From 7963580d72a358975133f86f01de2d2eab08ba38 Mon Sep 17 00:00:00 2001
From: xXx-caillou-xXx
Date: Fri, 13 Jul 2018 10:36:50 +0200
Subject: Massively optimize how rules are handled

This commit does a lot of things:

- Use hashtables instead of lists to store the rules
- Rules that can be applied at launch time won't be tried at runtime
- Improve feedback when writing nonsensical rules
- Make intensive use of `zend_string` instead of `char*`---
 config/default.rules | 50 ++++++++++++++++++++++++++------------------------
 1 file changed, 26 insertions(+), 24 deletions(-)

(limited to 'config/default.rules')

diff --git a/config/default.rules b/config/default.rules
index fb53708..4e6a27f 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -35,35 +35,37 @@ sp.disable_function.function("ini_get").param("var_name").value_r("(?:allow_url_
 sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop();
 sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
 
+# Commenting sqli related stuff to improve performance.
+# TODO figure out why these functions can't be hooked at startup
 # Ghetto sqli hardening
-sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop();
-sp.disable_function.function("mysql_query").param("query").value_r("--").drop();
-sp.disable_function.function("mysql_query").param("query").value_r("#").drop();
-sp.disable_function.function("mysql_query").param("query").value_r(";.*;").drop();
-sp.disable_function.function("mysql_query").param("query").value_r("benchmark").drop();
-sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop();
-sp.disable_function.function("mysql_query").param("query").value_r("information_schema").drop();
+# sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop();
+# sp.disable_function.function("mysql_query").param("query").value_r("--").drop();
+# sp.disable_function.function("mysql_query").param("query").value_r("#").drop();
+# sp.disable_function.function("mysql_query").param("query").value_r(";.*;").drop();
+# sp.disable_function.function("mysql_query").param("query").value_r("benchmark").drop();
+# sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop();
+# sp.disable_function.function("mysql_query").param("query").value_r("information_schema").drop();
 
-sp.disable_function.function("mysqli_query").param("query").value_r("/\\*").drop();
-sp.disable_function.function("mysqli_query").param("query").value_r("--").drop();
-sp.disable_function.function("mysqli_query").param("query").value_r("#").drop();
-sp.disable_function.function("mysqli_query").param("query").value_r(";.*;").drop();
-sp.disable_function.function("mysqli_query").param("query").value_r("benchmark").drop();
-sp.disable_function.function("mysqli_query").param("query").value_r("sleep").drop();
-sp.disable_function.function("mysqli_query").param("query").value_r("information_schema").drop();
+# sp.disable_function.function("mysqli_query").param("query").value_r("/\\*").drop();
+# sp.disable_function.function("mysqli_query").param("query").value_r("--").drop();
+# sp.disable_function.function("mysqli_query").param("query").value_r("#").drop();
+# sp.disable_function.function("mysqli_query").param("query").value_r(";.*;").drop();
+# sp.disable_function.function("mysqli_query").param("query").value_r("benchmark").drop();
+# sp.disable_function.function("mysqli_query").param("query").value_r("sleep").drop();
+# sp.disable_function.function("mysqli_query").param("query").value_r("information_schema").drop();
 
-sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
-sp.disable_function.function("PDO::query").param("query").value_r("--").drop();
-sp.disable_function.function("PDO::query").param("query").value_r("#").drop();
-sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop();
-sp.disable_function.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();
-sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();
-sp.disable_function.function("PDO::query").param("query").value_r("information_schema").drop();
+# sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
+# sp.disable_function.function("PDO::query").param("query").value_r("--").drop();
+# sp.disable_function.function("PDO::query").param("query").value_r("#").drop();
+# sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop();
+# sp.disable_function.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();
+# sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();
+# sp.disable_function.function("PDO::query").param("query").value_r("information_schema").drop();
 
 # Ghetto sqli detection
-sp.disable_function.function("mysql_query").ret("FALSE").drop();
-sp.disable_function.function("mysqli_query").ret("FALSE").drop();
-sp.disable_function.function("PDO::query").ret("FALSE").drop();
+# sp.disable_function.function("mysql_query").ret("FALSE").drop();
+# sp.disable_function.function("mysqli_query").ret("FALSE").drop();
+# sp.disable_function.function("PDO::query").ret("FALSE").drop();
 
 #File upload
 sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
-- 
cgit v1.3