| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-12-15 | Provide a php script, to get rid of the python one for test suite | Remi Collet | |
| This commit adds a php version of the upload_validation.py script. | |||
| 2018-10-09 | Bump coverage | jvoisin | |
| 2018-10-08 | Add a test | jvoisin | |
| 2018-10-06 | Bump a bit the coverage | jvoisin | |
| * `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable | |||
| 2018-08-29 | Change how we're validating certificates | xXx-caillou-xXx | |
| 2018-08-29 | Verify certs (#223) | jvoisin | |
| Ensure that certificates are verified in curl should close #47 | |||
| 2018-08-28 | Fix a SIGSEGV on user-created function's return value | xXx-caillou-xXx | |
| 2018-08-28 | Add a test for invalid regexp in cookie-related features | xXx-caillou-xXx | |
| This should close #105 | |||
| 2018-08-27 | Add whitelist support for php's wrappers | xXx-caillou-xXx | |
| 2018-08-27 | Modify test for callback functions | xXx-caillou-xXx | |
| close #171 | |||
| 2018-08-20 | Add test for params matching | xXx-caillou-xXx | |
| 2018-07-13 | Fix hooking on `print` | xXx-caillou-xXx | |
| 2018-07-13 | Allow rules matching on echo and print | xXx-caillou-xXx | |
| 2018-07-09 | Trying to fix sloppy comparison (#186) | jvoisin | |
| * Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode | |||
| 2018-06-28 | Better handling of filters for builtins | kkadosh | |
| 2018-05-29 | Support session encryption | kkadosh | |
| Implement session encryption. | |||
| 2018-03-19 | The filename filter is now matching on callsite instead of implemsite (#167) | kkadosh | |
| * Add match on the file where the function is called * Add the test * Constify some params * Fix potentiel null deref * Return more before if execute_data is NULL | |||
| 2018-03-19 | Add a failing test for callback function as parameter | kkadosh | |
| 2018-03-15 | Change a test to expected failed | kkadosh | |
| Apparently, we're not supporting hooking on `ret` for user-defined functions. | |||
| 2018-03-14 | Bump a bit the coverage | jvoisin | |
| 2018-03-09 | Add an unit test for an edge-case | jvoisin | |
| 2018-03-06 | Bump a bit the coverage | jvoisin | |
| 2018-03-06 | Fix a variadic-functions-related crash | jvoisin | |
| Currently, we're not supporting virtual-patching on variadic functions. The commit makes it clear, and fix the related crash. This should close #157 | |||
| 2018-03-02 | Add .dump() for eval whitelist/blacklist + simulation mode for whitelist | kkadosh | |
| 2018-03-02 | Implement dump() for execution of writable PHP files | kkadosh | |
| 2018-02-27 | Implements .dump() for unserialize and fix some related tests | kkadosh | |
| 2018-02-12 | Provide a script for upload validation | jvoisin | |
| The Python script is using vld (https://derickrethans.nl/projects.html#vld) to check for malicious opcodes. | |||
| 2018-02-09 | Add a broken test :'( | jvoisin | |
| 2018-02-06 | Increase a bit the coverage | jvoisin | |
| 2018-02-06 | Add a test to make sure that arrays are correctly handled | jvoisin | |
| 2018-02-06 | Add a test to check regexps | jvoisin | |
| 2018-02-05 | Massive simplification of functions hooking | jvoisin | |
| 2018-01-17 | Bump a bit the coverage | jvoisin | |
| 2018-01-17 | Bump a bit our coverage | jvoisin | |
| 2018-01-12 | Add an ugly hack to our parser to make the writing of configuration rules ↵ | jvoisin | |
| more obvious. | |||
| 2018-01-10 | Rework the priority of bl/wl in eval | jvoisin | |
| 2018-01-10 | Eval whitelist | jvoisin | |
| Implement whitelist in eval | |||
| 2018-01-04 | Eval blacklist | jvoisin | |
| Add support for eval filtering, only blacklist for now | |||
| 2018-01-04 | Bump a bit the coverage | jvoisin | |
| 2018-01-03 | Handle correctly configuration files with Windows EOL | jvoisin | |
| Thanks to @fr33tux for the bug report ♥ | |||
| 2017-12-28 | Fix a non-working test | jvoisin | |
| 2017-12-28 | Bump a bit the coverage | jvoisin | |
| 2017-12-28 | Implement regexp support for cookies encryption | Thibault "bui" Koechlin | |
| It's now possible to encrypt cookies matching a specific regexp. This should close #106 | |||
| 2017-12-27 | Implement simulation mode for cookies (de/en)cryption | jvoisin | |
| This should close #102 This commit can be useful for two use-cases: 1. When deploying Snuffleupagus on big CMS like Magento, and not knowing what cookies are modified via javascript. 2. When deploying Snuffleupagus on big websites: you don't want to disconnect every single user at once. When simulation is enabled, if the decryption fails, a log message is now issued, and the cookie value taken as it (since odds are that it's non-encrypted). | |||
| 2017-12-21 | Add coverage | slefevre | |
| 2017-12-21 | Add test | slefevre | |
| 2017-12-21 | Remove the now useless `validate_str` function | xXx-caillou-xXx | |
| 2017-12-21 | Add test | slefevre | |
| 2017-12-21 | Add some tests (#96) | xXx-caillou-xXx | |
| 2017-12-21 | Add a constant-related test | jvoisin | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |