From d7b7a0d4e10d7b87b124889821b14e9858ed0a9c Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 4 Mar 2020 19:30:42 +0100 Subject: %s/nbs-system/jvoisin Since I'm the only one to maintain Snuffleupagus, let's adjust the links and contact addresses of my fork, to point to well… my fork. --- doc/source/config.rst | 8 +++---- doc/source/debug.rst | 4 ++-- doc/source/download.rst | 8 +++---- doc/source/faq.rst | 55 +++++++++------------------------------------ doc/source/installation.rst | 4 ++-- 5 files changed, 23 insertions(+), 56 deletions(-) (limited to 'doc/source') diff --git a/doc/source/config.rst b/doc/source/config.rst index 4be8db7..7691f89 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst @@ -199,8 +199,8 @@ argument and various information about it in the environment: This feature can be used, for example, to check if an uploaded file contains php code, using `vld `_, -via `a python script `__, -or `a php one `__. +via `a python script `__, +or `a php one `__. The upload will be **allowed** if the script returns the value ``0``. Every other value will prevent the file from being uploaded. @@ -342,7 +342,7 @@ For clarity, the presence of the ``allow`` or ``drop`` action is **mandatory**. because it'll match the deny first. If you're paranoid, we're providing a `php script -`__ +`__ to automatically generate hash of files containing dangerous functions, and blacklisting them everywhere else. @@ -358,7 +358,7 @@ It's currently not possible to: things like this, odds are that you're doing something wrong anyway. - Hooks on ``echo`` and on ``print`` are equivalent: there is no way to hook one without hooking the other, at least - `for now `__). + `for now `__). This is why hooked ``print`` will be displayed as ``echo`` in the logs. - Hook `strlen`, since in latest PHP versions, this function is usually optimized away by the compiled. diff --git a/doc/source/debug.rst b/doc/source/debug.rst index b339366..b2a1f28 100644 --- a/doc/source/debug.rst +++ b/doc/source/debug.rst @@ -18,7 +18,7 @@ We're using `php qa `__ tests format for our testsuite, it is automatically run when you're building snuffleupagus. If it happens to have unexpected failures (Since we're using `TDD `__ as much -as we can, we do have some expected failures), please do `open an issue `__ +as we can, we do have some expected failures), please do `open an issue `__ on our bugtracker, and attach the generated ``.diff`` and ``.out`` files to it, so we can see what's happening. @@ -27,7 +27,7 @@ Snuffleupagus is crashing While we do our very best to make snuffleupagus solid as possible, we're humans, and computers are hard, so crashes can happen. If you're encountering one in production, -please try to launch the `testsuite `__ +please try to launch the `testsuite `__ to see if it's failing. If it does, please :ref:`tell us `. If the testsuite is passing, odds are that you're encountering an issue tied to your php code, diff --git a/doc/source/download.rst b/doc/source/download.rst index dfe4768..fd61099 100644 --- a/doc/source/download.rst +++ b/doc/source/download.rst @@ -4,20 +4,20 @@ Download Arch Linux ---------- -We're providing a `PKGBUILD `__, +We're providing a `PKGBUILD `__, so you can build a package yourself. Alpine Linux ------------ -We're providing a `APKBUILD `__, +We're providing a `APKBUILD `__, so you can build a package yourself. Debian and Ubuntu ----------------- We're currently not providing a Debian/Ubuntu repository, -but you can grab the latest release on `github `__, +but you can grab the latest release on `github `__, or build your own package by cloning the source code and typing ``make debian``. Fedora @@ -39,4 +39,4 @@ We're currently using *github* as public code repository. :: - git clone https://github.com/nbs-system/snuffleupagus + git clone https://github.com/jvoisin/snuffleupagus diff --git a/doc/source/faq.rst b/doc/source/faq.rst index 4974c70..285f0c8 100644 --- a/doc/source/faq.rst +++ b/doc/source/faq.rst @@ -46,6 +46,8 @@ with a strong focus on security. We do have several layers of hardening `IDS `_, etc), but we had nothing for PHP7. +Nowadays, Snuffleupagus is maintained by Julien (jvoisin) Voisin. + Why not Suhosin? """""""""""""""" @@ -70,7 +72,8 @@ What license is Snuffleupagus released under and why? """"""""""""""""""""""""""""""""""""""""""""""""""""" Snuffleupagus is licensed under the `LGPL `_ -and is developed by the fine people from `NBS System `__. +was developed by the fine people from `NBS System `__, +and is maintained by Julien (jvoisin) Voisin. We chose the LGPL because we don't care that much how you're using Snuffleupagus, but we'd like to force people to make their improvements/contributions @@ -171,7 +174,7 @@ By checking the logs; Snuffleupagus systematically prefix them with ``[snuffleup Does Snuffleupagus run on Windows? """""""""""""""""""""""""""""""""" -No idea, feel free to `try `_. +No idea, feel free to `try `_. Does Snuggleupagus run on `HHVM `_? @@ -204,46 +207,13 @@ discuss potential impact of the vulnerability, reference applicable patches or workarounds, and credit the discoverer. -Please send it us a mail to the ``security`` user, -on ``nbs-system.com``, using the gpg key -``498C46FF087EDC36E7EAF9D445414A82A9B22D78``: - -:: - - -----BEGIN PGP PUBLIC KEY BLOCK----- - - mQENBFnKHhoBCADaOa0MKEqRy0h2ohIzczblzkMQCbU9oD1HwJ1VkYnn7TGW2iKi - NISxisExIXpy2Bn/pA27GiV0V/Do3NL6D9r0oOCrGR27muGM0N/dk9UMv7MWw8zv - K8cO+Sa28s0cAv7r2ogUJj5YOo8D4wHEpE8424TE89V9+Qg/SaFCxKoELFP0c7wu - mtsm0PnL65piZ1EB7lQo2gxg+8AV45MD1Y2rREMKUoZE23X+nXKsmEh9BFEPaU5M - 7WQp0NasqeMNoGhwfw9ttVAeLhkEkaTjW1PkNRIb7vrtV9KVb5uKucflfbOnDlzu - tQ9U3tYto0mcSCRchAClfEmoSi/0mKyb5N6ZABEBAAG0NVNlY3VyaXR5IHRlYW0g - b2YgTkJTIFN5c3RlbSA8c2VjdXJpdHlAbmJzLXN5c3RlbS5jb20+iQE3BBMBCAAh - BQJZyh4aAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEEVBSoKpsi14jy0H - /1/XB9THhvmG0ow81sld2Zx8qhnNed8VvYDS6mEjpDWNVPxENwDbnakEjisq1Hrb - 2UQPYCyQ5dekPNFVwQHIGXkX0eb1Ank+4esBJuEpQ2985tgNhJy5ZX+Imb5C8nZC - 90uYSN1UUg559nUsFeElOXSEH6tIXK/TvjsvMYoi2Ukl6lb7PbIU2fjLY9Iqv3QY - 32p8/Bl1fVKWbXOk0HDgJ6zA3Kr56QhZOLBkxjOa2XAnnIE76jZxUJ9qPCwWd1vW - GFxtx1Y+eZriqHiC9CPe6aBWcIHaTXSu1WBbXrFu8/eCWw243Rxm8l9wgA/a7VWq - WBfO45IhJUwh95naRpw8/4a5AQ0EWcoeGgEIAJtzSyyzfn2RX+BsyoRFANUpIgrV - /9eohYQVNqK3AFthmq7Kjmt4+hszF5+0wCFmWwYqGnqk1/dsWmqpkXsJldEn6oPJ - Bng+Dc67Yki2dR3TroAf95UmI08fhyM7TMXp8m46BPRRMzPNwalEeEm49Oclmfxb - JsWWCChWVLWGz2xgPEAv3fPHqus7Rwz/WIl53l/qy1Wf0ewmjRpVEfnEMKBExtBK - 4kRxQ40LzUZ1SfpyGc3nMbswhevT7/klqrdJdCnlu67Y/IfRGxGZuNj1n1Dib3Hx - zTBHo3Y2R3BB93Ix8dkbLaxLqFbOYVdijCgJklqUWhx7btpQ2xnZyzyCMuUAEQEA - AYkBHwQYAQgACQUCWcoeGgIbDAAKCRBFQUqCqbIteFRvB/9u3Mae8n8ELrJKOn+P - PEbWjutObIuTplvY4QcbnNb9dsgsKryamp4CFJsA5XuitPpC31GDMXBZO5/LLOuH - HoMaXFJdic0NToL/3REhu+aZkNIU6S/iaPRNVhkSV4lwQsvncz+nBaiDUJjyfJm2 - kEjVcRTM8yqzcNo/9Gn0ts+XCUqRj7+S1M4Bj3NySoO/w2n+7OLbIAj+wQZcj3Gf - 5QhBYaY4YaFxrJE0IZxyXGHw8xhKR6AN+u4TO7LRCW+cWV/sHWir1MXieJoEG8+R - W/BhrB0Rz5uxOXMoGCCD2TUiHq7zpuHGnYFVmAnHQZaaQxXve4VrcmznxgpV8lpW - mZug - =+eIv - -----END PGP PUBLIC KEY BLOCK----- +Please do send a mail to [Julien (jvoisin) Voisin](https://dustri.org) should +you find a security issue. + I found a bug. How can I report it? """"""""""""""""""""""""""""""""""" -We do have an issue tracker on `Github `_. +We do have an issue tracker on `Github `_. Please make sure to include as much information as possible when reporting your issue, such as your operating system, your version of PHP 7, your version of Snuffleupagus, your logs, the problematic php code, the request, a brief description, … long story short, @@ -255,12 +225,9 @@ it's not that hard. Where can I find even more help? """""""""""""""""""""""""""""""" The :doc:`configuration page ` might be what you're looking for. -If you're adventurous, you can also check the `issue tracker `_ -(make sure to check the `closed issues `_ too). +If you're adventurous, you can also check the `issue tracker `_ +(make sure to check the `closed issues `_ too). -I need professional support for my company. -""""""""""""""""""""""""""""""""""""""""""" -Contact `NBS System `_. Unimplemented mitigations and abandoned ideas --------------------------------------------- diff --git a/doc/source/installation.rst b/doc/source/installation.rst index 74d5d4f..a6b0ff8 100644 --- a/doc/source/installation.rst +++ b/doc/source/installation.rst @@ -1,7 +1,7 @@ Installation ============ -Snuffleupagus is tested against `various PHP 7+ versions `_. +Snuffleupagus is tested against `various PHP 7+ versions `_. Manual installation ------------------- @@ -21,7 +21,7 @@ Quickstart :: - git clone https://github.com/nbs-system/snuffleupagus + git clone https://github.com/jvoisin/snuffleupagus cd snuffleupagus/src phpize ./configure --enable-snuffleupagus -- cgit v1.3