summaryrefslogtreecommitdiff
path: root/src (follow)
AgeCommit message (Collapse)Author
2017-10-13Show some data in the phpinfo();jvoisin
2017-10-13Fix some pedantic warningsjvoisin
2017-10-13Add some debug to the harden-rand tests, just in case™jvoisin
2017-10-13Fix the size of the output vector in our usage of pcrejvoisin
2017-10-12Minor refactoringjvoisin
- use the `is_regexp_matching` function when possible - check parameters before passing it to `pcre_exec` - improve error messages wrt. regexp
2017-10-12Fix minor gcc warnings with experimental optionsjvoisin
`CFLAGS='-Wnull-dereference -Wlogical-op -Wshadow -Wjump-misses-init' make clean coverage`
2017-10-11Hopefully fix an unreproductible NULL-deref in regexp matchingjvoisin
Reported by @fr33tux
2017-10-11Add some more debug to the regexp thingyjvoisin
2017-10-11Cheat a bit with the coveragejvoisin
2017-10-11Cache checksum calculation for the current filejvoisin
Close #34
2017-10-11s/disable_functions/disable_function/gjvoisin
This should close #36 and #30
2017-10-11Add some info when a regexp failsjvoisin
2017-10-10.allow() is now working for requirejvoisin
2017-10-10Bump coverage, and fix a segfault on trace matchingjvoisin
2017-10-10Increase a bit the coveragejvoisin
2017-10-10Remove a useless ile for nowjvoisin
This should close #31
2017-10-10Make the `simulation` mode logs more obviousjvoisin
2017-10-09Better hooking of language constructs (#26)jvoisin
* Vastly improve the support of language construct hooking
2017-10-09Implement matching on the calltrace (#17)jvoisin
* Implement matching on the calltrace
2017-10-05Use clang on travis-ci (#23)jvoisin
2017-10-05Use PHP's entropy generation primitive, instead of a ghetto one (#24)jvoisin
2017-10-03Add a test for functions used in UPPERCASEjvoisin
2017-10-02Add a warning if the env var is NULLjvoisin
2017-10-02First pass for #9jvoisin
2017-09-29Fix two cookie encryption issues found by @cfreal, and a bonus one (#18)jvoisin
* Fix a cookie encryption issue found by @cfreal - Use the base64-decoded payload length to allocate memory to decrypt it, instead of allocating the length of the undecoded one. This has no security impact, since the base64-encoded string is at least as large as the decoded one. Since we're using AEAD, there is no way to leak memory, since this would make the decryption fail.
2017-09-26Implement, test and document namespace supportjvoisin
2017-09-26Simplify and improve the build systemjvoisin
- CFLAGS are now set in the config.m4 file (and not in the Makefile anymore) - `make release` is added - `make debug` and `make coverage` are now simpler - hardening flags are added
2017-09-26Merge pull request #8 from nbs-system/fix_local_xxeblotus
Fix XXE test when running without XML support
2017-09-25Bump a bit the coveragejvoisin
2017-09-25Fix XXE test when running without XML supportjvoisin
Apparently, using `echo` instead of `die` works better™
2017-09-25Improve the travis filejvoisin
- if something is failing, display the guilty outputs. - Don't spam php's tracker - Failing tests are now triggering an `exit 1` - Fix a test to make it work on every php version (php changed the error message) - `make -j2` on travis
2017-09-25Fix minor coverity issuesjvoisin
2017-09-25Show the line number in case of processing errorjvoisin
2017-09-22Improve a bit the .travis.yml filejvoisin
2017-09-21Add travisjvoisin
2017-09-20fix XFAIL test for include/requireSebastien Blot
2017-09-20Initial importSebastien Blot