2 files changed, 102 insertions, 9 deletions
diff --git a/README.md b/README.md
index 13605e3..220a247 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,49 @@
-# Snuffleupagus
+<h1 align="center">
+  <br>
+  <a href="https://snuffleupagus.readthedocs.io/">
+                <img src="https://github.com/nbs-system/snuffleupagus/raw/improve_readme/doc/source/_static/sp.png" alt="Snuffleupagus' logo" width="200"></a>
+  <br>
+  Snuffleupagus
+  <br>
+</h1>
-[![Build Status](https://travis-ci.org/nbs-system/snuffleupagus.svg?branch=master)](https://travis-ci.org/nbs-system/snuffleupagus)
+<h4 align="center">Security module for php7 - Killing bugclasses and virtual-patching the rest!.</h4>
-[![Coverity status](https://scan.coverity.com/projects/13821/badge.svg?flat=1)](https://scan.coverity.com/projects/nbs-system-snuffleupagus)
-[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1267/badge)](https://bestpractices.coreinfrastructure.org/projects/1267)
-[![Documentation Status](https://readthedocs.org/projects/snuffleupagus/badge/?version=latest)](http://snuffleupagus.readthedocs.io/?badge=latest)
-[![Coverage Status](https://coveralls.io/repos/github/nbs-system/snuffleupagus/badge.svg?branch=master)](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master)
-[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/sp_php.svg?style=social&label=Follow%20%40sp_php)](https://twitter.com/sp_php)
+<p align="center">
+  <a href="https://travis-ci.org/nbs-system/snuffleupagus">
+    <img src="https://travis-ci.org/nbs-system/snuffleupagus.svg?branch=master"
+         alt="Travis-ci">
+  </a>
+  <a href="https://scan.coverity.com/projects/nbs-system-snuffleupagus">
+                <img src="https://scan.coverity.com/projects/13821/badge.svg?flat=1"
+                                 alt="Coverity">
+        </a>
+  <a href="https://bestpractices.coreinfrastructure.org/projects/1267">
+      <img src="https://bestpractices.coreinfrastructure.org/projects/1267/badge"
+                                         alt="CII Best Practises">
+  </a>
+  <a href="http://snuffleupagus.readthedocs.io/?badge=latest">
+    <img src="https://readthedocs.org/projects/snuffleupagus/badge/?version=latest"
+                                 alt="readthedocs.org">
+  </a>
+  <a href="https://coveralls.io/github/nbs-system/snuffleupagus?branch=master">
+    <img src="https://coveralls.io/repos/github/nbs-system/snuffleupagus/badge.svg?branch=master"
+                                 alt="coveralls">
+  </a>
+  <a href="https://twitter.com/sp_php">
+    <img src="https://img.shields.io/badge/twitter-follow-blue.svg"
+                                 alt="twitter">
+  </a>
+</p>
+<p align="center">
+  <a href="#key-features">Key Features</a> •
+  <a href="#download">Download</a> •
+  <a href="#examples">Examples</a> •
+        <a href="https://snuffleupagus.readthedocs.io/">Documentation</a> •
+  <a href="https://github.com/nbs-system/snuffleupagus/blob/master/LICENSE">License</a> •
+        <a href="#thanks">Thanks</a>
+</p>
 Snuffleupagus is a [PHP 7+](https://secure.php.net/) module designed to
 drastically raise the cost of attacks against websites, by killing entire bug
@@ -14,4 +51,59 @@ classes. It also provides a powerful virtual-patching system, allowing
 administrator to fix specific vulnerabilities and audit suspicious behaviours
 without having to touch the PHP code.
-You can read its documentation [here](https://snuffleupagus.readthedocs.io/).
+## Key Features
+* Close to zero performance impact
+* Powerful yet simple to write virtual-patching rules
+* Killing several classes for vulnerabilities
+        * [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution
+        * [`mail`-based]( https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ ) code execution
+        * Cookie-stealing [XSS]( https://en.wikipedia.org/wiki/Cross-site_scripting )
+        * File-upload based code execution
+        * Weak PRNG
+        * [XXE]( https://en.wikipedia.org/wiki/XML_external_entity_attack )
+* Hardening features
+        * Automatic `secure` and `samesite` flag for cookies
+        * Bundled set of rule to detect post-compromissions behaviours
+        * Global [strict mode]( https://secure.php.net/manual/en/migration70.new-features.php#migration70.new-features.scalar-type-declarations)
+        * Preventing writeable files execution
+        * Whitelist/blacklist for `eval`
+        * Request dumping capability
+## Download
+We've got a [download
+page](https://snuffleupagus.readthedocs.io/download.html), where you can find
+packages for your distribution, but you can of course just `git clone` this
+repo, or check the releases on [github](https://github.com/nbs-system/snuffleupagus/releases).
