| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-08-02 | fix #203 (#204) | crKontrol | |
| sp.disable_function.function().filename doesn't take phar:/// | |||
| 2018-07-19 | Fix the issue with rand hardening | xXx-caillou-xXx | |
| 2018-07-13 | Skip VLD for php7.3, as VLD is not compatible yet. | xXx-caillou-xXx | |
| 2018-07-13 | Reduce call to get_complete_function_path | xXx-caillou-xXx | |
| 2018-07-13 | Fix hooking on `print` | xXx-caillou-xXx | |
| 2018-07-13 | Allow rules matching on echo and print | xXx-caillou-xXx | |
| 2018-07-10 | Fix #183 (#185) | Remi Collet | |
| * relax test to pass with 7.3 * skip test with 7.3 as samesite is broken + add TODO | |||
| 2018-07-09 | Trying to fix sloppy comparison (#186) | jvoisin | |
| * Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode | |||
| 2018-06-28 | Better handling of filters for builtins | kkadosh | |
| 2018-05-29 | Support session encryption | kkadosh | |
| Implement session encryption. | |||
| 2018-05-16 | Don't run some tests on `-dev` php versions | jvoisin | |
| 2018-05-16 | Improve the testsuite's robustness against php7.2 | jvoisin | |
| 2018-05-03 | Uniformise some logs | simon MAGNIN-FEYSOT | |
| This commit will make certain logs easier to parse. | |||
| 2018-03-19 | The filename filter is now matching on callsite instead of implemsite (#167) | kkadosh | |
| * Add match on the file where the function is called * Add the test * Constify some params * Fix potentiel null deref * Return more before if execute_data is NULL | |||
| 2018-03-19 | Add a failing test for callback function as parameter | kkadosh | |
| 2018-03-19 | Increase random number max for test | kka | |
| 2018-03-15 | Change a test to expected failed | kkadosh | |
| Apparently, we're not supporting hooking on `ret` for user-defined functions. | |||
| 2018-03-14 | Bump a bit the coverage | jvoisin | |
| 2018-03-09 | Add an unit test for an edge-case | jvoisin | |
| 2018-03-06 | Bump a bit the coverage | jvoisin | |
| 2018-03-06 | Fix a variadic-functions-related crash | jvoisin | |
| Currently, we're not supporting virtual-patching on variadic functions. The commit makes it clear, and fix the related crash. This should close #157 | |||
| 2018-03-02 | Add .dump() for eval whitelist/blacklist + simulation mode for whitelist | kkadosh | |
| 2018-03-02 | Implement dump() for execution of writable PHP files | kkadosh | |
| 2018-03-02 | Add some rules for Typo3, courtesy of @kjojo | jvoisin | |
| 2018-02-27 | Implements .dump() for unserialize and fix some related tests | kkadosh | |
| 2018-02-22 | php-nightly is now allowed to fail | jvoisin | |
| PHP is breaking too many things on nightly, we'll only support releases from now on. This should also make our vld-based file-upload checker more resilient: no more random warnings on stderr. | |||
| 2018-02-22 | Refactor a bit our rules | jvoisin | |
| 2018-02-12 | Provide a script for upload validation | jvoisin | |
| The Python script is using vld (https://derickrethans.nl/projects.html#vld) to check for malicious opcodes. | |||
| 2018-02-09 | Add a broken test :'( | jvoisin | |
| 2018-02-07 | Add an example rule from the rips calendar for abantecart's XSS | kjojo | |
| 2018-02-06 | Increase a bit the coverage | jvoisin | |
| 2018-02-06 | Add a test to make sure that arrays are correctly handled | jvoisin | |
| 2018-02-06 | Add a test to check regexps | jvoisin | |
| 2018-02-05 | Massive simplification of functions hooking | jvoisin | |
| 2018-02-05 | Compatibility layer for pcre2 | jvoisin | |
| This should close #129 | |||
| 2018-01-26 | Fix a segfault in `get_local_var` (#138) | Thibault "bui" Koechlin | |
| This commit fixes a segfault where 'get_local_var' would fail if no functions where called yet (`symtable` will be NULL) | |||
| 2018-01-19 | The testsuite is now successfully running under the root user | jvoisin | |
| This closes #131 | |||
| 2018-01-18 | Remove src from patch | Remi Collet | |
| As in pr #126 | |||
| 2018-01-18 | Add globbing support for configuration file path (closes #125) | Sebastien Blot | |
| 2018-01-18 | Improve the way we're dealing with filtering on parameter positions | jvoisin | |
| This should close #127 | |||
| 2018-01-17 | Bump a bit the coverage | jvoisin | |
| 2018-01-17 | remove src from path (#126) | Remi Collet | |
| 2018-01-17 | Bump a bit our coverage | jvoisin | |
| 2018-01-17 | Our configuration files are ending in .rules, not .ini | jvoisin | |
| This commit fixes the documentation, our shipped configuration files, and the related tests. Thanks to @remicollet for the tip | |||
| 2018-01-12 | Add an ugly hack to our parser to make the writing of configuration rules ↵ | jvoisin | |
| more obvious. | |||
| 2018-01-10 | Rework the priority of bl/wl in eval | jvoisin | |
| 2018-01-10 | Eval whitelist | jvoisin | |
| Implement whitelist in eval | |||
| 2018-01-08 | Add a test to see what happens when no configuration file is given | jvoisin | |
| 2018-01-06 | Ignore a test when running the testsuite as root | jvoisin | |
| 2018-01-05 | Fix a bypass in our eval blacklist | jvoisin | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |