summaryrefslogtreecommitdiff
path: root/src (follow)
AgeCommit message (Collapse)Author
2018-08-31Bump the changelogv0.4.0jvoisin
2018-08-30Minor code cleanupxXx-caillou-xXx
2018-08-30Change how we're handling invalid configurationsxXx-caillou-xXx
Since our configuration format is a bit more complex than php's one, we have a `sp.allow_broken_configuration` parameter (`false` by default), that you can set to `true` if you want PHP to carry on if your Snuffleupagus' configuration contains syntax errors. You'll still get a big scary message in your logs of course. We do **not** recommend to use it of course, but sometimes it might be useful to be able to "debug in production" without breaking your website.
2018-08-30Match on ret improvementsxXx-caillou-xXx
This commit does two things: - Implement matching on calltraces for ret - Implement matching on ret of user functions if the return value is not used.
2018-08-29Change how we're validating certificatesxXx-caillou-xXx
2018-08-29Remove the GLOB_BRACE flagAntoine Tenart
When calling glob() to get the configuration file location, the GLOB_BRACE flag is used. This flag enables the parsing of '{a,b}', so that '/path/{a,b}' represents '/path/a' and '/path/b'. Looking at Snuffleupagus' documentation I saw nowhere this kind of path was supported. Instead the documentation shows that glob() is used for paths with wildcards. The use of GLOB_BRACE is problematic as it is glibc specific and is not supported by some other C libraries, such as Musl. Snuffleupagus cannot be used in Apline for this reason. Since the documentation does not give a valid usage of GLOB_BRACE this patch removes it, which fixes the non-glibc support. Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
2018-08-29Verify certs (#223)jvoisin
Ensure that certificates are verified in curl should close #47
2018-08-28Fix some compilation warningsxXx-caillou-xXx
2018-08-28Fix a SIGSEGV on user-created function's return valuexXx-caillou-xXx
2018-08-28Add array_search and array_keys hooks to kill sloppy comparisonsxXx-caillou-xXx
2018-08-28Add a test for invalid regexp in cookie-related featuresxXx-caillou-xXx
This should close #105
2018-08-28Use php's logging functionsxXx-caillou-xXx
This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217
2018-08-28Add a test for sloppy-comparisons in arraysjvoisin
2018-08-27Enable strict mode for `in_array` with sloppy_comparisonxXx-caillou-xXx
2018-08-27Use php_setcookie function (PHP public API)Remi Collet
This commit vastly simplifies the code of cookies-fiddling mechanisms.
2018-08-27Add whitelist support for php's wrappersxXx-caillou-xXx
2018-08-27Modify test for callback functionsxXx-caillou-xXx
close #171
2018-08-20Add test for params matchingxXx-caillou-xXx
2018-08-20Bump the changlogv0.3.1hamza (hes) ES SAHELY
2018-08-20Fix two minor issuesxXx-caillou-xXx
- Fix an infinite loop on `echo` hook - Use the correct function to compare filenames internally
2018-08-09Fix yet an other hang/crashjvoisin
There are valid reasons for `orig_zend_execute_internal` to be `NULL`, we we're not checking if it is, well, `NULL`.
2018-08-09Fix a typo in the previous commitsjvoisin
2018-08-09Yet an other crash/hang fixjvoisin
Like the two previous commits
2018-08-09Fix a possible crash/hang in floppy-comparisonjvoisin
This is in the same spirit than the previous commit
2018-08-09Fix a crash/hang when using fpm's poolsjvoisin
We might have ended up in infinite loops when using php-fpm, if several different process hooked some functions twice. Thanks to @sriccio for reporting the issue
2018-08-02fix #203 (#204)crKontrol
sp.disable_function.function().filename doesn't take phar:///
2018-07-24Remove two useless filesjvoisin
2018-07-19Fix the issue with rand hardeningxXx-caillou-xXx
2018-07-19Bump the changelogkka
2018-07-18Remove an useless check in session handlingkka
2018-07-16Yet an other clang-format passjvoisin
2018-07-13Yet an other pass of clang-formatjvoisin
2018-07-13Fix an invalid readxXx-caillou-xXx
2018-07-13Skip VLD for php7.3, as VLD is not compatible yet.xXx-caillou-xXx
2018-07-13Reduce call to get_complete_function_pathxXx-caillou-xXx
2018-07-13Fix various possible integer overflowsxXx-caillou-xXx
2018-07-13Fix hooking on `print`xXx-caillou-xXx
2018-07-13Allow rules matching on echo and printxXx-caillou-xXx
2018-07-13Massively optimize how rules are handledxXx-caillou-xXx
This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
2018-07-10Fix #183 (#185)Remi Collet
* relax test to pass with 7.3 * skip test with 7.3 as samesite is broken + add TODO
2018-07-09Trying to fix sloppy comparison (#186)jvoisin
* Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode
2018-06-28Better handling of filters for builtinskkadosh
2018-05-29Support session encryptionkkadosh
Implement session encryption.
2018-05-16Don't run some tests on `-dev` php versionsjvoisin
2018-05-16Improve the testsuite's robustness against php7.2jvoisin
2018-05-15Refactor the encryption process to extract encrypt/decrypt functions (#176)kkadosh
Refactor the encryption process to extract encrypt/decrypt functions
2018-05-03Uniformise some logssimon MAGNIN-FEYSOT
This commit will make certain logs easier to parse.
2018-03-19The filename filter is now matching on callsite instead of implemsite (#167)kkadosh
* Add match on the file where the function is called * Add the test * Constify some params * Fix potentiel null deref * Return more before if execute_data is NULL
2018-03-19Add a failing test for callback function as parameterkkadosh
2018-03-19Increase random number max for testkka