| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-10-23 | Implement the .line filter | jvoisin | |
| Close #48 | |||
| 2017-10-22 | Add a testcase, bumping the coverage | jvoisin | |
| 2017-10-22 | Improve an error message | jvoisin | |
| 2017-10-20 | Add a test to demonstrate the behaviour wrt. call_user_func | jvoisin | |
| 2017-10-20 | Add support for multiple files in sp.configuration_file directive | blotus | |
| This should close (#45 | |||
| 2017-10-18 | `.pos` is mutuaally exclusive with .param and .paran_r | jvoisin | |
| 2017-10-18 | Fix the tests | jvoisin | |
| 2017-10-18 | Add some debug | jvoisin | |
| 2017-10-18 | Fix a possible mistake | jvoisin | |
| 2017-10-18 | Improve the strtol dance | jvoisin | |
| 2017-10-18 | extra tests | bui | |
| 2017-10-18 | strtol dance | bui | |
| 2017-10-18 | do the strtol dance to make jvoisin happy | bui | |
| 2017-10-18 | Implement match on arguments position | jvoisin | |
| 2017-10-18 | .drop() is not a `nop` anymore | Thibault "bui" Koechlin | |
| `.drop()` is now baillout out, instead of nop'ing the call. This closes #13 | |||
| 2017-10-17 | Use assert instead of sp_log_err for something that shouldn't happen | jvoisin | |
| 2017-10-17 | Add an expected failure for `eval` hooking | jvoisin | |
| 2017-10-13 | Add more data to `phpinfo()` | jvoisin | |
| - The version - The git commit | |||
| 2017-10-13 | Rename a confusing structure member | jvoisin | |
| `regexp` is more confusing than `value_r` | |||
| 2017-10-13 | Maybe this will address #35 | jvoisin | |
| - We shouldn't assume that people are only using regexps - Make an internal function a bit more obvious | |||
| 2017-10-13 | Improve the doc wrt. the Debian package | jvoisin | |
| - Fix two minor warnings - Improve the documentation | |||
| 2017-10-13 | Partially revert d8ac163 because php. | jvoisin | |
| 2017-10-13 | Show some data in the phpinfo(); | jvoisin | |
| 2017-10-13 | Fix some pedantic warnings | jvoisin | |
| 2017-10-13 | Add some debug to the harden-rand tests, just in caseā¢ | jvoisin | |
| 2017-10-13 | Fix the size of the output vector in our usage of pcre | jvoisin | |
| 2017-10-12 | Minor refactoring | jvoisin | |
| - use the `is_regexp_matching` function when possible - check parameters before passing it to `pcre_exec` - improve error messages wrt. regexp | |||
| 2017-10-12 | Fix minor gcc warnings with experimental options | jvoisin | |
| `CFLAGS='-Wnull-dereference -Wlogical-op -Wshadow -Wjump-misses-init' make clean coverage` | |||
| 2017-10-11 | Hopefully fix an unreproductible NULL-deref in regexp matching | jvoisin | |
| Reported by @fr33tux | |||
| 2017-10-11 | Add some more debug to the regexp thingy | jvoisin | |
| 2017-10-11 | Cheat a bit with the coverage | jvoisin | |
| 2017-10-11 | Cache checksum calculation for the current file | jvoisin | |
| Close #34 | |||
| 2017-10-11 | s/disable_functions/disable_function/g | jvoisin | |
| This should close #36 and #30 | |||
| 2017-10-11 | Add some info when a regexp fails | jvoisin | |
| 2017-10-10 | .allow() is now working for require | jvoisin | |
| 2017-10-10 | Bump coverage, and fix a segfault on trace matching | jvoisin | |
| 2017-10-10 | Increase a bit the coverage | jvoisin | |
| 2017-10-10 | Remove a useless ile for now | jvoisin | |
| This should close #31 | |||
| 2017-10-10 | Make the `simulation` mode logs more obvious | jvoisin | |
| 2017-10-09 | Better hooking of language constructs (#26) | jvoisin | |
| * Vastly improve the support of language construct hooking | |||
| 2017-10-09 | Implement matching on the calltrace (#17) | jvoisin | |
| * Implement matching on the calltrace | |||
| 2017-10-05 | Use clang on travis-ci (#23) | jvoisin | |
| 2017-10-05 | Use PHP's entropy generation primitive, instead of a ghetto one (#24) | jvoisin | |
| 2017-10-03 | Add a test for functions used in UPPERCASE | jvoisin | |
| 2017-10-02 | Add a warning if the env var is NULL | jvoisin | |
| 2017-10-02 | First pass for #9 | jvoisin | |
| 2017-09-29 | Fix two cookie encryption issues found by @cfreal, and a bonus one (#18) | jvoisin | |
| * Fix a cookie encryption issue found by @cfreal - Use the base64-decoded payload length to allocate memory to decrypt it, instead of allocating the length of the undecoded one. This has no security impact, since the base64-encoded string is at least as large as the decoded one. Since we're using AEAD, there is no way to leak memory, since this would make the decryption fail. | |||
| 2017-09-26 | Implement, test and document namespace support | jvoisin | |
| 2017-09-26 | Simplify and improve the build system | jvoisin | |
| - CFLAGS are now set in the config.m4 file (and not in the Makefile anymore) - `make release` is added - `make debug` and `make coverage` are now simpler - hardening flags are added | |||
| 2017-09-26 | Merge pull request #8 from nbs-system/fix_local_xxe | blotus | |
| Fix XXE test when running without XML support | |||
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |