| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-08-29 | Change how we're validating certificates | xXx-caillou-xXx | |
| 2018-08-29 | Verify certs (#223) | jvoisin | |
| Ensure that certificates are verified in curl should close #47 | |||
| 2018-08-28 | Fix some compilation warnings | xXx-caillou-xXx | |
| 2018-08-28 | Use php's logging functions | xXx-caillou-xXx | |
| This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217 | |||
| 2018-08-27 | Add whitelist support for php's wrappers | xXx-caillou-xXx | |
| 2018-08-02 | fix #203 (#204) | crKontrol | |
| sp.disable_function.function().filename doesn't take phar:/// | |||
| 2018-07-13 | Fix hooking on `print` | xXx-caillou-xXx | |
| 2018-07-13 | Massively optimize how rules are handled | xXx-caillou-xXx | |
| This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*` | |||
| 2018-07-09 | Trying to fix sloppy comparison (#186) | jvoisin | |
| * Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode | |||
| 2018-06-28 | Better handling of filters for builtins | kkadosh | |
| 2018-05-29 | Support session encryption | kkadosh | |
| Implement session encryption. | |||
| 2018-03-02 | Add .dump() for eval whitelist/blacklist + simulation mode for whitelist | kkadosh | |
| 2018-03-02 | Implement dump() for execution of writable PHP files | kkadosh | |
| 2018-02-27 | Implements .dump() for unserialize and fix some related tests | kkadosh | |
| 2018-02-06 | Make our API consistent | jvoisin | |
| 2018-02-05 | Massive simplification of functions hooking | jvoisin | |
| 2018-02-05 | Compatibility layer for pcre2 | jvoisin | |
| This should close #129 | |||
| 2018-01-17 | Remove useless "head" member in our linked lists implementation | simon MAGNIN-FEYSOT | |
| This should close #85 | |||
| 2018-01-12 | do not prepend $ to the var name if there is one already | Sebastien Blot | |
| 2018-01-12 | Add an ugly hack to our parser to make the writing of configuration rules ↵ | jvoisin | |
| more obvious. | |||
| 2018-01-10 | Eval whitelist | jvoisin | |
| Implement whitelist in eval | |||
| 2018-01-04 | Eval blacklist | jvoisin | |
| Add support for eval filtering, only blacklist for now | |||
| 2017-12-28 | Clang-format pass | Thibault "bui" Koechlin | |
| - `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h` - Update the documentation accordingly | |||
| 2017-12-28 | re-integrate simulation token for cookies | bui | |
| 2017-12-28 | Implement regexp support for cookies encryption | Thibault "bui" Koechlin | |
| It's now possible to encrypt cookies matching a specific regexp. This should close #106 | |||
| 2017-12-27 | Implement simulation mode for cookies (de/en)cryption | jvoisin | |
| This should close #102 This commit can be useful for two use-cases: 1. When deploying Snuffleupagus on big CMS like Magento, and not knowing what cookies are modified via javascript. 2. When deploying Snuffleupagus on big websites: you don't want to disconnect every single user at once. When simulation is enabled, if the decryption fails, a log message is now issued, and the cookie value taken as it (since odds are that it's non-encrypted). | |||
| 2017-12-20 | Better parsing of the rules | xXx-caillou-xXx | |
| Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules. | |||
| 2017-12-04 | Improve the `.dump` filter | jvoisin | |
| 2017-11-29 | Code-formatting pass | jvoisin | |
| 2017-11-29 | Implement eval hooking | jvoisin | |
| It's not possible to hook the `eval` builtin like other functions. | |||
| 2017-11-24 | Implement anti csrf measures | xXx-caillou-xXx | |
| This is done by using the "samesite" cookie attribute. | |||
| 2017-11-06 | 53 absolute path (#62) | jvoisin | |
| * Add error for relative path | |||
| 2017-10-31 | Minor factorization of the keyword parsing code | jvoisin | |
| 2017-10-31 | Unify two struct members related to virtual-patching | xXx-caillou-xXx | |
| This should close #65 | |||
| 2017-10-26 | Renames `sp_new_list` -> `sp_list_new` | Ben Foster | |
| To be consistent with the rest of the `sp_list` functions. | |||
| 2017-10-26 | Remove an arbitrary limitation | jvoisin | |
| 2017-10-24 | Remove the `enable` member from the disable function structure | jvoisin | |
| Also add some more tests | |||
| 2017-10-23 | Implement the .line filter | jvoisin | |
| Close #48 | |||
| 2017-10-18 | `.pos` is mutuaally exclusive with .param and .paran_r | jvoisin | |
| 2017-10-18 | Improve the strtol dance | jvoisin | |
| 2017-10-18 | strtol dance | bui | |
| 2017-10-18 | do the strtol dance to make jvoisin happy | bui | |
| 2017-10-18 | Implement match on arguments position | jvoisin | |
| 2017-10-13 | Rename a confusing structure member | jvoisin | |
| `regexp` is more confusing than `value_r` | |||
| 2017-10-12 | Fix minor gcc warnings with experimental options | jvoisin | |
| `CFLAGS='-Wnull-dereference -Wlogical-op -Wshadow -Wjump-misses-init' make clean coverage` | |||
| 2017-10-10 | Bump coverage, and fix a segfault on trace matching | jvoisin | |
| 2017-10-09 | Better hooking of language constructs (#26) | jvoisin | |
| * Vastly improve the support of language construct hooking | |||
| 2017-10-09 | Implement matching on the calltrace (#17) | jvoisin | |
| * Implement matching on the calltrace | |||
| 2017-10-02 | First pass for #9 | jvoisin | |
| 2017-09-25 | Show the line number in case of processing error | jvoisin | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |