summaryrefslogtreecommitdiff
path: root/src/sp_config.h (follow)
AgeCommit message (Collapse)Author
2025-05-13Remove the useless show_old_php_warning featurejvoisin
People are usually well-aware of the outdatedness of the PHP version they're running, which is likely why they're running Snuffleupagus in the first place. This feature shouldn't have been enabled by default, and I fail to see any case where anyone would want to enable it. Moreover, it doesn't take LTS versions from vendors/distributions into account, thus breaking on RHEL/Debian (old)stable.
2024-06-18Fix an UBSAN warningjvoisin
No need to use an ulong, an uint is more than enough for our usecases. This fixes the following warning: ``` src/sp_config.c:207:20: runtime error: store to misaligned address 0x796d1f9a78d4 for type 'u_long', which requires 8 byte alignment 0x796d1f9a78d4: note: pointer points here 00 00 00 00 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x796d1f92251a in parse_ulong src/sp_config.c:207 #1 0x796d1f9239a9 in sp_process_rule src/sp_config.c:76 #2 0x796d1f92404f in sp_process_config_root src/sp_config.c:31 #3 0x796d1f96770d in sp_config_scan src/sp_config_scanner.c:1482 #4 0x796d1f922cd3 in sp_parse_config src/sp_config.c:62 #5 0x796d1f91e6cf in OnUpdateConfiguration src/snuffleupagus.c:522 #6 0x598aae727646 in zend_register_ini_entries_ex (/usr/bin/php8.2+0x36d646) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f) #7 0x796d1f91cae1 in zm_startup_snuffleupagus src/snuffleupagus.c:121 #8 0x598aae6b70df in zend_startup_module_ex (/usr/bin/php8.2+0x2fd0df) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f) #9 0x598aae6b717f (/usr/bin/php8.2+0x2fd17f) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f) #10 0x598aae6c566a in zend_hash_apply (/usr/bin/php8.2+0x30b66a) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f) #11 0x598aae64c0b5 in php_module_startup (/usr/bin/php8.2+0x2920b5) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f) #12 0x598aae4e2265 (/usr/bin/php8.2+0x128265) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f) #13 0x796d21b4dc89 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #14 0x796d21b4dd44 in __libc_start_main_impl ../csu/libc-start.c:360 #15 0x598aae4e3550 in _start (/usr/bin/php8.2+0x129550) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/sp_config.c:207:20 in ```
2024-06-09Add option to specify the allowed "php" wrapper typesChristian Göttsche
In addition of the current possibility to filter wrappers by their protocol name, also add the option to filter the "php" wrapper by the requested kind. Especially the 'filter' backend can be disabled that way.
2024-06-06Avoid dropping const qualifier in castsChristian Göttsche
Adjusts casts to void dropping const qualifiers. This helps to avoid mistakes, e.g. modifying string literals. Also use size_t for length, similar to the upstream php interfaces.
2023-01-31Add sp.log_max_lenjvoisin
2022-12-08Add unserialize_noclassjvoisin
2022-07-12extended checks for readonly_exec, enabled by defaultBen Fuhrmannek
introduced config options: readonly_exec.extended_checks() or xchecks() readonly_exec.no_extended_checks() or noxchecks()
2022-05-03More const frenzyjvoisin
2022-05-03Add a `const`jvoisin
2022-02-05introduced sp_regexp / store original regexBen Fuhrmannek
2021-11-19added old php version checkBen Fuhrmannek
2021-11-11inverted logic. set xxe_protection.enable() instead of disable_xxe.disable()Ben Fuhrmannek
2021-09-23config is stack allocated now + some code improvements (see details)Ben Fuhrmannek
* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible * SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read * execution_depth is re-initialized to 0 for each request * function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1 * execution is actually hooked if recursion protection is enabled * some line breaks were removed to make the code more readable
2021-09-16ported sid min/max restriction from suhosinBen Fuhrmannek
2021-09-16ported server.strip and server.encode features from suhosinBen Fuhrmannek
2021-09-15implemented execution depth limitBen Fuhrmannek
2021-08-16fincy new scanner/parser for config rules + fixed a few bugs along the way + ↵Ben Fuhrmannek
fixed related unittests
2021-08-07more ini protection featuresBen Fuhrmannek
2021-08-06implemented ini settings protectionBen Fuhrmannek
2021-08-02properly free memory on shutdownBen Fuhrmannek
2021-05-08Remove some memory-leaksjvoisin
2019-08-31Support direct syslog loggingThibault "bui" Koechlin
Add the possibility to log directly into the syslog, instead of using php's log system.
2018-08-29Change how we're validating certificatesxXx-caillou-xXx
2018-08-29Verify certs (#223)jvoisin
Ensure that certificates are verified in curl should close #47
2018-08-27Add whitelist support for php's wrappersxXx-caillou-xXx
2018-07-13Yet an other pass of clang-formatjvoisin
2018-07-13Massively optimize how rules are handledxXx-caillou-xXx
This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
2018-07-09Trying to fix sloppy comparison (#186)jvoisin
* Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode
2018-05-29Support session encryptionkkadosh
Implement session encryption.
2018-03-02Add .dump() for eval whitelist/blacklist + simulation mode for whitelistkkadosh
2018-03-02Implement dump() for execution of writable PHP fileskkadosh
2018-02-27Implements .dump() for unserialize and fix some related testskkadosh
2018-02-05Compatibility layer for pcre2jvoisin
This should close #129
2018-01-10Eval whitelistjvoisin
Implement whitelist in eval
2018-01-04Eval blacklistjvoisin
Add support for eval filtering, only blacklist for now
2017-12-28Clang-format passThibault "bui" Koechlin
- `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h` - Update the documentation accordingly
2017-12-28Implement regexp support for cookies encryptionThibault "bui" Koechlin
It's now possible to encrypt cookies matching a specific regexp. This should close #106
2017-12-27Implement simulation mode for cookies (de/en)cryptionjvoisin
This should close #102 This commit can be useful for two use-cases: 1. When deploying Snuffleupagus on big CMS like Magento, and not knowing what cookies are modified via javascript. 2. When deploying Snuffleupagus on big websites: you don't want to disconnect every single user at once. When simulation is enabled, if the decryption fails, a log message is now issued, and the cookie value taken as it (since odds are that it's non-encrypted).
2017-12-21Rename sp_node_t to sp_list_nodejvoisin
Since we now have sp_list and sp_tree, it makes sense to specify that nodes are only for lists.
2017-12-20Better parsing of the rulesxXx-caillou-xXx
Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules.
2017-12-04Improve the `.dump` filterjvoisin
2017-11-29Hide an enum definitionjvoisin
2017-11-29Implement eval hookingjvoisin
It's not possible to hook the `eval` builtin like other functions.
2017-11-24Implement anti csrf measuresxXx-caillou-xXx
This is done by using the "samesite" cookie attribute.
2017-10-31Unify two struct members related to virtual-patchingxXx-caillou-xXx
This should close #65
2017-10-26Free additionally allocated `sp_list` instancesBen Foster
References #43.
2017-10-24Remove the `enable` member from the disable function structurejvoisin
Also add some more tests
2017-10-23Implement the .line filterjvoisin
Close #48
2017-10-18Implement match on arguments positionjvoisin
2017-10-13Rename a confusing structure memberjvoisin
`regexp` is more confusing than `value_r`