbs-system/snuffleupagus/issues/?q=is%3Aissue>`_
-(make sure to check the `closed issues <https://github.com/nbs-system/snuffleupagus/issues?q=is%3Aissue+is%3Aclosed>`_ too).
+If you're adventurous, you can also check the `issue tracker <https://github.com/jvoisin/snuffleupagus/issues/?q=is%3Aissue>`_
+(make sure to check the `closed issues <https://github.com/jvoisin/snuffleupagus/issues?q=is%3Aissue+is%3Aclosed>`_ too).
 
-I need professional support for my company.
-"""""""""""""""""""""""""""""""""""""""""""
-Contact `NBS System <https://nbs-system.com>`_.
 
 Unimplemented mitigations and abandoned ideas
 ---------------------------------------------
@@ -255,3 +245,19 @@ if someone can manage to get better results than us.
 The possibility of having this natively in PHP has
 `been discussed <https://marc.info/?l=php-internals&m=141692988212413&w=2>`_,
 but as 2017, nothing has been merged yet.
+
+Nop'ing function execution
+""""""""""""""""""""""""""
+
+Snuffleupagus can be configured to either *allow* or *drop* the execution of
+particular functions and optionally *log* and *dump* them, but it doesn't
+provide any mechanism to *nop* their execution.
+
+We thought about adding this, but didn't for several reasons:
+
+- What should the return value of a *nop'ed* function be?
+- It would add confusion between ``drop``, ``nop`` and ``log``.
+- Usually, when a specific function is called, either it's a dangerous one
+  and you want to stop the execution immediately, or you want to let it
+  continue and log it. There isn't really any middle-ground, or at least we
+  failed to find any.
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 407b9c7..0c23dc1 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -73,7 +73,7 @@ Like *Suhosin*, we are encrypting the cookies with a secret key,
 an environment variable (usually the IP of the user)
 and the user's user-agent. This means that an attacker with an XSS won't be able to use
 the stolen cookie, since he can't spoof the content of the value of the environment
-variable for the user. Please do read the :ref:`documentation about this feature <config_cookie-encryption>`
+variable for the user. Please do read the :ref:`documentation about this feature <cookie-encryption-page>`
 if you're planning to use it.
 
 This feature is roughly the same than the `Suhosin one <https://suhosin.org/stories/configuration.html#transparent-encryption-options>`_.
@@ -444,7 +444,7 @@ or ``is_callable`` with *suspicious* parameters.
 Some PHP applications are using broad rights when using the ``chmod`` function,
 like the infamous ``chmod(777)`` command, effectively making the file writable by everyone.
 Snuffleupagus is preventing this kind of behaviour by restricting the parameters
-than can be passed to ``chmod``.
+that can be passed to ``chmod``.
 
 Arbitrary file inclusion hardening
 """"""""""""""""""""""""""""""""""
diff --git a/doc/source/installation.rst b/doc/source/installation.rst
index 74d5d4f..a6b0ff8 100644
--- a/doc/source/installation.rst
+++ b/doc/source/installation.rst
@@ -1,7 +1,7 @@
 Installation
 ============
 
-Snuffleupagus is tested against `various PHP 7+ versions <https://travis-ci.org/nbs-system/snuffleupagus/>`_.
+Snuffleupagus is tested against `various PHP 7+ versions <https://travis-ci.org/jvoisin/snuffleupagus/>`_.
 
 Manual installation
 -------------------
@@ -21,7 +21,7 @@ Quickstart
 
 ::
 
-    git clone https://github.com/nbs-system/snuffleupagus
+    git clone https://github.com/jvoisin/snuffleupagus
     cd snuffleupagus/src
     phpize
     ./configure --enable-snuffleupagus
diff --git a/doc/source/papers.rst b/doc/source/papers.rst
index 5382012..3d5e42a 100644
--- a/doc/source/papers.rst
+++ b/doc/source/papers.rst
@@ -6,30 +6,72 @@ This pages lists various mentions, articles, usages and presentations about Snuf
 Talks
 -----
 
-- `BerlinSide0x08 <https://berlinsides.org/?page_id=2168>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/berlinsides_2017.pdf>`__ - 2017-05-28
-- `Hack.lu 2017 <https://2017.hack.lu/talks/>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/hacklu_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=RzaRiuJ6MkI>`__ - 2017-10-18
-- `BlackAlps <https://blackalps.ch/2017program.php>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/blackalps_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=2GeUnOzDGxc>`__ - 2017-11-16
-- `Pass the Salt <https://2018.pass-the-salt.org/schedule/#snuffleupagus>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/passthesalt_2018.pdf>`__ - `video <https://passthesalt.ubicast.tv/videos/snuffleupagus-killing-bug-classes-and-virtual-patching-the-rest/>`__ - 2018-07-03
-- `44con <https://44con.com/44con/44con-2018/44con-2018-talks/>`__ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/44con_2018.pdf>`__ - 2018-09-12
+2017
+""""
 
+- `BerlinSide0x08 <https://berlinsides.org/?page_id=2168>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/berlinsides_2017.pdf>`__
+- `Hack.lu 2017 <https://2017.hack.lu/talks/>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/hacklu_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=RzaRiuJ6MkI>`__
+- `BlackAlps <https://blackalps.ch/2017program.php>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/blackalps_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=2GeUnOzDGxc>`__
+
+2018
+""""
+
+- `Pass the Salt <https://2018.pass-the-salt.org/schedule/#snuffleupagus>`_ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/passthesalt_2018.pdf>`__ - `video <https://passthesalt.ubicast.tv/videos/snuffleupagus-killing-bug-classes-and-virtual-patching-the-rest/>`__
+- `44con <https://44con.com/44con/44con-2018/44con-2018-talks/>`__ - `slides <https://github.com/nbs-system/snuffleupagus/blob/master/slides/44con_2018.pdf>`__
+
+2020
+""""
+- `Modern PHP security - sec4dev 2020, Vienna - Synacktiv <https://www.synacktiv.com/ressources/modern_php_security_sec4dev.pdf>`__ - `sec4dev 2020 <https://sec4dev.io/2020>`__ 
 
 Mentions
 --------
 
-- `Intrinsec's blog - Hack.lu 2017 <https://securite.intrinsec.com/2017/10/20/hack-lu-2017/>`__ (fr) - 2017-10-20
+2017
+""""
+
+- `Habr - PHP-Дайджест № 118 – свежие новости, материалы и инструменты <https://habr.com/en/company/zfort/blog/339630/>`__ (ru) - Habr
+- `Intrinsec's blog - Hack.lu 2017 <https://securite.intrinsec.com/2017/10/20/hack-lu-2017/>`__ (fr) - Intrinsec's blog
 - `Paragon Initiative Enterprises Blog - The 2018 Guide to Building Secure PHP Software <https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software>`__ - 2017-12-12
-- `PhpStorm's blog - PHP Annotated Monthly <https://blog.jetbrains.com/phpstorm/2018/08/php-annotated-monthly-august-2018/>`__ - 2018-08-31
+
+2018
+""""
+
+- `Habr - PHP-Дайджест № 138 <https://habr.com/en/company/zfort/blog/422069/>`__ (ru) - Habr
+- `PhpStorm's blog - PHP Annotated Monthly <https://blog.jetbrains.com/phpstorm/2018/08/php-annotated-monthly-august-2018/>`__ - PhpStorm's blog
+
+2019
+""""
+
+- `PhpStorm's blog - PHP Annotated <https://blog.jetbrains.com/phpstorm/2019/07/php-annotated-july-2019/>`__ - PhpStorm's blog
+- `Habr - PHP-Дайджест № 160 <https://habr.com/ru/post/460022/>`__ (ru) - Habr
 
 
 Articles
 --------
 
-- `Killing php bug classes at berlinsides <https://dustri.org/b/killing-php-bug-classes-at-berlinsides.html>`_ - 2017-06-05
-- `Snuffleu…what? <https://fr33tux.org/post/snuffleupagus/>`_ - 2017-10-07
-- `How to harden AdwCleaner’s web backend using PHP <https://blog.malwarebytes.com/security-world/technology/2017/12/harden-adwcleaner-php-web-backend/>`__ - 2017-12-06
-- `First release of Snuffleupagus <https://dustri.org/b/first-release-of-snuffleupagus.html>`__ - 2017-12-21
-- `Snuffleupagus 0.3.0 - Dentalium elephantinum <https://dustri.org/b/snuffleupagus-030-dentalium-elephantinum.html>`__ - 2018-07-18
-- `Snuffleupagus version 0.3.0 - Dentalium elephantinum <https://linuxfr.org/news/snuffleupagus-version-0-3-0-dentalium-elephantinum>`__ (fr) - 2018-07-18
+
+2017
+""""
+
+- `Killing php bug classes at berlinsides <https://dustri.org/b/killing-php-bug-classes-at-berlinsides.html>`__ - dustri.org
+- `Snuffleu…what? <https://fr33tux.org/post/snuffleupagus/>`__ - fr33tux.org
+- `Behold the Snuffleupagus <https://memze.ro/posts/behold-the-snuffleupagus/>`__ - memze.ro
+- `How to harden AdwCleaner’s web backend using PHP <https://blog.malwarebytes.com/security-world/technology/2017/12/harden-adwcleaner-php-web-backend/>`__ - Malwarebyte's blog
+- `First release of Snuffleupagus <https://dustri.org/b/first-release-of-snuffleupagus.html>`__ - dustri.org
+- `PHP Magazine <http://phpmagazine.net/2017/11/snuffleupagus-experimental-security-module-for-php7.html>`__ - phpmagazine.net
+
+2018
+""""
+
+- `Snuffleupagus 0.3.0 - Dentalium elephantinum <https://dustri.org/b/snuffleupagus-030-dentalium-elephantinum.html>`__  - dustri.org
+- `Snuffleupagus version 0.3.0 - Dentalium elephantinum <https://linuxfr.org/news/snuffleupagus-version-0-3-0-dentalium-elephantinum>`__ (fr) - LinuxFr
+
+2019
+""""
+
+- `Проект Snuffleupagus развивает PHP-модуль для блокирования уязвимостей <https://www.opennet.ru/opennews/art.shtml?num=51031>`__ (ru) - opennet.ru
+- `What the f*ck is a Snuffleupagus?  <https://medium.com/@live_the_dream/what-the-f-ck-is-a-snuffleupagus-f838fb64f857>`__ - Living The Dream
+- `Snuffleupagus: Open source security tool hardens PHP sites against cyber-attacks <https://portswigger.net/daily-swig/snuffleupagus-open-source-security-tool-hardens-php-sites-against-cyber-attacks>`__ - The Daily Swig
 
 
 Papers
@@ -47,3 +89,4 @@ Notable users
 - `Oceanet Technology <https://www.oceanet-technology.com/>`__ - a French hosting company
 - `SwissCenter <https://swisscenter.com>`__ - a Swiss datacenter & web hosting company
 - `Toolslib <https://toolslib.net/>`__ - an `Alexa top 10k <https://www.alexa.com/siteinfo/toolslib.net>`__ website
+- `cPanel <https://cpanel.net/>`__ - one of the most popular web hosting control panel