| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-01-01 | Constify a function | jvoisin | |
| 2020-11-29 | Fix zend_write booking type | jvoisin | |
| The signature was changed in PHP8: https://github.com/php/php-src/commit/e15409b43cacf711608189c299191f2969ea331c | |||
| 2020-11-29 | Make the `>` operator skip over functions | jvoisin | |
| 2020-08-12 | Allow empty configuration (#342) | jvoisin | |
| This commit allows php to run (with a warning) if there is no specified snuffleupagus configuration, instead of refusing to start. | |||
| 2020-07-22 | refactoring sp_log_* (#340) | Giovanni | |
| Co-authored-by: Giovanni Dante Grazioli <giovanni.dantegrazioli@nbs-system.com> | |||
| 2020-07-12 | One more const | jvoisin | |
| 2020-07-04 | Run clang-format on the codebase | jvoisin | |
| 2020-07-04 | Factorize how snuffleupagus gets client's ip addr | jvoisin | |
| 2020-03-04 | %s/nbs-system/jvoisin | jvoisin | |
| Since I'm the only one to maintain Snuffleupagus, let's adjust the links and contact addresses of my fork, to point to well… my fork. | |||
| 2020-02-19 | Improve a bit php8 compatibility | jvoisin | |
| PHP changed the way it exposes if a function has variadic arguments or not, hence why we need yet an other ifdef. | |||
| 2019-06-20 | Fix snufflepagus_globals linking issues and one mac compatibility issue | bef | |
| 2019-05-14 | Fix the cookie's handling for PHP7.3+ | jvoisin | |
| PHP 7.3+ added a new prototype for the cookie setting mechanism, breaking our ghetto samesite-injection, this commit takes care of it. | |||
| 2019-02-23 | Try to unify the includes | jvoisin | |
| 2019-02-23 | Add php8 to travis and fix php7.4 | jvoisin | |
| - Use clang-format on the code - Improve portability wrt. php8 - Fix php7.4 compatibility. See https://dustri.org/b/fixing-snuffleupagus-sloppy-comparison-on-array_keys-for-php74.html for a detailed writeup | |||
| 2018-12-26 | Document that it's not possible to hook builtins via regexp | jvoisin | |
| Also bump a bit the coverage | |||
| 2018-11-18 | Minor code clarification | jvoisin | |
| 2018-10-09 | Bump again | jvoisin | |
| 2018-10-09 | Don't check the return values of functions that might not return (#255) | jvoisin | |
| This is due to our modifications to the logging system | |||
| 2018-10-06 | Bump coverage again | jvoisin | |
| 2018-10-06 | Bump a bit the coverage | jvoisin | |
| * `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable | |||
| 2018-10-06 | Remove sp_terminate and bump a bit the coverage | jvoisin | |
| 2018-09-03 | Fix #241 segfault on 32-bit related to bad protype (#242) | Remi Collet | |
| This should close #241 | |||
| 2018-08-30 | Minor code cleanup | xXx-caillou-xXx | |
| 2018-08-30 | Match on ret improvements | xXx-caillou-xXx | |
| This commit does two things: - Implement matching on calltraces for ret - Implement matching on ret of user functions if the return value is not used. | |||
| 2018-08-28 | Fix some compilation warnings | xXx-caillou-xXx | |
| 2018-08-28 | Use php's logging functions | xXx-caillou-xXx | |
| This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217 | |||
| 2018-08-20 | Fix two minor issues | xXx-caillou-xXx | |
| - Fix an infinite loop on `echo` hook - Use the correct function to compare filenames internally | |||
| 2018-07-13 | Yet an other pass of clang-format | jvoisin | |
| 2018-07-13 | Reduce call to get_complete_function_path | xXx-caillou-xXx | |
| 2018-07-13 | Fix hooking on `print` | xXx-caillou-xXx | |
| 2018-07-13 | Allow rules matching on echo and print | xXx-caillou-xXx | |
| 2018-07-13 | Massively optimize how rules are handled | xXx-caillou-xXx | |
| This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*` | |||
| 2018-06-28 | Better handling of filters for builtins | kkadosh | |
| 2018-03-19 | The filename filter is now matching on callsite instead of implemsite (#167) | kkadosh | |
| * Add match on the file where the function is called * Add the test * Constify some params * Fix potentiel null deref * Return more before if execute_data is NULL | |||
| 2018-03-06 | Fix a variadic-functions-related crash | jvoisin | |
| Currently, we're not supporting virtual-patching on variadic functions. The commit makes it clear, and fix the related crash. This should close #157 | |||
| 2018-03-05 | Improve a bit the performances (+10%) | jvoisin | |
| 2018-03-02 | Add .dump() for eval whitelist/blacklist + simulation mode for whitelist | kkadosh | |
| 2018-02-07 | Use assertions for things that should never happen | jvoisin | |
| 2018-02-06 | Make our API consistent | jvoisin | |
| 2018-02-05 | Massive simplification of functions hooking | jvoisin | |
| 2018-02-05 | Compatibility layer for pcre2 | jvoisin | |
| This should close #129 | |||
| 2018-01-26 | Replace two `goto` with `break` instead. | jvoisin | |
| 2018-01-18 | Improve the way we're dealing with filtering on parameter positions | jvoisin | |
| This should close #127 | |||
| 2018-01-17 | Bump a bit the coverage | jvoisin | |
| 2018-01-17 | Remove useless "head" member in our linked lists implementation | simon MAGNIN-FEYSOT | |
| This should close #85 | |||
| 2018-01-12 | Fix a memory leak | jvoisin | |
| 2018-01-12 | Minor factorization and symbol exposure reduction | jvoisin | |
| 2018-01-12 | Minor refactoring | jvoisin | |
| 2018-01-10 | Rework the priority of bl/wl in eval | jvoisin | |
| 2018-01-10 | Eval whitelist | jvoisin | |
| Implement whitelist in eval | |||
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |