snuffleupagus - Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

Age	Commit message (Collapse)	Author
2022-01-07	fixed invalid return value	Ben Fuhrmannek

2022-01-06	prevent double checks and fixed segfault on return value access	Ben Fuhrmannek

2021-12-14	fix: apply checks to internal function calls, too, so we can match internal ↵	Ben Fuhrmannek
	class methods that are not hooked
2021-12-14	fix: include class name in eval whitelist matching	Ben Fuhrmannek

2021-11-30	PHP 8.1 compatibility with streams/includes + fix for ticks	Ben Fuhrmannek

2021-09-23	config is stack allocated now + some code improvements (see details)	Ben Fuhrmannek
	* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible * SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read * execution_depth is re-initialized to 0 for each request * function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1 * execution is actually hooked if recursion protection is enabled * some line breaks were removed to make the code more readable
2021-09-15	implemented execution depth limit	Ben Fuhrmannek

2021-08-16	fincy new scanner/parser for config rules + fixed a few bugs along the way + ↵	Ben Fuhrmannek
	fixed related unittests
2021-05-09	Add some guard to prevent hooking recursion	jvoisin
	This shouldn't be necessary, but better safe than sorry.
2020-11-12	Simplify a bit a function	jvoisin

2020-08-16	Remove a useless line of code	jvoisin

2020-08-12	Allow empty configuration (#342)	jvoisin
	This commit allows php to run (with a warning) if there is no specified snuffleupagus configuration, instead of refusing to start.
2020-07-22	refactoring sp_log_* (#340)	Giovanni
	Co-authored-by: Giovanni Dante Grazioli <giovanni.dantegrazioli@nbs-system.com>
2019-06-20	Fix snufflepagus_globals linking issues and one mac compatibility issue	bef

2019-02-23	Try to unify the includes	jvoisin

2018-10-09	Don't check the return values of functions that might not return (#255)	jvoisin
	This is due to our modifications to the logging system
2018-10-06	Add a missing opcode in sp_execute_ex	jvoisin

2018-10-06	Coverage++	jvoisin

2018-10-06	Bump coverage again	jvoisin

2018-10-06	Bump coverage again	jvoisin

2018-10-06	Bump a bit the coverage	jvoisin
	* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
2018-10-06	Remove sp_terminate and bump a bit the coverage	jvoisin

2018-08-30	Minor code cleanup	xXx-caillou-xXx

2018-08-30	Match on ret improvements	xXx-caillou-xXx
	This commit does two things: - Implement matching on calltraces for ret - Implement matching on ret of user functions if the return value is not used.
2018-08-28	Fix a SIGSEGV on user-created function's return value	xXx-caillou-xXx

2018-08-09	Fix yet an other hang/crash	jvoisin
	There are valid reasons for `orig_zend_execute_internal` to be `NULL`, we we're not checking if it is, well, `NULL`.
2018-08-09	Fix a typo in the previous commits	jvoisin

2018-08-09	Fix a crash/hang when using fpm's pools	jvoisin
	We might have ended up in infinite loops when using php-fpm, if several different process hooked some functions twice. Thanks to @sriccio for reporting the issue
2018-07-13	Yet an other pass of clang-format	jvoisin

2018-07-13	Reduce call to get_complete_function_path	xXx-caillou-xXx

2018-07-13	Massively optimize how rules are handled	xXx-caillou-xXx
	This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
2018-07-09	Trying to fix sloppy comparison (#186)	jvoisin
	* Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode
2018-03-12	Bump the changelogv0.2.2	jvoisin

2018-03-08	Marginally improve the performances when dealing with eval	jvoisin

2018-03-05	Improve performances by a significant factor	jvoisin
	Only check if a function should be disabled when we're after a `*CALL` opcode, end not on every single opcode. Based on @blotus ideas ♥
2018-03-02	Add .dump() for eval whitelist/blacklist + simulation mode for whitelist	kkadosh

2018-03-02	Implement dump() for execution of writable PHP files	kkadosh

2018-01-19	Fix a possible double-execute	jvoisin
	Some extensions might hook `zend_execute_internal` for various reason, although few are doing it. We're not supposed to call the original function in our hook if someone else is hooking it. Thanks to @remicollet for the bug report and troubleshooting
2018-01-18	Minor code improvements in sp_execute.c	jvoisin

2018-01-17	Remove useless "head" member in our linked lists implementation	simon MAGNIN-FEYSOT
	This should close #85
2018-01-10	Rework the priority of bl/wl in eval	jvoisin

2018-01-10	Minor constification	jvoisin

2018-01-10	Eval whitelist	jvoisin
	Implement whitelist in eval
2018-01-05	Fix a bypass in our eval blacklist	jvoisin

2018-01-04	Eval blacklist	jvoisin
	Add support for eval filtering, only blacklist for now
2017-12-28	Clang-format pass	Thibault "bui" Koechlin
	- `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu.c sp_.c sp_*.h` - Update the documentation accordingly
2017-12-28	Implement hooking on user-defined functions return values	jvoisin
	This should close #99, thanks to @blotus for the implementation idea!
2017-12-21	Rename sp_node_t to sp_list_node	jvoisin
	Since we now have sp_list and sp_tree, it makes sense to specify that nodes are only for lists.
2017-11-30	Minor refactoring and clarification	jvoisin

2017-11-29	Implement eval hooking	jvoisin
	It's not possible to hook the `eval` builtin like other functions.