snuffleupagus - Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

Age	Commit message (Collapse)	Author
2022-05-03	More const frenzy	jvoisin

2022-05-03	Add a `const`	jvoisin

2022-02-05	introduced sp_regexp / store original regex	Ben Fuhrmannek

2021-11-19	added old php version check	Ben Fuhrmannek

2021-11-11	inverted logic. set xxe_protection.enable() instead of disable_xxe.disable()	Ben Fuhrmannek

2021-09-23	config is stack allocated now + some code improvements (see details)	Ben Fuhrmannek
	* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible * SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read * execution_depth is re-initialized to 0 for each request * function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1 * execution is actually hooked if recursion protection is enabled * some line breaks were removed to make the code more readable
2021-09-16	ported sid min/max restriction from suhosin	Ben Fuhrmannek

2021-09-16	ported server.strip and server.encode features from suhosin	Ben Fuhrmannek

2021-09-15	implemented execution depth limit	Ben Fuhrmannek

2021-08-16	fincy new scanner/parser for config rules + fixed a few bugs along the way + ↵	Ben Fuhrmannek
	fixed related unittests
2021-08-07	more ini protection features	Ben Fuhrmannek

2021-08-06	implemented ini settings protection	Ben Fuhrmannek

2021-08-02	properly free memory on shutdown	Ben Fuhrmannek

2021-05-08	Remove some memory-leaks	jvoisin

2019-08-31	Support direct syslog logging	Thibault "bui" Koechlin
	Add the possibility to log directly into the syslog, instead of using php's log system.
2018-08-29	Change how we're validating certificates	xXx-caillou-xXx

2018-08-29	Verify certs (#223)	jvoisin
	Ensure that certificates are verified in curl should close #47
2018-08-27	Add whitelist support for php's wrappers	xXx-caillou-xXx

2018-07-13	Yet an other pass of clang-format	jvoisin

2018-07-13	Massively optimize how rules are handled	xXx-caillou-xXx
	This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
2018-07-09	Trying to fix sloppy comparison (#186)	jvoisin
	* Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode
2018-05-29	Support session encryption	kkadosh
	Implement session encryption.
2018-03-02	Add .dump() for eval whitelist/blacklist + simulation mode for whitelist	kkadosh

2018-03-02	Implement dump() for execution of writable PHP files	kkadosh

2018-02-27	Implements .dump() for unserialize and fix some related tests	kkadosh

2018-02-05	Compatibility layer for pcre2	jvoisin
	This should close #129
2018-01-10	Eval whitelist	jvoisin
	Implement whitelist in eval
2018-01-04	Eval blacklist	jvoisin
	Add support for eval filtering, only blacklist for now
2017-12-28	Clang-format pass	Thibault "bui" Koechlin
	- `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu.c sp_.c sp_*.h` - Update the documentation accordingly
2017-12-28	Implement regexp support for cookies encryption	Thibault "bui" Koechlin
	It's now possible to encrypt cookies matching a specific regexp. This should close #106
2017-12-27	Implement simulation mode for cookies (de/en)cryption	jvoisin
	This should close #102 This commit can be useful for two use-cases: 1. When deploying Snuffleupagus on big CMS like Magento, and not knowing what cookies are modified via javascript. 2. When deploying Snuffleupagus on big websites: you don't want to disconnect every single user at once. When simulation is enabled, if the decryption fails, a log message is now issued, and the cookie value taken as it (since odds are that it's non-encrypted).
2017-12-21	Rename sp_node_t to sp_list_node	jvoisin
	Since we now have sp_list and sp_tree, it makes sense to specify that nodes are only for lists.
2017-12-20	Better parsing of the rules	xXx-caillou-xXx
	Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules.
2017-12-04	Improve the `.dump` filter	jvoisin

2017-11-29	Hide an enum definition	jvoisin

2017-11-29	Implement eval hooking	jvoisin
	It's not possible to hook the `eval` builtin like other functions.
2017-11-24	Implement anti csrf measures	xXx-caillou-xXx
	This is done by using the "samesite" cookie attribute.
2017-10-31	Unify two struct members related to virtual-patching	xXx-caillou-xXx
	This should close #65
2017-10-26	Free additionally allocated `sp_list` instances	Ben Foster
	References #43.
2017-10-24	Remove the `enable` member from the disable function structure	jvoisin
	Also add some more tests
2017-10-23	Implement the .line filter	jvoisin
	Close #48
2017-10-18	Implement match on arguments position	jvoisin

2017-10-13	Rename a confusing structure member	jvoisin
	`regexp` is more confusing than `value_r`
2017-10-11	s/disable_functions/disable_function/g	jvoisin
	This should close #36 and #30
2017-10-09	Better hooking of language constructs (#26)	jvoisin
	* Vastly improve the support of language construct hooking
2017-10-09	Implement matching on the calltrace (#17)	jvoisin
	* Implement matching on the calltrace
2017-10-02	First pass for #9	jvoisin

2017-09-25	Show the line number in case of processing error	jvoisin

2017-09-20	Initial import	Sebastien Blot