From 7418a0e1e9b02aef8535e33d30cfb8f082680f69 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sun, 1 Oct 2017 21:46:02 +0200
Subject: Fix some typos (courtesy of @sabban) and mention tests in the
 CONTRIBUTING.md file

---
 CONTRIBUTING.md         |  6 +++---
 doc/source/config.rst   | 16 ++++++++--------
 doc/source/features.rst | 10 +++++-----
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index acf7220..623d4ba 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,7 +6,7 @@ First off, thank you for considering contributing to snuffleupagus.
 
 If you've noticed a bug or have a question,
 look at the [faq](https://snuffleupagus.readthedocs.io/faq.html) and
-[search the issue tracker](https://github.com/nbs-system/snuffleupagus/issues) 
+[search the issue tracker](https://github.com/nbs-system/snuffleupagus/issues)
 to see if someone else has already created a ticket. If not, go ahead and
 [make one](https://github.com/nbs-system/snuffleupagus/issues/new)!
 
@@ -25,7 +25,7 @@ git checkout -b 325-kill-sql-injections
 ### 3. Get the test suite running
 
 Just type `make coverage` or `make debug`, the testsuite should be run
-automatically.
+automatically. Please do add tests if you're fixing a bug or adding a new feature.
 
 ### 4. Did you find a bug?
 
@@ -70,7 +70,7 @@ Finally, go to GitHub and [make a Pull Request](https://help.github.com/articles
 Travis CI will run our test suite against all supported PHP versions. We care
 about quality, so your PR won't be merged until all tests pass. It's unlikely,
 but it's possible that your changes pass tests in one PHP version but fail in
-another. In that case, you'll have to setup your development environment 
+another. In that case, you'll have to setup your development environment
 to use the problematic PHP version, and investigate
 what's going on!
 
diff --git a/doc/source/config.rst b/doc/source/config.rst
index 84fc193..25a6b73 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -38,7 +38,7 @@ global_strict
 ^^^^^^^^^^^^^
 `default: disabled`
 
-``global_strict`` will enable the `strict <https://secure.php.net/manual/en/functions.arguments.php#functions.arguments.type-declaration.strict>`_ mode globally, 
+``global_strict`` will enable the `strict <https://secure.php.net/manual/en/functions.arguments.php#functions.arguments.type-declaration.strict>`_ mode globally,
 forcing PHP to throw a `TypeError <https://secure.php.net/manual/en/class.typeerror.php>`_
 exception if an argument type being passed to a function does not match its corresponding declared parameter type.
 
@@ -53,7 +53,7 @@ harden_random
 ^^^^^^^^^^^^^
  * `default: enabled`
  * `more <features.html#weak-prng-via-rand-mt-rand>`__
- 
+
 ``harden_random`` will silently replace the insecure `rand <https://secure.php.net/manual/en/function.rand.php>`_
 and `mt_rand <https://secure.php.net/manual/en/function.mt-rand.php>`_ functions with
 the secure PRNG `random_int <https://secure.php.net/manual/en/function.random-int.php>`_.
@@ -85,7 +85,7 @@ unserialize_hmac
 ^^^^^^^^^^^^^^^^
  * `default: disabled`
  * `more <features.html#unserialize-related-magic>`__
- 
+
 ``unserialize_hmac`` will add integrity check to ``unserialize`` calls, preventing
 abritrary code execution in their context.
 
@@ -101,7 +101,7 @@ auto_cookie_secure
 ^^^^^^^^^^^^^^^^^^
  * `default: disabled`
  * `more <features.html#session-cookie-stealing-via-xss>`__
- 
+
 ``auto_cookie_secure`` will automatically mark cookies as `secure <https://en.wikipedia.org/wiki/HTTP_cookie#Secure_cookie>`_
 when the web page is requested over HTTPS.
 
@@ -116,7 +116,7 @@ cookie_encryption
 ^^^^^^^^^^^^^^^^^
  * `default: disabled`
  * `more <features.html#session-cookie-stealing-via-xss>`__
-   
+
 .. warning::
 
   To use this feature, you **must** set the :ref:`global.secret_key <config_global>` variable.
@@ -151,7 +151,7 @@ upload_validation
  * `default: disabled`
  * `more <features.html#remote-code-execution-via-file-upload>`__
 
-``upload_validation`` will call a given script upon a file upload, with the path 
+``upload_validation`` will call a given script upon a file upload, with the path
 to the file being uploaded as argument, and various information about it in the environment:
 
 * ``SP_FILENAME``: the name of the uploaded file
@@ -192,8 +192,8 @@ Snuffleupagus provides virtual-patching, via the ``disable_functions`` directive
 Admitting you have a call to ``system()`` that lacks proper user-input validation, thus leading to an **RCE**, this might be the right tool.
 
 ::
-   
-  # Allow `id.php` to restrict system() calls to `id`
+
+  # Restrict calls to `system` to `id` in the `id.php` file
   sp.disable_functions.function("system").filename("id.php").param("cmd").value("id").allow();
   sp.disable_functions.function("system").filename("id.php").drop()
 
diff --git a/doc/source/features.rst b/doc/source/features.rst
index bf535e1..fbb2a64 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -3,7 +3,7 @@ Features
 
 Snuffleupagus has a lot of features that can be divided in two main categories: bug-classes
 killers and virtual-patching. The first category provides primitives to kill various
-bug families (like arbitrary code execution via ``unserialize`` for example) or rise the 
+bug families (like arbitrary code execution via ``unserialize`` for example) or rise the
 cost of exploitation, the second one is a highly configurable system to patch functions in php itself.
 
 Bug classes killed or mitigated
@@ -171,7 +171,7 @@ It's worth noting that the PHP documentation contains the following warning:
 
   ``min`` ``max`` range must be within the range ``getrandmax()``. i.e. ``(max - min) <= getrandmax()``.
   Otherwise, ``rand()`` may return poor-quality random numbers.
-  
+
   --- `The PHP documentation about rand <https://secure.php.net/manual/en/function.rand.php>`_
 
 This is of course addressed as well by the ``harden_rand`` feature.
@@ -279,7 +279,7 @@ PHP7 introduced a **strict mode**, in which variables won't be coerced anymore,
 and a `TypeError <https://php.net/manual/en/class.typeerror.php>`_ exception will
 be raised if the types aren't matching.
 `Scalar type declarations <https://secure.php.net/manual/en/migration70.new-features.php#migration70.new-features.scalar-type-declarations>`_
-are optional, but you don't have to used them in your code to benefit from them,
+are optional, but you don't have to use them in your code to benefit from them,
 since every internal function from php has them.
 
 This option provide a switch to globally activate this strict mode,
@@ -307,7 +307,7 @@ and using this feature to lock this up.
 Dumping capabilities
 ^^^^^^^^^^^^^^^^^^^^
 It's possible to apply the ``dump()`` filter to any virtual-patching rule,
-to dump the complete web request, along with the filename and the corresponding 
+to dump the complete web request, along with the filename and the corresponding
 line number. By using the *right* set of restrictive rules (or by using the
 *overly* restrictives ones in ``simulation`` mode), you might be able
 to gather interesting vulnerabilities used against your website.
@@ -332,7 +332,7 @@ or ``is_callable`` with *suspicious* parameters.
 ``chmod`` hardening
 """""""""""""""""""
 
-Some PHP applications are using broad rights when using the ``chmod`` function, 
+Some PHP applications are using broad rights when using the ``chmod`` function,
 like the infamous ``chmod(777)`` command, effectively making the file writable by everyone.
 Snuffleupagus is preventing this kind of behaviour by restricting the parameters
 than can be passer to ``chmod``.
-- 
cgit v1.3