snuffleupagus - Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

Age	Commit message (Collapse)	Author
2020-06-19	Fix the gitlab-ci Ubuntu runner	jvoisin

2020-06-07	Fix a broken test on php nightly	jvoisin
	Apparently, php is now raising errors for non-existing keys in arrays, so we're now catching the exception to allow the test to be run.
2020-06-07	Mark simplexml tests as broken	jvoisin

2020-06-07	Travis-ci's SimpleXML setup is weird	jvoisin
	So we're disabling simplexml's check on it.
2020-05-14	Fix the testsuite under php7.4	jvoisin

2020-05-01	Make the testsuite work on php7.4	jvoisin
	Before php7.4, it seems that the curl module was loaded by default, but since it's no the case anymore, it has to be manually specified in the testsuite. Interestingly, Php's testsuite mechanism is running snippets to determine some runtime parameters like the extension directory. Unfortunately,it tries to run them with Snuffleupagus loaded, resulting in an error, since no configuration file is passed.
2020-03-04	%s/nbs-system/jvoisin	jvoisin
	Since I'm the only one to maintain Snuffleupagus, let's adjust the links and contact addresses of my fork, to point to well… my fork.
2019-11-03	Log ip addresses	kkadosh

2019-08-31	Support direct syslog logging	Thibault "bui" Koechlin
	Add the possibility to log directly into the syslog, instead of using php's log system.
2019-07-09	Don't run an openssl-dependent test is openssl isn't installed	Remi Collet

2019-07-09	Add a stream wrapper test that doesn't depend on openssl	jvoisin

2019-02-23	Fix the testsuite on php8.	jvoisin
	In php8, it's non-trivial to hook strlen, since this function is usually optimized away by the compiler.
2019-01-14	Reorganize the testsuite	jvoisin
	Splitting the testsuite in several components makes it easier to manage and comprehend. This was also needed some some tests aren't passing on Alpine Linux, but we still want to run as many of them as we can on this platform.
2019-01-03	Add a gitlab-ci file, and a fix test on Fedora	jvoisin

2018-12-26	Add two eval-related tests	jvoisin

2018-12-26	Fix the build for php7.0	jvoisin
	We only want to prevent crash/infinite recursion, we don't really care about the error/warning messages.
2018-12-26	Fix the build for php7.0 and php7.1	jvoisin

2018-12-26	Bump a bit the coverage	jvoisin

2018-12-26	Remove an unnecessary guard against infinite recursion in session handling	jvoisin
	This used to be useful in the times of PHP5.4/Suhosin (https://github.com/sektioneins/suhosin/issues/60), but nowadays, php is handling this case on its own.
2018-12-26	Make the testsuite a bit more portable	jvoisin

2018-12-15	Provide a php script, to get rid of the python one for test suite	Remi Collet
	This commit adds a php version of the upload_validation.py script.
2018-10-09	Bump coverage	jvoisin

2018-10-09	Bump the coverage a bit	jvoisin

2018-10-08	Add a test	jvoisin

2018-10-06	Bump coverage again	jvoisin

2018-10-06	Fix the silly mistake for good	jvoisin

2018-10-06	Fix a silly mistake	jvoisin

2018-10-06	Add a test	jvoisin

2018-10-06	Bump a bit the coverage	jvoisin
	* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
2018-10-05	Fix segfault array keys	kkadosh
	Many thanks to @xXx-caillou-xXx for finding the true root cause and fixing the issue ♥
2018-09-10	Improve a bit the coverage	jvoisin

2018-09-01	Use php full path	Remi Collet
	Use the PHP_BINARY constant instead of "php".
2018-08-30	Change how we're handling invalid configurations	xXx-caillou-xXx
	Since our configuration format is a bit more complex than php's one, we have a `sp.allow_broken_configuration` parameter (`false` by default), that you can set to `true` if you want PHP to carry on if your Snuffleupagus' configuration contains syntax errors. You'll still get a big scary message in your logs of course. We do not recommend to use it of course, but sometimes it might be useful to be able to "debug in production" without breaking your website.
2018-08-30	Match on ret improvements	xXx-caillou-xXx
	This commit does two things: - Implement matching on calltraces for ret - Implement matching on ret of user functions if the return value is not used.
2018-08-29	Change how we're validating certificates	xXx-caillou-xXx

2018-08-29	Verify certs (#223)	jvoisin
	Ensure that certificates are verified in curl should close #47
2018-08-28	Fix a SIGSEGV on user-created function's return value	xXx-caillou-xXx

2018-08-28	Add array_search and array_keys hooks to kill sloppy comparisons	xXx-caillou-xXx

2018-08-28	Add a test for invalid regexp in cookie-related features	xXx-caillou-xXx
	This should close #105
2018-08-28	Use php's logging functions	xXx-caillou-xXx
	This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217
2018-08-28	Add a test for sloppy-comparisons in arrays	jvoisin

2018-08-27	Enable strict mode for `in_array` with sloppy_comparison	xXx-caillou-xXx

2018-08-27	Use php_setcookie function (PHP public API)	Remi Collet
	This commit vastly simplifies the code of cookies-fiddling mechanisms.
2018-08-27	Add whitelist support for php's wrappers	xXx-caillou-xXx

2018-08-27	Modify test for callback functions	xXx-caillou-xXx
	close #171
2018-08-20	Add test for params matching	xXx-caillou-xXx

2018-08-02	fix #203 (#204)	crKontrol
	sp.disable_function.function().filename doesn't take phar:///
2018-07-19	Fix the issue with rand hardening	xXx-caillou-xXx

2018-07-13	Skip VLD for php7.3, as VLD is not compatible yet.	xXx-caillou-xXx

2018-07-13	Reduce call to get_complete_function_path	xXx-caillou-xXx