| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-02-05 | Compatibility layer for pcre2 | jvoisin | |
| This should close #129 | |||
| 2018-01-10 | Eval whitelist | jvoisin | |
| Implement whitelist in eval | |||
| 2018-01-04 | Eval blacklist | jvoisin | |
| Add support for eval filtering, only blacklist for now | |||
| 2017-12-28 | Clang-format pass | Thibault "bui" Koechlin | |
| - `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h` - Update the documentation accordingly | |||
| 2017-12-28 | Implement regexp support for cookies encryption | Thibault "bui" Koechlin | |
| It's now possible to encrypt cookies matching a specific regexp. This should close #106 | |||
| 2017-12-27 | Implement simulation mode for cookies (de/en)cryption | jvoisin | |
| This should close #102 This commit can be useful for two use-cases: 1. When deploying Snuffleupagus on big CMS like Magento, and not knowing what cookies are modified via javascript. 2. When deploying Snuffleupagus on big websites: you don't want to disconnect every single user at once. When simulation is enabled, if the decryption fails, a log message is now issued, and the cookie value taken as it (since odds are that it's non-encrypted). | |||
| 2017-12-21 | Rename sp_node_t to sp_list_node | jvoisin | |
| Since we now have sp_list and sp_tree, it makes sense to specify that nodes are only for lists. | |||
| 2017-12-20 | Better parsing of the rules | xXx-caillou-xXx | |
| Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules. | |||
| 2017-12-04 | Improve the `.dump` filter | jvoisin | |
| 2017-11-29 | Hide an enum definition | jvoisin | |
| 2017-11-29 | Implement eval hooking | jvoisin | |
| It's not possible to hook the `eval` builtin like other functions. | |||
| 2017-11-24 | Implement anti csrf measures | xXx-caillou-xXx | |
| This is done by using the "samesite" cookie attribute. | |||
| 2017-10-31 | Unify two struct members related to virtual-patching | xXx-caillou-xXx | |
| This should close #65 | |||
| 2017-10-26 | Free additionally allocated `sp_list` instances | Ben Foster | |
| References #43. | |||
| 2017-10-24 | Remove the `enable` member from the disable function structure | jvoisin | |
| Also add some more tests | |||
| 2017-10-23 | Implement the .line filter | jvoisin | |
| Close #48 | |||
| 2017-10-18 | Implement match on arguments position | jvoisin | |
| 2017-10-13 | Rename a confusing structure member | jvoisin | |
| `regexp` is more confusing than `value_r` | |||
| 2017-10-11 | s/disable_functions/disable_function/g | jvoisin | |
| This should close #36 and #30 | |||
| 2017-10-09 | Better hooking of language constructs (#26) | jvoisin | |
| * Vastly improve the support of language construct hooking | |||
| 2017-10-09 | Implement matching on the calltrace (#17) | jvoisin | |
| * Implement matching on the calltrace | |||
| 2017-10-02 | First pass for #9 | jvoisin | |
| 2017-09-25 | Show the line number in case of processing error | jvoisin | |
| 2017-09-20 | Initial import | Sebastien Blot | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |