Eval blacklist

Add support for eval filtering, only blacklist for now
author: jvoisin 2018-01-04 15:59:59 +0100
committer: GitHub 2018-01-04 15:59:59 +0100
commit: 3b113be573cdbca20ce9ec9c0a6efb25ccf51db5 (patch)
tree: 5fabbd1da7cd740f26354ffbd2234eba71ffdead /src/sp_disabled_functions.c
parent: 84e423300c440e96c34ada2620e0f78f827592e8 (diff)
1 files changed, 38 insertions, 2 deletions
diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c
index 829f938..45b8954 100644
--- a/src/sp_disabled_functions.c
+++ b/src/sp_disabled_functions.c
@@ -431,8 +431,8 @@ ZEND_FUNCTION(check_disabled_function) {
  }
  orig_handler = zend_hash_str_find_ptr(
-           SNUFFLEUPAGUS_G(disabled_functions_hook), current_function_name,
+      SNUFFLEUPAGUS_G(disabled_functions_hook), current_function_name,
-           strlen(current_function_name));
+      strlen(current_function_name));
  orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
  if (true == should_drop_on_ret(return_value, execute_data)) {
    sp_terminate();
@@ -460,6 +460,31 @@ static int hook_functions(const sp_list_node* config) {
  return SUCCESS;
 }
+ZEND_FUNCTION(eval_filter_callback) {
+  void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+  const char* current_function_name = get_active_function_name(TSRMLS_C);
+  if (SNUFFLEUPAGUS_G(in_eval) == true) {
+    const char* filename = get_eval_filename(zend_get_executed_filename());
+    const int line_number = zend_get_executed_lineno(TSRMLS_C);
+    if (1 == SNUFFLEUPAGUS_G(config).config_eval->simulation) {
+      sp_log_msg("eval", SP_LOG_SIMULATION,
+                 "A call to %s was tried in eval, in %s:%d, dropping it.",
+                 current_function_name, filename, line_number);
+    } else {
+      sp_log_msg("eval", SP_LOG_DROP,
+                 "A call to %s was tried in eval, in %s:%d, dropping it.",
+                 current_function_name, filename, line_number);
+      sp_terminate();
+    }
+  }
+  orig_handler = zend_hash_str_find_ptr(
+      SNUFFLEUPAGUS_G(sp_eval_filter_functions_hook), current_function_name,
+      strlen(current_function_name));
+  orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+}
 int hook_disabled_functions(void) {
  TSRMLS_FETCH();
@@ -470,5 +495,16 @@ int hook_disabled_functions(void) {
  ret |= hook_functions(SNUFFLEUPAGUS_G(config)
                            .config_disabled_functions_ret->disabled_functions);
+  if (NULL != SNUFFLEUPAGUS_G(config).config_eval->blacklist->data) {
+    sp_list_node* it = SNUFFLEUPAGUS_G(config).config_eval->blacklist;
+    while (it) {
+      hook_function((char*)it->data,
+                    SNUFFLEUPAGUS_G(sp_eval_filter_functions_hook),
+                    PHP_FN(eval_filter_callback), false);
+      it = it->next;
+    }
+  }
  return ret;
 }
author	jvoisin	2018-01-04 15:59:59 +0100
committer	GitHub	2018-01-04 15:59:59 +0100
commit	3b113be573cdbca20ce9ec9c0a6efb25ccf51db5 (patch)
tree	5fabbd1da7cd740f26354ffbd2234eba71ffdead /src/sp_disabled_functions.c
parent	84e423300c440e96c34ada2620e0f78f827592e8 (diff)

diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 829f938..45b8954 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c
@@ -431,8 +431,8 @@ ZEND_FUNCTION(check_disabled_function) {
431	}	431	}
432		432
433	orig_handler = zend_hash_str_find_ptr(	433	orig_handler = zend_hash_str_find_ptr(
434	SNUFFLEUPAGUS_G(disabled_functions_hook), current_function_name,	434	SNUFFLEUPAGUS_G(disabled_functions_hook), current_function_name,
435	strlen(current_function_name));	435	strlen(current_function_name));
436	orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);	436	orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
437	if (true == should_drop_on_ret(return_value, execute_data)) {	437	if (true == should_drop_on_ret(return_value, execute_data)) {
438	sp_terminate();	438	sp_terminate();
@@ -460,6 +460,31 @@ static int hook_functions(const sp_list_node* config) {
460	return SUCCESS;	460	return SUCCESS;
461	}	461	}
462		462
		463	ZEND_FUNCTION(eval_filter_callback) {
		464	void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
		465	const char* current_function_name = get_active_function_name(TSRMLS_C);
		466
		467	if (SNUFFLEUPAGUS_G(in_eval) == true) {
		468	const char* filename = get_eval_filename(zend_get_executed_filename());
		469	const int line_number = zend_get_executed_lineno(TSRMLS_C);
		470	if (1 == SNUFFLEUPAGUS_G(config).config_eval->simulation) {
		471	sp_log_msg("eval", SP_LOG_SIMULATION,
		472	"A call to %s was tried in eval, in %s:%d, dropping it.",
		473	current_function_name, filename, line_number);
		474	} else {
		475	sp_log_msg("eval", SP_LOG_DROP,
		476	"A call to %s was tried in eval, in %s:%d, dropping it.",
		477	current_function_name, filename, line_number);
		478	sp_terminate();
		479	}
		480	}
		481
		482	orig_handler = zend_hash_str_find_ptr(
		483	SNUFFLEUPAGUS_G(sp_eval_filter_functions_hook), current_function_name,
		484	strlen(current_function_name));
		485	orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
		486	}
		487
463	int hook_disabled_functions(void) {	488	int hook_disabled_functions(void) {
464	TSRMLS_FETCH();	489	TSRMLS_FETCH();
465		490
@@ -470,5 +495,16 @@ int hook_disabled_functions(void) {
470	ret \|= hook_functions(SNUFFLEUPAGUS_G(config)	495	ret \|= hook_functions(SNUFFLEUPAGUS_G(config)
471	.config_disabled_functions_ret->disabled_functions);	496	.config_disabled_functions_ret->disabled_functions);
472		497
		498	if (NULL != SNUFFLEUPAGUS_G(config).config_eval->blacklist->data) {
		499	sp_list_node* it = SNUFFLEUPAGUS_G(config).config_eval->blacklist;
		500
		501	while (it) {
		502	hook_function((char*)it->data,
		503	SNUFFLEUPAGUS_G(sp_eval_filter_functions_hook),
		504	PHP_FN(eval_filter_callback), false);
		505	it = it->next;
		506	}
		507	}
		508
473	return ret;	509	return ret;
474	}	510	}