| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-05-17 | Fix ZTS build | Luc Vieillescazes | |
| Bug introduced in https://github.com/jvoisin/snuffleupagus/commit/7c2d1d7d2713c0fa6bda63c376baf25d9f3d712c | |||
| 2022-05-03 | More const frenzy | jvoisin | |
| 2022-05-03 | Add a `const` | jvoisin | |
| 2022-02-05 | introduced sp_regexp / store original regex | Ben Fuhrmannek | |
| 2021-11-11 | inverted logic. set xxe_protection.enable() instead of disable_xxe.disable() | Ben Fuhrmannek | |
| 2021-09-23 | config is stack allocated now + some code improvements (see details) | Ben Fuhrmannek | |
| * for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible * SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read * execution_depth is re-initialized to 0 for each request * function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1 * execution is actually hooked if recursion protection is enabled * some line breaks were removed to make the code more readable | |||
| 2021-08-16 | fincy new scanner/parser for config rules + fixed a few bugs along the way + ↵ | Ben Fuhrmannek | |
| fixed related unittests | |||
| 2021-08-07 | removed incorrect duplicate check | Ben Fuhrmannek | |
| 2021-08-07 | fixed cidr matching and test cases | Ben Fuhrmannek | |
| 2021-08-06 | implemented ini settings protection | Ben Fuhrmannek | |
| 2021-08-03 | fixed mem leak in cidr parser and multiple mem leaks triggered by duplicate ↵ | Ben Fuhrmannek | |
| keywords | |||
| 2021-08-02 | properly free memory on shutdown | Ben Fuhrmannek | |
| 2021-07-28 | Sprinkle even more `const` | jvoisin | |
| 2021-07-25 | Replace an odd call to strtok_r(). | WhiteWinterWolf | |
| 2021-05-08 | Remove some memory-leaks | jvoisin | |
| 2019-08-31 | Support direct syslog logging | Thibault "bui" Koechlin | |
| Add the possibility to log directly into the syslog, instead of using php's log system. | |||
| 2019-06-20 | Fix snufflepagus_globals linking issues and one mac compatibility issue | bef | |
| 2019-02-23 | Try to unify the includes | jvoisin | |
| 2019-02-11 | Fix a warning on FreeBSD | avkarenow | |
| This should fix the following: ```C snuffleupagus/src/sp_config.c:193:10: warning: implicit declaration of function 'getline' is invalid in C99 [-Wimplicit-function-declaration] while (getline(&lineptr, &n, fd) > 0) { ^ 1 warning generated. ``` | |||
| 2018-08-30 | Minor code cleanup | xXx-caillou-xXx | |
| 2018-08-29 | Change how we're validating certificates | xXx-caillou-xXx | |
| 2018-08-29 | Verify certs (#223) | jvoisin | |
| Ensure that certificates are verified in curl should close #47 | |||
| 2018-08-28 | Use php's logging functions | xXx-caillou-xXx | |
| This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217 | |||
| 2018-08-27 | Add whitelist support for php's wrappers | xXx-caillou-xXx | |
| 2018-07-13 | Massively optimize how rules are handled | xXx-caillou-xXx | |
| This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*` | |||
| 2018-07-09 | Trying to fix sloppy comparison (#186) | jvoisin | |
| * Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode | |||
| 2018-05-29 | Support session encryption | kkadosh | |
| Implement session encryption. | |||
| 2018-02-05 | Massive simplification of functions hooking | jvoisin | |
| 2018-02-05 | Compatibility layer for pcre2 | jvoisin | |
| This should close #129 | |||
| 2018-01-15 | Fix an off-by-one | jvoisin | |
| 2018-01-10 | Eval whitelist | jvoisin | |
| Implement whitelist in eval | |||
| 2018-01-04 | Eval blacklist | jvoisin | |
| Add support for eval filtering, only blacklist for now | |||
| 2018-01-03 | Handle correctly configuration files with Windows EOL | jvoisin | |
| Thanks to @fr33tux for the bug report ♥ | |||
| 2017-12-28 | Clang-format pass | Thibault "bui" Koechlin | |
| - `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h` - Update the documentation accordingly | |||
| 2017-12-28 | Implement regexp support for cookies encryption | Thibault "bui" Koechlin | |
| It's now possible to encrypt cookies matching a specific regexp. This should close #106 | |||
| 2017-12-21 | Rename sp_node_t to sp_list_node | jvoisin | |
| Since we now have sp_list and sp_tree, it makes sense to specify that nodes are only for lists. | |||
| 2017-12-20 | Better parsing of the rules | xXx-caillou-xXx | |
| Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules. | |||
| 2017-11-24 | Implement anti csrf measures | xXx-caillou-xXx | |
| This is done by using the "samesite" cookie attribute. | |||
| 2017-10-26 | Free additionally allocated `sp_list` instances | Ben Foster | |
| References #43. | |||
| 2017-10-02 | First pass for #9 | jvoisin | |
| 2017-09-25 | Show the line number in case of processing error | jvoisin | |
| 2017-09-21 | Add travis | jvoisin | |
| 2017-09-20 | Initial import | Sebastien Blot | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |