| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-03-12 | Bump the changelogv0.2.2 | jvoisin | |
| 2018-03-09 | Add an unit test for an edge-case | jvoisin | |
| 2018-03-08 | Make travis happy. | jvoisin | |
| 2018-03-08 | Minor code simplification | jvoisin | |
| 2018-03-08 | Remove some duplicate code | jvoisin | |
| 2018-03-08 | Marginally improve the performances when dealing with eval | jvoisin | |
| 2018-03-06 | Bump a bit the coverage | jvoisin | |
| 2018-03-06 | Fix a variadic-functions-related crash | jvoisin | |
| Currently, we're not supporting virtual-patching on variadic functions. The commit makes it clear, and fix the related crash. This should close #157 | |||
| 2018-03-05 | Improve performances by a significant factor | jvoisin | |
| Only check if a function should be disabled when we're after a `*CALL` opcode, end not on every single opcode. Based on @blotus ideas ♥ | |||
| 2018-03-05 | Improve a bit the performances (+10%) | jvoisin | |
| 2018-03-02 | Add .dump() for eval whitelist/blacklist + simulation mode for whitelist | kkadosh | |
| 2018-03-02 | Implement dump() for execution of writable PHP files | kkadosh | |
| 2018-03-02 | Fix a warning due to an unexported symbol | jvoisin | |
| 2018-03-02 | Add some rules for Typo3, courtesy of @kjojo | jvoisin | |
| 2018-02-27 | Implements .dump() for unserialize and fix some related tests | kkadosh | |
| 2018-02-27 | Improve the Readme file | jvoisin | |
| 2018-02-22 | php-nightly is now allowed to fail | jvoisin | |
| PHP is breaking too many things on nightly, we'll only support releases from now on. This should also make our vld-based file-upload checker more resilient: no more random warnings on stderr. | |||
| 2018-02-22 | Refactor a bit our rules | jvoisin | |
| 2018-02-12 | Provide a script for upload validation | jvoisin | |
| The Python script is using vld (https://derickrethans.nl/projects.html#vld) to check for malicious opcodes. | |||
| 2018-02-09 | Add a broken test :'( | jvoisin | |
| 2018-02-07 | Add an example rule from the rips calendar for abantecart's XSS | kjojo | |
| 2018-02-07 | Use assertions for things that should never happen | jvoisin | |
| 2018-02-07 | Bump the changelogv0.2.1 | jvoisin | |
| 2018-02-06 | Increase a bit the coverage | jvoisin | |
| 2018-02-06 | Add a test to make sure that arrays are correctly handled | jvoisin | |
| 2018-02-06 | Make our API consistent | jvoisin | |
| 2018-02-06 | Add a test to check regexps | jvoisin | |
| 2018-02-05 | Massive simplification of functions hooking | jvoisin | |
| 2018-02-05 | Compatibility layer for pcre2 | jvoisin | |
| This should close #129 | |||
| 2018-02-05 | Fix a oncst-related warning | jvoisin | |
| 2018-01-26 | Fix a segfault in `get_local_var` (#138) | Thibault "bui" Koechlin | |
| This commit fixes a segfault where 'get_local_var' would fail if no functions where called yet (`symtable` will be NULL) | |||
| 2018-01-26 | Replace two `goto` with `break` instead. | jvoisin | |
| 2018-01-22 | switch to commonly used version schema (#136) | Remi Collet | |
| * switch to commonly used version schema * update release process | |||
| 2018-01-19 | Fix a possible double-execute | jvoisin | |
| Some extensions might hook `zend_execute_internal` for various reason, although few are doing it. We're not supposed to call the original function in our hook if someone else is hooking it. Thanks to @remicollet for the bug report and troubleshooting | |||
| 2018-01-19 | The testsuite is now successfully running under the root user | jvoisin | |
| This closes #131 | |||
| 2018-01-18 | Improve a bit our portability wrt. windows | jvoisin | |
| Thanks to @remicollet for the tip | |||
| 2018-01-18 | Remove src from patch | Remi Collet | |
| As in pr #126 | |||
| 2018-01-18 | Bump the changelog | jvoisin | |
| 2018-01-18 | Simplify the previous commit | jvoisin | |
| 2018-01-18 | Clean up a bit the glob code | jvoisin | |
| 2018-01-18 | Minor code improvements in sp_execute.c | jvoisin | |
| 2018-01-18 | add missing globfree() | Sebastien Blot | |
| 2018-01-18 | Add globbing support for configuration file path (closes #125) | Sebastien Blot | |
| 2018-01-18 | Improve the way we're dealing with filtering on parameter positions | jvoisin | |
| This should close #127 | |||
| 2018-01-17 | Bump a bit the coverage | jvoisin | |
| 2018-01-17 | Remove useless "head" member in our linked lists implementation | simon MAGNIN-FEYSOT | |
| This should close #85 | |||
| 2018-01-17 | Fix a minor warning | jvoisin | |
| 2018-01-17 | remove src from path (#126) | Remi Collet | |
| 2018-01-17 | Bump a bit our coverage | jvoisin | |
| 2018-01-17 | Our configuration files are ending in .rules, not .ini | jvoisin | |
| This commit fixes the documentation, our shipped configuration files, and the related tests. Thanks to @remicollet for the tip | |||
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |