summaryrefslogtreecommitdiff
path: root/src/snuffleupagus.c (follow)
AgeCommit message (Collapse)Author
2020-11-18Make the strict mode disableablejvoisin
The global strict mode was enabled by default without any means to disable it, in certain cases. Bug reported by wedi.
2020-08-12Allow empty configuration (#342)jvoisin
This commit allows php to run (with a warning) if there is no specified snuffleupagus configuration, instead of refusing to start.
2020-08-07Move an includejvoisin
2019-02-23Try to unify the includesjvoisin
2018-10-06Remove sp_terminate and bump a bit the coveragejvoisin
2018-08-30Minor code cleanupxXx-caillou-xXx
2018-08-30Change how we're handling invalid configurationsxXx-caillou-xXx
Since our configuration format is a bit more complex than php's one, we have a `sp.allow_broken_configuration` parameter (`false` by default), that you can set to `true` if you want PHP to carry on if your Snuffleupagus' configuration contains syntax errors. You'll still get a big scary message in your logs of course. We do **not** recommend to use it of course, but sometimes it might be useful to be able to "debug in production" without breaking your website.
2018-08-29Change how we're validating certificatesxXx-caillou-xXx
2018-08-29Remove the GLOB_BRACE flagAntoine Tenart
When calling glob() to get the configuration file location, the GLOB_BRACE flag is used. This flag enables the parsing of '{a,b}', so that '/path/{a,b}' represents '/path/a' and '/path/b'. Looking at Snuffleupagus' documentation I saw nowhere this kind of path was supported. Instead the documentation shows that glob() is used for paths with wildcards. The use of GLOB_BRACE is problematic as it is glibc specific and is not supported by some other C libraries, such as Musl. Snuffleupagus cannot be used in Apline for this reason. Since the documentation does not give a valid usage of GLOB_BRACE this patch removes it, which fixes the non-glibc support. Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
2018-08-29Verify certs (#223)jvoisin
Ensure that certificates are verified in curl should close #47
2018-08-27Add whitelist support for php's wrappersxXx-caillou-xXx
2018-08-20Fix two minor issuesxXx-caillou-xXx
- Fix an infinite loop on `echo` hook - Use the correct function to compare filenames internally
2018-07-16Yet an other clang-format passjvoisin
2018-07-13Allow rules matching on echo and printxXx-caillou-xXx
2018-07-13Massively optimize how rules are handledxXx-caillou-xXx
This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
2018-07-09Trying to fix sloppy comparison (#186)jvoisin
* Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode
2018-05-29Support session encryptionkkadosh
Implement session encryption.
2018-01-18Improve a bit our portability wrt. windowsjvoisin
Thanks to @remicollet for the tip
2018-01-18Simplify the previous commitjvoisin
2018-01-18Clean up a bit the glob codejvoisin
2018-01-18add missing globfree()Sebastien Blot
2018-01-18Add globbing support for configuration file path (closes #125)Sebastien Blot
2018-01-17Remove useless "head" member in our linked lists implementationsimon MAGNIN-FEYSOT
This should close #85
2018-01-10Eval whitelistjvoisin
Implement whitelist in eval
2018-01-05Fix a bypass in our eval blacklistjvoisin
2018-01-04Eval blacklistjvoisin
Add support for eval filtering, only blacklist for now
2017-12-28Clang-format passThibault "bui" Koechlin
- `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h` - Update the documentation accordingly
2017-12-28Show in the phpinfo() is the config is validjvoisin
This should close #39
2017-12-28Implement regexp support for cookies encryptionThibault "bui" Koechlin
It's now possible to encrypt cookies matching a specific regexp. This should close #106
2017-12-21Rename sp_node_t to sp_list_nodejvoisin
Since we now have sp_list and sp_tree, it makes sense to specify that nodes are only for lists.
2017-11-29Implement eval hookingjvoisin
It's not possible to hook the `eval` builtin like other functions.
2017-11-24Implement anti csrf measuresxXx-caillou-xXx
This is done by using the "samesite" cookie attribute.
2017-10-31Minor factorizationjvoisin
2017-10-26Free additionally allocated `sp_list` instancesBen Foster
References #43.
2017-10-26Renames `sp_new_list` -> `sp_list_new`Ben Foster
To be consistent with the rest of the `sp_list` functions.
2017-10-26Free `config_disabled_constructs`Ben Foster
In reference to #43.
2017-10-20Add support for multiple files in sp.configuration_file directiveblotus
This should close (#45
2017-10-13Add more data to `phpinfo()`jvoisin
- The version - The git commit
2017-10-13Show some data in the phpinfo();jvoisin
2017-10-10Remove a useless ile for nowjvoisin
This should close #31
2017-10-09Better hooking of language constructs (#26)jvoisin
* Vastly improve the support of language construct hooking
2017-09-20Initial importSebastien Blot