| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-01-11 | Remove some legacy code | jvoisin | |
| 2018-01-10 | Rework the priority of bl/wl in eval | jvoisin | |
| 2018-01-10 | Minor constification | jvoisin | |
| 2018-01-10 | Eval whitelist | jvoisin | |
| Implement whitelist in eval | |||
| 2018-01-08 | Hopefully fix a crash | jvoisin | |
| This should close #115 | |||
| 2018-01-08 | Add a test to see what happens when no configuration file is given | jvoisin | |
| 2018-01-06 | Ignore a test when running the testsuite as root | jvoisin | |
| 2018-01-05 | Fix a bypass in our eval blacklist | jvoisin | |
| 2018-01-04 | Eval blacklist | jvoisin | |
| Add support for eval filtering, only blacklist for now | |||
| 2018-01-04 | Bump a bit the coverage | jvoisin | |
| 2018-01-03 | Handle correctly configuration files with Windows EOL | jvoisin | |
| Thanks to @fr33tux for the bug report ♥ | |||
| 2018-01-03 | Remove some dead code | jvoisin | |
| 2018-01-02 | Remove some useless code in the testsuite | jvoisin | |
| 2017-12-29 | Fix two broken tests | jvoisin | |
| 2017-12-28 | Add two test to prove that we're not prone to old-school bypasses | jvoisin | |
| 2017-12-28 | Bump again the coverage | jvoisin | |
| 2017-12-28 | Clang-format pass | Thibault "bui" Koechlin | |
| - `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h` - Update the documentation accordingly | |||
| 2017-12-28 | Show in the phpinfo() is the config is valid | jvoisin | |
| This should close #39 | |||
| 2017-12-28 | Fix a non-working test | jvoisin | |
| 2017-12-28 | Bump a bit the coverage | jvoisin | |
| 2017-12-28 | re-integrate simulation token for cookies | bui | |
| 2017-12-28 | Implement regexp support for cookies encryption | Thibault "bui" Koechlin | |
| It's now possible to encrypt cookies matching a specific regexp. This should close #106 | |||
| 2017-12-28 | Add two tests to verify that we can hook indirect calls | jvoisin | |
| This should close #104 | |||
| 2017-12-28 | Implement hooking on user-defined functions return values | jvoisin | |
| This should close #99, thanks to @blotus for the implementation idea! | |||
| 2017-12-27 | Implement simulation mode for cookies (de/en)cryption | jvoisin | |
| This should close #102 This commit can be useful for two use-cases: 1. When deploying Snuffleupagus on big CMS like Magento, and not knowing what cookies are modified via javascript. 2. When deploying Snuffleupagus on big websites: you don't want to disconnect every single user at once. When simulation is enabled, if the decryption fails, a log message is now issued, and the cookie value taken as it (since odds are that it's non-encrypted). | |||
| 2017-12-26 | Improve the portability of our ipv6 support | jvoisin | |
| Apparently, the in6_addr can have different fields in its union, making it a bit non-portable. We're solving this via macros. This should close #100, thanks to @fichtner for the report ♥ | |||
| 2017-12-21 | Add coverage | slefevre | |
| 2017-12-21 | Refactor a bit | slefevre | |
| 2017-12-21 | Add test | slefevre | |
| 2017-12-21 | Remove the now useless `validate_str` function | xXx-caillou-xXx | |
| 2017-12-21 | Add test | slefevre | |
| 2017-12-21 | Rename, again, some types | jvoisin | |
| 2017-12-21 | Rename sp_node_t to sp_list_node | jvoisin | |
| Since we now have sp_list and sp_tree, it makes sense to specify that nodes are only for lists. | |||
| 2017-12-21 | Add some tests (#96) | xXx-caillou-xXx | |
| 2017-12-21 | Re-indent a bit a function | jvoisin | |
| 2017-12-21 | Add a constant-related test | jvoisin | |
| 2017-12-21 | Minor code cleanup | xXx-caillou-xXx | |
| 2017-12-20 | Refactor a bit the sp_tree implementation | xXx-caillou-xXx | |
| 2017-12-20 | Better parsing of the rules | xXx-caillou-xXx | |
| Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules. | |||
| 2017-12-20 | Improve the previous commit | xXx-caillou-xXx | |
| We can simply use the return value of the original `setcookie` :> | |||
| 2017-12-20 | Make `setcookie` return true | xXx-caillou-xXx | |
| We forgot to set a return value to the setcookie function, thus always returning false. Since very few frameworks/developers are checking the return value, it went unnoticed until we played with Magento, who effectively checks the return value. | |||
| 2017-12-19 | Fix a segfault related to cookies | xXx-caillou-xXx | |
| Apparently, PHP doesn't like when you're trying to save some memory when you're playing with strings. | |||
| 2017-12-19 | Rework a bit the order of operation | jvoisin | |
| - There is no need to generate the key if the cookie has no value - There is no need to generate the key if the cookie length is invalid - Use yoda condition | |||
| 2017-12-19 | remove useless var | slefevre | |
| 2017-12-19 | fix double decoding | slefevre | |
| 2017-12-18 | Fix cookie encryption | xXx-caillou-xXx | |
| Previously, when a cookie was set with the `httpOnly` flag, it was automatically encrypted, due to a logic flaw. This is now fixed and tested. | |||
| 2017-12-06 | Vastly simplify the dumping of zval in `.dump` | jvoisin | |
| 2017-12-06 | Fix a format string, thanks to coverity | jvoisin | |
| 2017-12-05 | Dump environnement variables (#83) | jvoisin | |
| Apparently, PHP thinks that it's a great idea to type environnement variables, because why not. | |||
| 2017-12-05 | Add two failing tests | jvoisin | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |