summaryrefslogtreecommitdiff
path: root/src/tests (follow)
AgeCommit message (Collapse)Author
2018-02-06Increase a bit the coveragejvoisin
2018-02-06Add a test to make sure that arrays are correctly handledjvoisin
2018-02-06Add a test to check regexpsjvoisin
2018-02-05Massive simplification of functions hookingjvoisin
2018-02-05Compatibility layer for pcre2jvoisin
This should close #129
2018-01-26Fix a segfault in `get_local_var` (#138)Thibault "bui" Koechlin
This commit fixes a segfault where 'get_local_var' would fail if no functions where called yet (`symtable` will be NULL)
2018-01-19The testsuite is now successfully running under the root userjvoisin
This closes #131
2018-01-18Remove src from patchRemi Collet
As in pr #126
2018-01-18Add globbing support for configuration file path (closes #125)Sebastien Blot
2018-01-18Improve the way we're dealing with filtering on parameter positionsjvoisin
This should close #127
2018-01-17Bump a bit the coveragejvoisin
2018-01-17remove src from path (#126)Remi Collet
2018-01-17Bump a bit our coveragejvoisin
2018-01-17Our configuration files are ending in .rules, not .inijvoisin
This commit fixes the documentation, our shipped configuration files, and the related tests. Thanks to @remicollet for the tip
2018-01-12Add an ugly hack to our parser to make the writing of configuration rules ↵jvoisin
more obvious.
2018-01-10Rework the priority of bl/wl in evaljvoisin
2018-01-10Eval whitelistjvoisin
Implement whitelist in eval
2018-01-08Add a test to see what happens when no configuration file is givenjvoisin
2018-01-06Ignore a test when running the testsuite as rootjvoisin
2018-01-05Fix a bypass in our eval blacklistjvoisin
2018-01-04Eval blacklistjvoisin
Add support for eval filtering, only blacklist for now
2018-01-04Bump a bit the coveragejvoisin
2018-01-03Handle correctly configuration files with Windows EOLjvoisin
Thanks to @fr33tux for the bug report ♥
2018-01-02Remove some useless code in the testsuitejvoisin
2017-12-29Fix two broken testsjvoisin
2017-12-28Add two test to prove that we're not prone to old-school bypassesjvoisin
2017-12-28Show in the phpinfo() is the config is validjvoisin
This should close #39
2017-12-28Fix a non-working testjvoisin
2017-12-28Bump a bit the coveragejvoisin
2017-12-28Implement regexp support for cookies encryptionThibault "bui" Koechlin
It's now possible to encrypt cookies matching a specific regexp. This should close #106
2017-12-28Add two tests to verify that we can hook indirect callsjvoisin
This should close #104
2017-12-28Implement hooking on user-defined functions return valuesjvoisin
This should close #99, thanks to @blotus for the implementation idea!
2017-12-27Implement simulation mode for cookies (de/en)cryptionjvoisin
This should close #102 This commit can be useful for two use-cases: 1. When deploying Snuffleupagus on big CMS like Magento, and not knowing what cookies are modified via javascript. 2. When deploying Snuffleupagus on big websites: you don't want to disconnect every single user at once. When simulation is enabled, if the decryption fails, a log message is now issued, and the cookie value taken as it (since odds are that it's non-encrypted).
2017-12-21Add coverageslefevre
2017-12-21Add testslefevre
2017-12-21Remove the now useless `validate_str` functionxXx-caillou-xXx
2017-12-21Add testslefevre
2017-12-21Add some tests (#96)xXx-caillou-xXx
2017-12-21Add a constant-related testjvoisin
2017-12-20Better parsing of the rulesxXx-caillou-xXx
Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules.
2017-12-20Make `setcookie` return truexXx-caillou-xXx
We forgot to set a return value to the setcookie function, thus always returning false. Since very few frameworks/developers are checking the return value, it went unnoticed until we played with Magento, who effectively checks the return value.
2017-12-18Fix cookie encryptionxXx-caillou-xXx
Previously, when a cookie was set with the `httpOnly` flag, it was automatically encrypted, due to a logic flaw. This is now fixed and tested.
2017-12-05Dump environnement variables (#83)jvoisin
Apparently, PHP thinks that it's a great idea to type environnement variables, because why not.
2017-12-05Add two failing testsjvoisin
2017-12-04Fix the configuration parser wrt. non-matching bracketsjvoisin
This validation step is a bit idiotic, but we'll replace it with a proper parser anyway.
2017-12-01Add a test that used to segfaultjvoisin
2017-12-01Fail sooner when not able to create the folder to dumpjvoisin
2017-11-29Add new testsjvoisin
2017-11-29Add yet an other testjvoisin
2017-11-29Add even MOAR testsjvoisin