snuffleupagus - Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

Age	Commit message (Collapse)	Author
2020-11-12	Invalid configurations with mutually exclusive keywords now aborts	jvoisin

2020-11-12	Harmonize a bit the configuration parsing and fix a typo	jvoisin

2020-03-04	%s/nbs-system/jvoisin	jvoisin
	Since I'm the only one to maintain Snuffleupagus, let's adjust the links and contact addresses of my fork, to point to well… my fork.
2019-08-31	Support direct syslog logging	Thibault "bui" Koechlin
	Add the possibility to log directly into the syslog, instead of using php's log system.
2019-06-20	Fix snufflepagus_globals linking issues and one mac compatibility issue	bef

2019-02-23	Try to unify the includes	jvoisin

2019-02-23	Add php8 to travis and fix php7.4	jvoisin
	- Use clang-format on the code - Improve portability wrt. php8 - Fix php7.4 compatibility. See https://dustri.org/b/fixing-snuffleupagus-sloppy-comparison-on-array_keys-for-php74.html for a detailed writeup
2019-01-12	Fix missing symbol when there is no session support	jvoisin
	It's possible to build PHP with sessions as a module, or even without sessions at all. This commit make it possible to use Snuffleupagus on those platforms.
2018-10-06	Bump a bit the coverage	jvoisin
	* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
2018-08-30	Minor code cleanup	xXx-caillou-xXx

2018-08-29	Change how we're validating certificates	xXx-caillou-xXx

2018-08-29	Verify certs (#223)	jvoisin
	Ensure that certificates are verified in curl should close #47
2018-08-28	Fix some compilation warnings	xXx-caillou-xXx

2018-08-28	Use php's logging functions	xXx-caillou-xXx
	This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217
2018-08-27	Add whitelist support for php's wrappers	xXx-caillou-xXx

2018-08-02	fix #203 (#204)	crKontrol
	sp.disable_function.function().filename doesn't take phar:///
2018-07-13	Fix hooking on `print`	xXx-caillou-xXx

2018-07-13	Massively optimize how rules are handled	xXx-caillou-xXx
	This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
2018-07-09	Trying to fix sloppy comparison (#186)	jvoisin
	* Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode
2018-06-28	Better handling of filters for builtins	kkadosh

2018-05-29	Support session encryption	kkadosh
	Implement session encryption.
2018-03-02	Add .dump() for eval whitelist/blacklist + simulation mode for whitelist	kkadosh

2018-03-02	Implement dump() for execution of writable PHP files	kkadosh

2018-02-27	Implements .dump() for unserialize and fix some related tests	kkadosh

2018-02-06	Make our API consistent	jvoisin

2018-02-05	Massive simplification of functions hooking	jvoisin

2018-02-05	Compatibility layer for pcre2	jvoisin
	This should close #129
2018-01-17	Remove useless "head" member in our linked lists implementation	simon MAGNIN-FEYSOT
	This should close #85
2018-01-12	do not prepend $ to the var name if there is one already	Sebastien Blot

2018-01-12	Add an ugly hack to our parser to make the writing of configuration rules ↵	jvoisin
	more obvious.
2018-01-10	Eval whitelist	jvoisin
	Implement whitelist in eval
2018-01-04	Eval blacklist	jvoisin
	Add support for eval filtering, only blacklist for now
2017-12-28	Clang-format pass	Thibault "bui" Koechlin
	- `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu.c sp_.c sp_*.h` - Update the documentation accordingly
2017-12-28	re-integrate simulation token for cookies	bui

2017-12-28	Implement regexp support for cookies encryption	Thibault "bui" Koechlin
	It's now possible to encrypt cookies matching a specific regexp. This should close #106
2017-12-27	Implement simulation mode for cookies (de/en)cryption	jvoisin
	This should close #102 This commit can be useful for two use-cases: 1. When deploying Snuffleupagus on big CMS like Magento, and not knowing what cookies are modified via javascript. 2. When deploying Snuffleupagus on big websites: you don't want to disconnect every single user at once. When simulation is enabled, if the decryption fails, a log message is now issued, and the cookie value taken as it (since odds are that it's non-encrypted).
2017-12-20	Better parsing of the rules	xXx-caillou-xXx
	Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules.
2017-12-04	Improve the `.dump` filter	jvoisin

2017-11-29	Code-formatting pass	jvoisin

2017-11-29	Implement eval hooking	jvoisin
	It's not possible to hook the `eval` builtin like other functions.
2017-11-24	Implement anti csrf measures	xXx-caillou-xXx
	This is done by using the "samesite" cookie attribute.
2017-11-06	53 absolute path (#62)	jvoisin
	* Add error for relative path
2017-10-31	Minor factorization of the keyword parsing code	jvoisin

2017-10-31	Unify two struct members related to virtual-patching	xXx-caillou-xXx
	This should close #65
2017-10-26	Renames `sp_new_list` -> `sp_list_new`	Ben Foster
	To be consistent with the rest of the `sp_list` functions.
2017-10-26	Remove an arbitrary limitation	jvoisin

2017-10-24	Remove the `enable` member from the disable function structure	jvoisin
	Also add some more tests
2017-10-23	Implement the .line filter	jvoisin
	Close #48
2017-10-18	`.pos` is mutuaally exclusive with .param and .paran_r	jvoisin

2017-10-18	Improve the strtol dance	jvoisin