snuffleupagus - Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

Age	Commit message (Collapse)	Author
2018-11-18	Minor code clarification	jvoisin

2018-10-09	Bump again	jvoisin

2018-10-09	Don't check the return values of functions that might not return (#255)	jvoisin
	This is due to our modifications to the logging system
2018-10-06	Bump coverage again	jvoisin

2018-10-06	Bump a bit the coverage	jvoisin
	* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
2018-10-06	Remove sp_terminate and bump a bit the coverage	jvoisin

2018-09-03	Fix #241 segfault on 32-bit related to bad protype (#242)	Remi Collet
	This should close #241
2018-08-30	Minor code cleanup	xXx-caillou-xXx

2018-08-30	Match on ret improvements	xXx-caillou-xXx
	This commit does two things: - Implement matching on calltraces for ret - Implement matching on ret of user functions if the return value is not used.
2018-08-28	Fix some compilation warnings	xXx-caillou-xXx

2018-08-28	Use php's logging functions	xXx-caillou-xXx
	This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217
2018-08-20	Fix two minor issues	xXx-caillou-xXx
	- Fix an infinite loop on `echo` hook - Use the correct function to compare filenames internally
2018-07-13	Yet an other pass of clang-format	jvoisin

2018-07-13	Reduce call to get_complete_function_path	xXx-caillou-xXx

2018-07-13	Fix hooking on `print`	xXx-caillou-xXx

2018-07-13	Allow rules matching on echo and print	xXx-caillou-xXx

2018-07-13	Massively optimize how rules are handled	xXx-caillou-xXx
	This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
2018-06-28	Better handling of filters for builtins	kkadosh

2018-03-19	The filename filter is now matching on callsite instead of implemsite (#167)	kkadosh
	* Add match on the file where the function is called * Add the test * Constify some params * Fix potentiel null deref * Return more before if execute_data is NULL
2018-03-06	Fix a variadic-functions-related crash	jvoisin
	Currently, we're not supporting virtual-patching on variadic functions. The commit makes it clear, and fix the related crash. This should close #157
2018-03-05	Improve a bit the performances (+10%)	jvoisin

2018-03-02	Add .dump() for eval whitelist/blacklist + simulation mode for whitelist	kkadosh

2018-02-07	Use assertions for things that should never happen	jvoisin

2018-02-06	Make our API consistent	jvoisin

2018-02-05	Massive simplification of functions hooking	jvoisin

2018-02-05	Compatibility layer for pcre2	jvoisin
	This should close #129
2018-01-26	Replace two `goto` with `break` instead.	jvoisin

2018-01-18	Improve the way we're dealing with filtering on parameter positions	jvoisin
	This should close #127
2018-01-17	Bump a bit the coverage	jvoisin

2018-01-17	Remove useless "head" member in our linked lists implementation	simon MAGNIN-FEYSOT
	This should close #85
2018-01-12	Fix a memory leak	jvoisin

2018-01-12	Minor factorization and symbol exposure reduction	jvoisin

2018-01-12	Minor refactoring	jvoisin

2018-01-10	Rework the priority of bl/wl in eval	jvoisin

2018-01-10	Eval whitelist	jvoisin
	Implement whitelist in eval
2018-01-08	Hopefully fix a crash	jvoisin
	This should close #115
2018-01-05	Fix a bypass in our eval blacklist	jvoisin

2018-01-04	Eval blacklist	jvoisin
	Add support for eval filtering, only blacklist for now
2018-01-03	Remove some dead code	jvoisin

2017-12-28	Clang-format pass	Thibault "bui" Koechlin
	- `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu.c sp_.c sp_*.h` - Update the documentation accordingly
2017-12-28	Implement hooking on user-defined functions return values	jvoisin
	This should close #99, thanks to @blotus for the implementation idea!
2017-12-21	Rename sp_node_t to sp_list_node	jvoisin
	Since we now have sp_list and sp_tree, it makes sense to specify that nodes are only for lists.
2017-12-20	Better parsing of the rules	xXx-caillou-xXx
	Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules.
2017-11-29	Add a comment, and improve a bit the performances wrt. vpatch	jvoisin
	Move the cheapest tests above the expensive ones
2017-11-29	Refactoring (#79)	jvoisin
	Refactoring of should_disable().
2017-11-29	Fix segfault in should_drop_on_ret	xXx-caillou-xXx
	This commit is almost the same than 8df77884f38e7a7334b56aafe2f441567f175af8
2017-11-29	Implement eval hooking	jvoisin
	It's not possible to hook the `eval` builtin like other functions.
2017-11-29	Fix segfault in sp_disabled_functions.c	xXx-caillou-xXx
	There was an off-by-one in `should_disable`, effectively smashing the last byte of the stack canary. This was discovered while building the package for Alpine Linux. Kudos to their hardened toolchain!
2017-10-26	Remove an arbitrary limitation	jvoisin

2017-10-24	Remove the `enable` member from the disable function structure	jvoisin
	Also add some more tests