summaryrefslogtreecommitdiff
path: root/src (follow)
AgeCommit message (Collapse)Author
2017-12-04Improve the `.dump` filterjvoisin
2017-12-04Fix the configuration parser wrt. non-matching bracketsjvoisin
This validation step is a bit idiotic, but we'll replace it with a proper parser anyway.
2017-12-01Add a test that used to segfaultjvoisin
2017-12-01Fail sooner when not able to create the folder to dumpjvoisin
2017-12-01Vastly simplify the dumping processjvoisin
2017-11-30Minor refactoring and clarificationjvoisin
2017-11-29Code formatting pass on harden-randjvoisin
2017-11-29Add new testsjvoisin
2017-11-29Hide an enum definitionjvoisin
2017-11-29Code-formatting passjvoisin
2017-11-29Add a comment, and improve a bit the performances wrt. vpatchjvoisin
Move the cheapest tests above the expensive ones
2017-11-29Refactoring (#79)jvoisin
Refactoring of should_disable().
2017-11-29Add yet an other testjvoisin
2017-11-29Add even MOAR testsjvoisin
2017-11-29Add a test for `include`jvoisin
2017-11-29Fix segfault in should_drop_on_ret xXx-caillou-xXx
This commit is almost the same than 8df77884f38e7a7334b56aafe2f441567f175af8
2017-11-29Implement eval hookingjvoisin
It's not possible to hook the `eval` builtin like other functions.
2017-11-29Fix segfault in sp_disabled_functions.cxXx-caillou-xXx
There was an off-by-one in `should_disable`, effectively smashing the last byte of the stack canary. This was discovered while building the package for Alpine Linux. Kudos to their hardened toolchain!
2017-11-27Improve our nonce's randomnessjvoisin
2017-11-27Initialize some possibly uninitialized variablesjvoisin
Thanks to coverity
2017-11-24Fix harden_rand (#72)jvoisin
This one was tricky. It was a great half-hour of joy, full of macros, ctags, gdb, radare2, tears, hardcoded `int3`, … to finally find that php calls `return` when it fails to parse some parameters for various reasons, even if everything goes fine. This must be a better way to do this, but this is good enough™ for now. This closes #66
2017-11-24Implement anti csrf measuresxXx-caillou-xXx
This is done by using the "samesite" cookie attribute.
2017-11-13Fix a silly warningjvoisin
2017-11-06Add a failing testjvoisin
2017-11-0653 absolute path (#62)jvoisin
* Add error for relative path
2017-10-31Add a test to match on arrayjvoisin
2017-10-31Minor factorization of the keyword parsing codejvoisin
2017-10-31Unify two struct members related to virtual-patchingxXx-caillou-xXx
This should close #65
2017-10-31Minor factorizationjvoisin
2017-10-31Remove an unused variablejvoisin
2017-10-31Merge pull request #60 from nbs-system/fix_off_by_oneThibault "bui" Koechlin
Fix a silly and useless off-by-one
2017-10-30Fix a silly TOCTOU to make coverity happyjvoisin
2017-10-30Minor code cleanupjvoisin
2017-10-30Fix the segfault?jvoisin
2017-10-30Bump coverage and simplify some codejvoisin
2017-10-30Merge pull request #54 from arpd/43-free-at-shutdownblotus
43 free at shutdown
2017-10-30Fix a silly and useless off-by-onejvoisin
2017-10-27Bump the coveragejvoisin
2017-10-27Improve a bit the coverage wrt. broken configurationsjvoisin
2017-10-26Free additionally allocated `sp_list` instancesBen Foster
References #43.
2017-10-26Renames `sp_new_list` -> `sp_list_new`Ben Foster
To be consistent with the rest of the `sp_list` functions.
2017-10-26Free `config_disabled_constructs`Ben Foster
In reference to #43.
2017-10-26Remove an arbitrary limitationjvoisin
2017-10-25.drop() is now bailoutjvoisin
Courtesy of @buixor
2017-10-25Make the testsuite a bit more robustjvoisin
2017-10-24Bump coverage ♥jvoisin
2017-10-24Remove the `enable` member from the disable function structurejvoisin
Also add some more tests
2017-10-23Add a test for unmatched bracketsjvoisin
2017-10-23Add some tests for upload validation and fix a related typojvoisin
2017-10-23Add a test for non-existent configuration filejvoisin