+## Examples
+We're providing [various example rules](https://github.com/nbs-system/snuffleupagus/tree/master/config),
+that are looking like this:
+```python
+# Harden the `chmod` function
+sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
+# Mitigate command injection in `system`
+sp.disable_function.function("system").param("command").value_r("[$|;&`\\n]").drop();
+```
+Upon violation of a rule, you should see lines like this in your logs:
+```python
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in /var/www/index.php:2, because the return value (0) of the function 'strpos' matched a rule.
+```
+## Documentation
+We've got a [comprehensive website](https://snuffleupagus.readthedocs.io/) with
+all the documentation that you could possibly wish for. You can of course
+[build it yourself](https://github.com/nbs-system/snuffleupagus/tree/master/doc).
+## Thanks
+Many thanks to the [Suhosin project](https://suhosin.org) for being a __huge__
+source of inspiration, and to all [our
+contributors](https://github.com/nbs-system/snuffleupagus/graphs/contributors).
diff --git a/src/sp_var_value.c b/src/sp_var_value.c
index 68fd47c..7ed8dfa 100644
--- a/src/sp_var_value.c
+++ b/src/sp_var_value.c
@@ -177,7 +177,8 @@ static zval *get_unknown_type(const char *restrict value, zval *zvalue,
  return zvalue;
 }
-zval *sp_get_var_value(zend_execute_data *ed, const sp_tree *tree, bool is_param) {
+zval *sp_get_var_value(zend_execute_data *ed, const sp_tree *tree,
+                       bool is_param) {
  zval *zvalue = NULL;
  zend_class_entry *ce = NULL;

diff --git a/README.md b/README.md index 13605e3..220a247 100644 --- a/README.md +++ b/README.md
@@ -1,12 +1,49 @@
1	# Snuffleupagus	1	<h1 align="center">
		2	<br>
		3	<a href="https://snuffleupagus.readthedocs.io/">
		4	<img src="https://github.com/nbs-system/snuffleupagus/raw/improve_readme/doc/source/_static/sp.png" alt="Snuffleupagus' logo" width="200"></a>
		5	<br>
		6	Snuffleupagus
		7	<br>
		8	</h1>
2		9
3	[![Build Status](https://travis-ci.org/nbs-system/snuffleupagus.svg?branch=master)](https://travis-ci.org/nbs-system/snuffleupagus)	10	<h4 align="center">Security module for php7 - Killing bugclasses and virtual-patching the rest!.</h4>
4	[![Coverity status](https://scan.coverity.com/projects/13821/badge.svg?flat=1)](https://scan.coverity.com/projects/nbs-system-snuffleupagus)
5	[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1267/badge)](https://bestpractices.coreinfrastructure.org/projects/1267)
6	[![Documentation Status](https://readthedocs.org/projects/snuffleupagus/badge/?version=latest)](http://snuffleupagus.readthedocs.io/?badge=latest)
7	[![Coverage Status](https://coveralls.io/repos/github/nbs-system/snuffleupagus/badge.svg?branch=master)](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master)
8	[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/sp_php.svg?style=social&label=Follow%20%40sp_php)](https://twitter.com/sp_php)
9		11
		12	<p align="center">
		13	<a href="https://travis-ci.org/nbs-system/snuffleupagus">
		14	<img src="https://travis-ci.org/nbs-system/snuffleupagus.svg?branch=master"
		15	alt="Travis-ci">
		16	</a>
		17	<a href="https://scan.coverity.com/projects/nbs-system-snuffleupagus">
		18	<img src="https://scan.coverity.com/projects/13821/badge.svg?flat=1"
		19	alt="Coverity">
		20	</a>
		21	<a href="https://bestpractices.coreinfrastructure.org/projects/1267">
		22	<img src="https://bestpractices.coreinfrastructure.org/projects/1267/badge"
		23	alt="CII Best Practises">
		24	</a>
		25	<a href="http://snuffleupagus.readthedocs.io/?badge=latest">
		26	<img src="https://readthedocs.org/projects/snuffleupagus/badge/?version=latest"
		27	alt="readthedocs.org">
		28	</a>
		29	<a href="https://coveralls.io/github/nbs-system/snuffleupagus?branch=master">
		30	<img src="https://coveralls.io/repos/github/nbs-system/snuffleupagus/badge.svg?branch=master"
		31	alt="coveralls">
		32	</a>
		33	<a href="https://twitter.com/sp_php">
		34	<img src="https://img.shields.io/badge/twitter-follow-blue.svg"
		35	alt="twitter">
		36	</a>
		37	</p>
		38
		39	<p align="center">
		40	<a href="#key-features">Key Features</a> •
		41	<a href="#download">Download</a> •
		42	<a href="#examples">Examples</a> •
		43	<a href="https://snuffleupagus.readthedocs.io/">Documentation</a> •
		44	<a href="https://github.com/nbs-system/snuffleupagus/blob/master/LICENSE">License</a> •
		45	<a href="#thanks">Thanks</a>
		46	</p>
10		47
11	Snuffleupagus is a [PHP 7+](https://secure.php.net/) module designed to	48	Snuffleupagus is a [PHP 7+](https://secure.php.net/) module designed to
12	drastically raise the cost of attacks against websites, by killing entire bug	49	drastically raise the cost of attacks against websites, by killing entire bug
@@ -14,4 +51,59 @@ classes. It also provides a powerful virtual-patching system, allowing
14	administrator to fix specific vulnerabilities and audit suspicious behaviours	51	administrator to fix specific vulnerabilities and audit suspicious behaviours
15	without having to touch the PHP code.	52	without having to touch the PHP code.
16		53
17	You can read its documentation [here](https://snuffleupagus.readthedocs.io/).	54	## Key Features
		55
		56	* Close to zero performance impact
		57	* Powerful yet simple to write virtual-patching rules
		58	* Killing several classes for vulnerabilities
		59	* [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution
		60	* [`mail`-based]( https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ ) code execution
		61	* Cookie-stealing [XSS]( https://en.wikipedia.org/wiki/Cross-site_scripting )
		62	* File-upload based code execution
		63	* Weak PRNG
		64	* [XXE]( https://en.wikipedia.org/wiki/XML_external_entity_attack )
		65	* Hardening features
		66	* Automatic `secure` and `samesite` flag for cookies
		67	* Bundled set of rule to detect post-compromissions behaviours
		68	* Global [strict mode]( https://secure.php.net/manual/en/migration70.new-features.php#migration70.new-features.scalar-type-declarations)
		69	* Preventing writeable files execution
		70	* Whitelist/blacklist for `eval`
		71	* Request dumping capability
		72
		73	## Download
		74
		75	We've got a [download
		76	page](https://snuffleupagus.readthedocs.io/download.html), where you can find
		77	packages for your distribution, but you can of course just `git clone` this
		78	repo, or check the releases on [github](https://github.com/nbs-system/snuffleupagus/releases).
		79
		80	## Examples
		81
		82	We're providing [various example rules](https://github.com/nbs-system/snuffleupagus/tree/master/config),
		83	that are looking like this:
		84
		85	```python
		86	# Harden the `chmod` function
		87	sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
		88
		89	# Mitigate command injection in `system`
		90	sp.disable_function.function("system").param("command").value_r("[$\|;&`\\n]").drop();
		91	```
		92
		93	Upon violation of a rule, you should see lines like this in your logs:
		94
		95	```python
		96	[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in /var/www/index.php:2, because the return value (0) of the function 'strpos' matched a rule.
		97	```
		98
		99	## Documentation
		100
		101	We've got a [comprehensive website](https://snuffleupagus.readthedocs.io/) with
		102	all the documentation that you could possibly wish for. You can of course
		103	[build it yourself](https://github.com/nbs-system/snuffleupagus/tree/master/doc).
		104
		105	## Thanks
		106
		107	Many thanks to the [Suhosin project](https://suhosin.org) for being a __huge__
		108	source of inspiration, and to all [our
		109	contributors](https://github.com/nbs-system/snuffleupagus/graphs/contributors).


diff --git a/src/sp_var_value.c b/src/sp_var_value.c index 68fd47c..7ed8dfa 100644 --- a/src/sp_var_value.c +++ b/src/sp_var_value.c
@@ -177,7 +177,8 @@ static zval get_unknown_type(const char restrict value, zval *zvalue,
177	return zvalue;	177	return zvalue;
178	}	178	}
179		179
180	zval sp_get_var_value(zend_execute_data ed, const sp_tree *tree, bool is_param) {	180	zval sp_get_var_value(zend_execute_data ed, const sp_tree *tree,
		181	bool is_param) {
181	zval *zvalue = NULL;	182	zval *zvalue = NULL;
182	zend_class_entry *ce = NULL;	183	zend_class_entry *ce = NULL;
183		184