snuffleupagus - Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

Age	Commit message (Collapse)	Author
2026-01-05	Fix possible arbitrary code execution on misconfigured deployments	jvoisin
	When `upload_validation` is enabled, and when VLD isn't installed, an attacker sending a multipart POST is able to get arbitrary PHP content executed. Reported-By: thomas-chauchefoin-tob
2024-03-24	Don't forbid use of assert in PHP 8+	bohwaz

2024-03-24	Also ignore function definitions	bohwaz

2024-03-24	Don't whitelist files if the function name is actually a method of a class	bohwaz

2024-02-19	Include functions from global space that are prefixed with \	Christoph Amthor

2020-11-18	Replace broken magic number with constant	Dirk Weise
	PHP's parser token constants are dynamically generated, values can change from version to version. See: https://www.php.net/manual/en/tokens.php
2018-12-15	Provide a php script, to get rid of the python one for test suite	Remi Collet
	This commit adds a php version of the upload_validation.py script.
2018-08-17	Add ignore hash feature in `generate_rules.php` (#208)	xXx-caillou-xXx
	https://github.com/nbs-system/snuffleupagus/issues/206
2018-02-22	php-nightly is now allowed to fail	jvoisin
	PHP is breaking too many things on nightly, we'll only support releases from now on. This should also make our vld-based file-upload checker more resilient: no more random warnings on stderr.
2018-02-12	Provide a script for upload validation	jvoisin
	The Python script is using vld (https://derickrethans.nl/projects.html#vld) to check for malicious opcodes.
2017-10-12	Add `curl_multi_exec` to the magic php script	jvoisin

2017-10-12	Add a missing function to the generator script	jvoisin

2017-10-08	Improve a bit the script to generate rules	jvoisin

2017-09-20	Initial import	Sebastien Blot