| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-12-15 | Provide a php script, to get rid of the python one for test suite | Remi Collet | |
| This commit adds a php version of the upload_validation.py script. | |||
| 2018-10-09 | Bump coverage | jvoisin | |
| 2018-10-09 | Bump the coverage a bit | jvoisin | |
| 2018-10-08 | Add a test | jvoisin | |
| 2018-10-06 | Bump coverage again | jvoisin | |
| 2018-10-06 | Fix the silly mistake for good | jvoisin | |
| 2018-10-06 | Fix a silly mistake | jvoisin | |
| 2018-10-06 | Add a test | jvoisin | |
| 2018-10-06 | Bump a bit the coverage | jvoisin | |
| * `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable | |||
| 2018-10-05 | Fix segfault array keys | kkadosh | |
| Many thanks to @xXx-caillou-xXx for finding the true root cause and fixing the issue ♥ | |||
| 2018-09-10 | Improve a bit the coverage | jvoisin | |
| 2018-09-01 | Use php full path | Remi Collet | |
| Use the PHP_BINARY constant instead of "php". | |||
| 2018-08-30 | Change how we're handling invalid configurations | xXx-caillou-xXx | |
| Since our configuration format is a bit more complex than php's one, we have a `sp.allow_broken_configuration` parameter (`false` by default), that you can set to `true` if you want PHP to carry on if your Snuffleupagus' configuration contains syntax errors. You'll still get a big scary message in your logs of course. We do **not** recommend to use it of course, but sometimes it might be useful to be able to "debug in production" without breaking your website. | |||
| 2018-08-30 | Match on ret improvements | xXx-caillou-xXx | |
| This commit does two things: - Implement matching on calltraces for ret - Implement matching on ret of user functions if the return value is not used. | |||
| 2018-08-29 | Change how we're validating certificates | xXx-caillou-xXx | |
| 2018-08-29 | Verify certs (#223) | jvoisin | |
| Ensure that certificates are verified in curl should close #47 | |||
| 2018-08-28 | Fix a SIGSEGV on user-created function's return value | xXx-caillou-xXx | |
| 2018-08-28 | Add array_search and array_keys hooks to kill sloppy comparisons | xXx-caillou-xXx | |
| 2018-08-28 | Add a test for invalid regexp in cookie-related features | xXx-caillou-xXx | |
| This should close #105 | |||
| 2018-08-28 | Use php's logging functions | xXx-caillou-xXx | |
| This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217 | |||
| 2018-08-28 | Add a test for sloppy-comparisons in arrays | jvoisin | |
| 2018-08-27 | Enable strict mode for `in_array` with sloppy_comparison | xXx-caillou-xXx | |
| 2018-08-27 | Use php_setcookie function (PHP public API) | Remi Collet | |
| This commit vastly simplifies the code of cookies-fiddling mechanisms. | |||
| 2018-08-27 | Add whitelist support for php's wrappers | xXx-caillou-xXx | |
| 2018-08-27 | Modify test for callback functions | xXx-caillou-xXx | |
| close #171 | |||
| 2018-08-20 | Add test for params matching | xXx-caillou-xXx | |
| 2018-08-02 | fix #203 (#204) | crKontrol | |
| sp.disable_function.function().filename doesn't take phar:/// | |||
| 2018-07-19 | Fix the issue with rand hardening | xXx-caillou-xXx | |
| 2018-07-13 | Skip VLD for php7.3, as VLD is not compatible yet. | xXx-caillou-xXx | |
| 2018-07-13 | Reduce call to get_complete_function_path | xXx-caillou-xXx | |
| 2018-07-13 | Fix hooking on `print` | xXx-caillou-xXx | |
| 2018-07-13 | Allow rules matching on echo and print | xXx-caillou-xXx | |
| 2018-07-10 | Fix #183 (#185) | Remi Collet | |
| * relax test to pass with 7.3 * skip test with 7.3 as samesite is broken + add TODO | |||
| 2018-07-09 | Trying to fix sloppy comparison (#186) | jvoisin | |
| * Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode | |||
| 2018-06-28 | Better handling of filters for builtins | kkadosh | |
| 2018-05-29 | Support session encryption | kkadosh | |
| Implement session encryption. | |||
| 2018-05-16 | Don't run some tests on `-dev` php versions | jvoisin | |
| 2018-05-16 | Improve the testsuite's robustness against php7.2 | jvoisin | |
| 2018-05-03 | Uniformise some logs | simon MAGNIN-FEYSOT | |
| This commit will make certain logs easier to parse. | |||
| 2018-03-19 | The filename filter is now matching on callsite instead of implemsite (#167) | kkadosh | |
| * Add match on the file where the function is called * Add the test * Constify some params * Fix potentiel null deref * Return more before if execute_data is NULL | |||
| 2018-03-19 | Add a failing test for callback function as parameter | kkadosh | |
| 2018-03-19 | Increase random number max for test | kka | |
| 2018-03-15 | Change a test to expected failed | kkadosh | |
| Apparently, we're not supporting hooking on `ret` for user-defined functions. | |||
| 2018-03-14 | Bump a bit the coverage | jvoisin | |
| 2018-03-09 | Add an unit test for an edge-case | jvoisin | |
| 2018-03-06 | Bump a bit the coverage | jvoisin | |
| 2018-03-06 | Fix a variadic-functions-related crash | jvoisin | |
| Currently, we're not supporting virtual-patching on variadic functions. The commit makes it clear, and fix the related crash. This should close #157 | |||
| 2018-03-02 | Add .dump() for eval whitelist/blacklist + simulation mode for whitelist | kkadosh | |
| 2018-03-02 | Implement dump() for execution of writable PHP files | kkadosh | |
| 2018-03-02 | Add some rules for Typo3, courtesy of @kjojo | jvoisin | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |