| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-08-20 | Bump the changlogv0.3.1 | hamza (hes) ES SAHELY | |
| 2018-08-20 | Fix two minor issues | xXx-caillou-xXx | |
| - Fix an infinite loop on `echo` hook - Use the correct function to compare filenames internally | |||
| 2018-08-17 | Add ignore hash feature in `generate_rules.php` (#208) | xXx-caillou-xXx | |
| https://github.com/nbs-system/snuffleupagus/issues/206 | |||
| 2018-08-09 | Fix yet an other hang/crash | jvoisin | |
| There are valid reasons for `orig_zend_execute_internal` to be `NULL`, we we're not checking if it is, well, `NULL`. | |||
| 2018-08-09 | Fix a typo in the previous commits | jvoisin | |
| 2018-08-09 | Yet an other crash/hang fix | jvoisin | |
| Like the two previous commits | |||
| 2018-08-09 | Fix a possible crash/hang in floppy-comparison | jvoisin | |
| This is in the same spirit than the previous commit | |||
| 2018-08-09 | Fix a crash/hang when using fpm's pools | jvoisin | |
| We might have ended up in infinite loops when using php-fpm, if several different process hooked some functions twice. Thanks to @sriccio for reporting the issue | |||
| 2018-08-09 | Improve the cookie encryption documentation | kka | |
| 2018-08-02 | fix #203 (#204) | crKontrol | |
| sp.disable_function.function().filename doesn't take phar:/// | |||
| 2018-07-24 | Fix a configuration issue in the PKGBUILD | jvoisin | |
| thanks to @troudbal | |||
| 2018-07-24 | Remove two useless files | jvoisin | |
| 2018-07-23 | Improve a bit the default rules | jvoisin | |
| - Use plain values instead of regexp where possible - Reduce the number of false positives (*cough* `curl_exec` *cough*) | |||
| 2018-07-23 | Whitelist the inclusion of `.phtml` files | jvoisin | |
| This is the extension used by PhpMyAdmin | |||
| 2018-07-23 | Allow the inclusion of `.inc` files | jvoisin | |
| 2018-07-23 | Use SameSite on PHP's session cookie in the default rules | jvoisin | |
| 2018-07-23 | Activate more features in the default rules | jvoisin | |
| 2018-07-19 | Add some slides | jvoisin | |
| 2018-07-19 | Fix the issue with rand hardening | xXx-caillou-xXx | |
| 2018-07-19 | Fix the changelog's links | jvoisin | |
| 2018-07-19 | Document that you need to `git push` after the release :p | jvoisin | |
| 2018-07-19 | Bump the changelog | kka | |
| 2018-07-18 | Improve a bit our release process | jvoisin | |
| 2018-07-18 | Fix a broken link in the encryption documentation | kka | |
| 2018-07-18 | Fix broken link in the config documentation | kka | |
| 2018-07-18 | Fix broken links in the documentation | kka | |
| 2018-07-18 | Remove an useless check in session handling | kka | |
| 2018-07-16 | Yet an other clang-format pass | jvoisin | |
| 2018-07-13 | Yet an other pass of clang-format | jvoisin | |
| 2018-07-13 | Improve a bit the release process | jvoisin | |
| 2018-07-13 | Fix an invalid read | xXx-caillou-xXx | |
| 2018-07-13 | We're supporting php nightly again | jvoisin | |
| 2018-07-13 | Skip VLD for php7.3, as VLD is not compatible yet. | xXx-caillou-xXx | |
| 2018-07-13 | Reduce call to get_complete_function_path | xXx-caillou-xXx | |
| 2018-07-13 | Fix various possible integer overflows | xXx-caillou-xXx | |
| 2018-07-13 | Fix hooking on `print` | xXx-caillou-xXx | |
| 2018-07-13 | Document even more the `print`/`echo` situation | jvoisin | |
| 2018-07-13 | Document why `print` might look like `echo` in logs | jvoisin | |
| 2018-07-13 | Allow rules matching on echo and print | xXx-caillou-xXx | |
| 2018-07-13 | Massively optimize how rules are handled | xXx-caillou-xXx | |
| This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*` | |||
| 2018-07-10 | Fix #183 (#185) | Remi Collet | |
| * relax test to pass with 7.3 * skip test with 7.3 as samesite is broken + add TODO | |||
| 2018-07-09 | Trying to fix sloppy comparison (#186) | jvoisin | |
| * Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode | |||
| 2018-06-28 | Better handling of filters for builtins | kkadosh | |
| 2018-05-29 | Support session encryption | kkadosh | |
| Implement session encryption. | |||
| 2018-05-16 | Don't run some tests on `-dev` php versions | jvoisin | |
| 2018-05-16 | Improve the testsuite's robustness against php7.2 | jvoisin | |
| 2018-05-15 | Refactor the encryption process to extract encrypt/decrypt functions (#176) | kkadosh | |
| Refactor the encryption process to extract encrypt/decrypt functions | |||
| 2018-05-03 | Uniformise some logs | simon MAGNIN-FEYSOT | |
| This commit will make certain logs easier to parse. | |||
| 2018-03-29 | Clarify the documentation wrt. configuration files | jvoisin | |
| This should close #172 | |||
| 2018-03-19 | The filename filter is now matching on callsite instead of implemsite (#167) | kkadosh | |
| * Add match on the file where the function is called * Add the test * Constify some params * Fix potentiel null deref * Return more before if execute_data is NULL | |||
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |