summaryrefslogtreecommitdiff
path: root/src/tests (follow)
AgeCommit message (Collapse)Author
2019-02-23Fix the testsuite on php8.jvoisin
In php8, it's non-trivial to hook strlen, since this function is usually optimized away by the compiler.
2019-01-14Reorganize the testsuitejvoisin
Splitting the testsuite in several components makes it easier to manage and comprehend. This was also needed some some tests aren't passing on Alpine Linux, but we still want to run as many of them as we can on this platform.
2019-01-03Add a gitlab-ci file, and a fix test on Fedorajvoisin
2018-12-26Add two eval-related testsjvoisin
2018-12-26Fix the build for php7.0jvoisin
We only want to prevent crash/infinite recursion, we don't really care about the error/warning messages.
2018-12-26Fix the build for php7.0 and php7.1jvoisin
2018-12-26Bump a bit the coveragejvoisin
2018-12-26Remove an unnecessary guard against infinite recursion in session handlingjvoisin
This used to be useful in the times of PHP5.4/Suhosin (https://github.com/sektioneins/suhosin/issues/60), but nowadays, php is handling this case on its own.
2018-12-26Make the testsuite a bit more portablejvoisin
2018-12-15Provide a php script, to get rid of the python one for test suiteRemi Collet
This commit adds a php version of the upload_validation.py script.
2018-10-09Bump coveragejvoisin
2018-10-09Bump the coverage a bitjvoisin
2018-10-08Add a testjvoisin
2018-10-06Bump coverage againjvoisin
2018-10-06Fix the silly mistake for goodjvoisin
2018-10-06Fix a silly mistakejvoisin
2018-10-06Add a testjvoisin
2018-10-06Bump a bit the coveragejvoisin
* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
2018-10-05Fix segfault array keyskkadosh
Many thanks to @xXx-caillou-xXx for finding the true root cause and fixing the issue ♥
2018-09-10Improve a bit the coveragejvoisin
2018-09-01Use php full pathRemi Collet
Use the PHP_BINARY constant instead of "php".
2018-08-30Change how we're handling invalid configurationsxXx-caillou-xXx
Since our configuration format is a bit more complex than php's one, we have a `sp.allow_broken_configuration` parameter (`false` by default), that you can set to `true` if you want PHP to carry on if your Snuffleupagus' configuration contains syntax errors. You'll still get a big scary message in your logs of course. We do **not** recommend to use it of course, but sometimes it might be useful to be able to "debug in production" without breaking your website.
2018-08-30Match on ret improvementsxXx-caillou-xXx
This commit does two things: - Implement matching on calltraces for ret - Implement matching on ret of user functions if the return value is not used.
2018-08-29Change how we're validating certificatesxXx-caillou-xXx
2018-08-29Verify certs (#223)jvoisin
Ensure that certificates are verified in curl should close #47
2018-08-28Fix a SIGSEGV on user-created function's return valuexXx-caillou-xXx
2018-08-28Add array_search and array_keys hooks to kill sloppy comparisonsxXx-caillou-xXx
2018-08-28Add a test for invalid regexp in cookie-related featuresxXx-caillou-xXx
This should close #105
2018-08-28Use php's logging functionsxXx-caillou-xXx
This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217
2018-08-28Add a test for sloppy-comparisons in arraysjvoisin
2018-08-27Enable strict mode for `in_array` with sloppy_comparisonxXx-caillou-xXx
2018-08-27Use php_setcookie function (PHP public API)Remi Collet
This commit vastly simplifies the code of cookies-fiddling mechanisms.
2018-08-27Add whitelist support for php's wrappersxXx-caillou-xXx
2018-08-27Modify test for callback functionsxXx-caillou-xXx
close #171
2018-08-20Add test for params matchingxXx-caillou-xXx
2018-08-02fix #203 (#204)crKontrol
sp.disable_function.function().filename doesn't take phar:///
2018-07-19Fix the issue with rand hardeningxXx-caillou-xXx
2018-07-13Skip VLD for php7.3, as VLD is not compatible yet.xXx-caillou-xXx
2018-07-13Reduce call to get_complete_function_pathxXx-caillou-xXx
2018-07-13Fix hooking on `print`xXx-caillou-xXx
2018-07-13Allow rules matching on echo and printxXx-caillou-xXx
2018-07-10Fix #183 (#185)Remi Collet
* relax test to pass with 7.3 * skip test with 7.3 as samesite is broken + add TODO
2018-07-09Trying to fix sloppy comparison (#186)jvoisin
* Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode
2018-06-28Better handling of filters for builtinskkadosh
2018-05-29Support session encryptionkkadosh
Implement session encryption.
2018-05-16Don't run some tests on `-dev` php versionsjvoisin
2018-05-16Improve the testsuite's robustness against php7.2jvoisin
2018-05-03Uniformise some logssimon MAGNIN-FEYSOT
This commit will make certain logs easier to parse.
2018-03-19The filename filter is now matching on callsite instead of implemsite (#167)kkadosh
* Add match on the file where the function is called * Add the test * Constify some params * Fix potentiel null deref * Return more before if execute_data is NULL
2018-03-19Add a failing test for callback function as parameterkkadosh