From 38cbef5edfde42ee76c08eaac9f149744eae884b Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 20 Jun 2020 12:42:02 +0200 Subject: Bump the changelog --- src/php_snuffleupagus.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/php_snuffleupagus.h') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 5a02e93..b42c300 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -1,7 +1,7 @@ #ifndef PHP_SNUFFLEUPAGUS_H #define PHP_SNUFFLEUPAGUS_H -#define PHP_SNUFFLEUPAGUS_VERSION "0.5.0" +#define PHP_SNUFFLEUPAGUS_VERSION "0.5.1" #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus" #define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System" #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" -- cgit v1.3 From f3360c4de72b6735bc5f5873dd671c2e56292ce6 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 7 Aug 2020 16:09:36 +0200 Subject: Move an include --- src/php_snuffleupagus.h | 4 ++++ src/snuffleupagus.c | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src/php_snuffleupagus.h') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index b42c300..0849d36 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -7,6 +7,10 @@ #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" #define PHP_SNUFFLEUPAGUS_COPYRIGHT "LGPLv2" +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include #include diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index ff2d2b6..d62069c 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -4,10 +4,6 @@ #include #endif -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - #include "php_snuffleupagus.h" #ifndef ZEND_EXT_API -- cgit v1.3 From a0d21a189cf04bb963dce93dcbd0bd9694584a0b Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 12 Aug 2020 08:48:59 +0000 Subject: Allow empty configuration (#342) This commit allows php to run (with a warning) if there is no specified snuffleupagus configuration, instead of refusing to start.--- src/php_snuffleupagus.h | 6 +++- src/snuffleupagus.c | 34 ++++++++++++++------ src/sp_crypt.c | 4 +-- src/sp_disabled_functions.c | 8 ++--- src/sp_execute.c | 5 +-- src/sp_upload_validation.c | 13 ++++---- src/sp_utils.c | 36 ++++++++++++---------- .../broken_conf_no_file_specified.phpt | 4 +-- src/tests/loading.phpt | 4 +-- 9 files changed, 69 insertions(+), 45 deletions(-) (limited to 'src/php_snuffleupagus.h') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 0849d36..6b0e210 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -62,6 +62,10 @@ typedef void (*zif_handler)(INTERNAL_FUNCTION_PARAMETERS); #define TSRMLS_C #endif +#define SP_CONFIG_VALID 1 +#define SP_CONFIG_INVALID 0 +#define SP_CONFIG_NONE -1 + #include "sp_pcre_compat.h" #include "sp_list.h" #include "sp_tree.h" @@ -101,7 +105,7 @@ extern zend_module_entry snuffleupagus_module_entry; ZEND_BEGIN_MODULE_GLOBALS(snuffleupagus) size_t in_eval; sp_config config; -bool is_config_valid; +int is_config_valid; // 1 = valid, 0 = invalid, -1 = none bool allow_broken_configuration; HashTable *disabled_functions_hook; HashTable *sp_internal_functions_hook; diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index d62069c..7c69150 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -68,6 +68,7 @@ ZEND_DLEXPORT zend_extension zend_extension_entry = { STANDARD_ZEND_EXTENSION_PROPERTIES}; PHP_GINIT_FUNCTION(snuffleupagus) { + snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; snuffleupagus_globals->in_eval = 0; #define SP_INIT_HT(F) snuffleupagus_globals->F = \ @@ -186,8 +187,12 @@ PHP_RINIT_FUNCTION(snuffleupagus) { ZEND_TSRMLS_CACHE_UPDATE(); #endif - if (!SNUFFLEUPAGUS_G(allow_broken_configuration) && !SNUFFLEUPAGUS_G(is_config_valid)) { - sp_log_err("config", "Invalid configuration file"); + if (!SNUFFLEUPAGUS_G(allow_broken_configuration)) { + if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_INVALID ) { + sp_log_err("config", "Invalid configuration file"); + } else if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_NONE) { + sp_log_warn("config", "No configuration specificed via sp.configuration_file"); + } } // We need to disable wrappers loaded by extensions loaded after SNUFFLEUPAGUS. @@ -209,12 +214,23 @@ PHP_RINIT_FUNCTION(snuffleupagus) { PHP_RSHUTDOWN_FUNCTION(snuffleupagus) { return SUCCESS; } PHP_MINFO_FUNCTION(snuffleupagus) { + const char *valid_config; + switch(SNUFFLEUPAGUS_G(is_config_valid)) { + case SP_CONFIG_VALID: + valid_config = "yes"; + break; + case SP_CONFIG_INVALID: + valid_config = "invalid"; + break; + case SP_CONFIG_NONE: + default: + valid_config = "no"; + } php_info_print_table_start(); - php_info_print_table_row(2, "snuffleupagus support", "enabled"); + php_info_print_table_row(2, "snuffleupagus support", + SNUFFLEUPAGUS_G(is_config_valid)?"enabled":"disabled"); php_info_print_table_row(2, "Version", PHP_SNUFFLEUPAGUS_VERSION); - php_info_print_table_row( - 2, "Valid config", - (SNUFFLEUPAGUS_G(is_config_valid) == true) ? "yes" : "no"); + php_info_print_table_row( 2, "Valid config", valid_config); php_info_print_table_end(); DISPLAY_INI_ENTRIES(); } @@ -234,14 +250,14 @@ static PHP_INI_MH(OnUpdateConfiguration) { int ret = glob(config_file, GLOB_NOCHECK, NULL, &globbuf); if (ret != 0) { - SNUFFLEUPAGUS_G(is_config_valid) = false; + SNUFFLEUPAGUS_G(is_config_valid) = SP_CONFIG_INVALID; globfree(&globbuf); return FAILURE; } for (size_t i = 0; globbuf.gl_pathv[i]; i++) { if (sp_parse_config(globbuf.gl_pathv[i]) != SUCCESS) { - SNUFFLEUPAGUS_G(is_config_valid) = false; + SNUFFLEUPAGUS_G(is_config_valid) = SP_CONFIG_INVALID; globfree(&globbuf); return FAILURE; } @@ -249,7 +265,7 @@ static PHP_INI_MH(OnUpdateConfiguration) { globfree(&globbuf); } - SNUFFLEUPAGUS_G(is_config_valid) = true; + SNUFFLEUPAGUS_G(is_config_valid) = SP_CONFIG_VALID; if ((SNUFFLEUPAGUS_G(config).config_sloppy->enable)) { hook_sloppy(); diff --git a/src/sp_crypt.c b/src/sp_crypt.c index b353ebe..c57ac0b 100644 --- a/src/sp_crypt.c +++ b/src/sp_crypt.c @@ -108,8 +108,8 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { return ZEND_HASH_APPLY_KEEP; } else { sp_log_warn("cookie_encryption", - "Something went wrong with the decryption of %s", - hash_key ? ZSTR_VAL(hash_key->key) : "the session"); + "Something went wrong with the decryption of %s", + hash_key ? ZSTR_VAL(hash_key->key) : "the session"); efree(backup); return ZEND_HASH_APPLY_REMOVE; } diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index a7136df..7be1c34 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -575,12 +575,12 @@ ZEND_FUNCTION(eval_blacklist_callback) { } if (config_eval->simulation) { sp_log_simulation("eval", - "A call to %s was tried in eval, in %s:%d, logging it.", - current_function_name, ZSTR_VAL(filename), line_number); + "A call to %s was tried in eval, in %s:%d, logging it.", + current_function_name, ZSTR_VAL(filename), line_number); } else { sp_log_drop("eval", - "A call to %s was tried in eval, in %s:%d, dropping it.", - current_function_name, ZSTR_VAL(filename), line_number); + "A call to %s was tried in eval, in %s:%d, dropping it.", + current_function_name, ZSTR_VAL(filename), line_number); } efree(filename); } diff --git a/src/sp_execute.c b/src/sp_execute.c index 73cc560..140e227 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -19,10 +19,11 @@ ZEND_COLD static inline void terminate_if_writable(const char *filename) { } if (true == config_ro_exec->simulation) { sp_log_simulation("readonly_exec", - "Attempted execution of a writable file (%s).", filename); + "Attempted execution of a writable file (%s).", + filename); } else { sp_log_drop("readonly_exec", - "Attempted execution of a writable file (%s).", filename); + "Attempted execution of a writable file (%s).", filename); zend_bailout(); } } else { diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c index 4ee7bd7..f3ae311 100644 --- a/src/sp_upload_validation.c +++ b/src/sp_upload_validation.c @@ -13,10 +13,11 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra); int sp_rfc1867_callback_win(unsigned int event, void *event_data, void **extra) { - sp_log_simulation("upload_validation", - "The upload validation doesn't work for now on Windows yet, " - "see https://github.com/jvoisin/snuffleupagus/issues/248 for " - "details."); + sp_log_simulation( + "upload_validation", + "The upload validation doesn't work for now on Windows yet, " + "see https://github.com/jvoisin/snuffleupagus/issues/248 for " + "details."); return SUCCESS; } @@ -91,8 +92,8 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { char *uri = getenv("REQUEST_URI"); int sim = config_upload->simulation; sp_log_auto("upload_validation", sim, - "The upload of %s on %s was rejected.", - filename, uri ? uri : "?"); + "The upload of %s on %s was rejected.", filename, + uri ? uri : "?"); } } ZEND_HASH_FOREACH_END(); diff --git a/src/sp_utils.c b/src/sp_utils.c index 8032e0a..4c78ce5 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -41,7 +41,7 @@ const char* get_ipaddr() { } void sp_log_msgf(char const* restrict feature, int level, int type, - const char* restrict fmt, ...) { + const char* restrict fmt, ...) { char* msg; va_list args; @@ -51,7 +51,7 @@ void sp_log_msgf(char const* restrict feature, int level, int type, const char* client_ip = get_ipaddr(); const char* logtype = NULL; - switch(type) { + switch (type) { case SP_TYPE_SIMULATION: logtype = "simulation"; break; @@ -80,7 +80,8 @@ void sp_log_msgf(char const* restrict feature, int level, int type, } case SP_ZEND: default: - zend_error(level, "[snuffleupagus][%s][%s][%s] %s", client_ip, feature, logtype, msg); + zend_error(level, "[snuffleupagus][%s][%s][%s] %s", client_ip, feature, + logtype, msg); break; } } @@ -280,26 +281,27 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name, char_repr = zend_string_to_char(arg_value); } if (alias) { - sp_log_auto("disabled_function", sim, - "Aborted execution on call of the function '%s', " - "because its argument '%s' content (%s) matched the rule '%s'", - path, arg_name, char_repr ? char_repr : "?", ZSTR_VAL(alias)); + sp_log_auto( + "disabled_function", sim, + "Aborted execution on call of the function '%s', " + "because its argument '%s' content (%s) matched the rule '%s'", + path, arg_name, char_repr ? char_repr : "?", ZSTR_VAL(alias)); } else { sp_log_auto("disabled_function", sim, - "Aborted execution on call of the function '%s', " - "because its argument '%s' content (%s) matched a rule", - path, arg_name, char_repr ? char_repr : "?"); + "Aborted execution on call of the function '%s', " + "because its argument '%s' content (%s) matched a rule", + path, arg_name, char_repr ? char_repr : "?"); } efree(char_repr); } else { if (alias) { sp_log_auto("disabled_function", sim, - "Aborted execution on call of the function '%s', " - "because of the the rule '%s'", - path, ZSTR_VAL(alias)); + "Aborted execution on call of the function '%s', " + "because of the the rule '%s'", + path, ZSTR_VAL(alias)); } else { sp_log_auto("disabled_function", sim, - "Aborted execution on call of the function '%s'", path); + "Aborted execution on call of the function '%s'", path); } } } @@ -327,9 +329,9 @@ void sp_log_disable_ret(const char* restrict path, path, char_repr ? char_repr : "?", ZSTR_VAL(alias)); } else { sp_log_auto("disabled_function", sim, - "Aborted execution on return of the function '%s', " - "because the function returned '%s', which matched a rule", - path, char_repr ? char_repr : "?"); + "Aborted execution on return of the function '%s', " + "because the function returned '%s', which matched a rule", + path, char_repr ? char_repr : "?"); } efree(char_repr); } diff --git a/src/tests/broken_configuration/broken_conf_no_file_specified.phpt b/src/tests/broken_configuration/broken_conf_no_file_specified.phpt index 8b360d4..cb2d95f 100644 --- a/src/tests/broken_configuration/broken_conf_no_file_specified.phpt +++ b/src/tests/broken_configuration/broken_conf_no_file_specified.phpt @@ -6,5 +6,5 @@ Broken configuration - No configuration file specified --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. +Warning: [snuffleupagus][0.0.0.0][config][log] No configuration specificed via sp.configuration_file in Unknown on line 0 +1 diff --git a/src/tests/loading.phpt b/src/tests/loading.phpt index 761917a..2514ec5 100644 --- a/src/tests/loading.phpt +++ b/src/tests/loading.phpt @@ -7,5 +7,5 @@ Check for snuffleupagus presence echo "snuffleupagus extension is available"; ?> --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. +Warning: [snuffleupagus][0.0.0.0][config][log] No configuration specificed via sp.configuration_file in Unknown on line 0 +snuffleupagus extension is available -- cgit v1.3 From 630ab2f9e451835bf6d343438ca781892e95d9e3 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 6 Nov 2020 17:41:59 +0100 Subject: Bump the changelog --- debian/changelog | 24 +++++++++++++---- doc/source/changelog.rst | 69 ++++++++++++++++++++++++++++++------------------ src/php_snuffleupagus.h | 4 +-- 3 files changed, 64 insertions(+), 33 deletions(-) (limited to 'src/php_snuffleupagus.h') diff --git a/debian/changelog b/debian/changelog index fc9e0b0..3177034 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +snuffleupagus (0.6.0) UNRELEASED; urgency=medium + + [ jvoisin ] + * More constification + * Snuffleupagus should now be able to get client's ip addresses in more cases + * Documented compatibility with Heroku + * Improved logging + * Added a couple of tests + + [ wargio ] + * allow empty configurations + + -- jvoisin Fri, 06 Nov 2020 17:45:00 +0200 + + snuffleupagus (0.5.1) UNRELEASED; urgency=medium [ jvoisin ] @@ -11,7 +26,6 @@ snuffleupagus (0.5.1) UNRELEASED; urgency=medium -- jvoisin Sat, 20 Jun 2020 12:30:00 +0200 - snuffleupagus (0.5.0) UNRELEASED; urgency=medium [ kkadosh ] @@ -37,7 +51,7 @@ snuffleupagus (0.4.1) UNRELEASED; urgency=medium * Improve and clarify the documentation * Add support for PHP7.3 * Improve the coverage, we have now reached 99% of coverage - * Improve the `mb_string` hooking logic + * Improve the `mb_string` hooking logic * The script that check uploaded file is now available in PHP * Fix segfault on 32-bit for PHP7.3 * Fix segfault when using `sloppy_comparison` feature with array @@ -67,11 +81,11 @@ snuffleupagus (0.3.1) UNRELEASED; urgency=medium * Disable XXE and harden PRNG by default * Use SameSite on PHP's session cookie in the default rules - * Relax a bit what files can be included in the default rules + * Relax a bit what files can be included in the default rules * Add the possibility to ignore files hashes when generating rules - * The filename filter is now accepting phar paths + * The filename filter is now accepting phar paths * The harden rand_feature is not ignoring parameters anymore in function calls - * Fix possible crashes/hangs when using php-fpm's pools + * Fix possible crashes/hangs when using php-fpm's pools * Fix an infinite loop on echo hook * Fix an issue with filename filter * Fix some documentation issues diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst index a72b737..b4b87b8 100644 --- a/doc/source/changelog.rst +++ b/doc/source/changelog.rst @@ -1,8 +1,25 @@ Changelog ========= -0.5.1 - `Order of the Elephant `__ 2020/06/20 --------------------------------------------------------------------------------------------------------------- +0.6.0 - `Elephant in the room `__ 2020/11/06 +---------------------------------------------------------------------------------------------------------- + +New features +^^^^^^^^^^^^ +* Allow empty configurations + +Improvements +^^^^^^^^^^^^ + +* More constification +* Snuffleupagus should now be able to get client's ip addresses in more cases +* Documented compatibility with Heroku +* Improved logging +* Added a couple of tests + + +0.5.1 - `Order of the Elephant `__ 2020/06/20 +----------------------------------------------------------------------------------------------------------- New features ^^^^^^^^^^^^ @@ -19,8 +36,8 @@ Improvements * Improve the gitlab CI -0.5.0 - `Elephant Flats `__ 2019/06/12 --------------------------------------------------------------------------------------------------------------- +0.5.0 - `Elephant Flats `__ 2019/06/12 +---------------------------------------------------------------------------------------------------- Improvements ^^^^^^^^^^^^ @@ -45,8 +62,8 @@ Bug fixes -0.4.1 - `Loxodonta `__ 2018/12/21 --------------------------------------------------------------------------------------------------------------- +0.4.1 - `Loxodonta `__ 2018/12/21 +----------------------------------------------------------------------------------------------- Improvements ^^^^^^^^^^^^ @@ -66,8 +83,8 @@ Bug fixes -0.4.0 - `Oliphant Chuckerbutty `__ 2018/08/31 --------------------------------------------------------------------------------------------------------------- +0.4.0 - `Oliphant Chuckerbutty `__ 2018/08/31 +----------------------------------------------------------------------------------------------------------- New features ^^^^^^^^^^^^ @@ -105,8 +122,8 @@ Bug fixes -0.3.1 - `Elephant Arch `__ 2018/08/20 ------------------------------------------------------------------------------------------------------- +0.3.1 - `Elephant Arch `__ 2018/08/20 +--------------------------------------------------------------------------------------------------- Improvements ^^^^^^^^^^^^ @@ -128,21 +145,21 @@ Bug fixes - Fix the Arch Linux's PKGBUILD -0.3.0 - `Dentalium elephantinum `__ 2018/07/17 ---------------------------------------------------------------------------------------------------------------- +0.3.0 - `Dentalium elephantinum `__ 2018/07/17 +------------------------------------------------------------------------------------------------------------ New features ^^^^^^^^^^^^ -- Session cookies can now be `encrypted `__ -- Some occurrences of `type juggling `__ can now be eradicated -- It's `now possible `__ to hook `echo` and `print` +- Session cookies can now be `encrypted `__ +- Some occurrences of `type juggling `__ can now be eradicated +- It's `now possible `__ to hook `echo` and `print` Improvements ^^^^^^^^^^^^ -- The `.filename()` filter is `now matching `__ on the file where the function is called instead on the one where it's defined. -- Vastly `optimize `__ the way we hook native functions +- The `.filename()` filter is `now matching `__ on the file where the function is called instead on the one where it's defined. +- Vastly `optimize `__ the way we hook native functions - The format of the logs has been streamlined to ease their processing @@ -151,11 +168,11 @@ Bug fixes - Better handling of filters for built-in functions - Fix various possible integer overflows -- Fix an `annoying memory leak `__ impacting mostly `mod_php` +- Fix an `annoying memory leak `__ impacting mostly `mod_php` -0.2.2 - `Elephant Moraine `__ 2018/04/12 ---------------------------------------------------------------------------------------------------------- +0.2.2 - `Elephant Moraine `__ 2018/04/12 +------------------------------------------------------------------------------------------------------ New features ^^^^^^^^^^^^ @@ -177,8 +194,8 @@ Bug fixes - Fix a crash related to variadic functions -0.2.1 - `Elephant Point `__ 2018/02/07 -------------------------------------------------------------------------------------------------------- +0.2.1 - `Elephant Point `__ 2018/02/07 +---------------------------------------------------------------------------------------------------- Bug fixes ^^^^^^^^^ @@ -194,8 +211,8 @@ Improvements - Improve a bit the portability of the code - Minor code simplification -0.2.0 - `Elephant Rally `__ - 2018/01/18 ---------------------------------------------------------------------------------------------------------- +0.2.0 - `Elephant Rally `__ - 2018/01/18 +------------------------------------------------------------------------------------------------------ New features ^^^^^^^^^^^^ @@ -226,7 +243,7 @@ External contributions - Simplification and clean up of our linked-list implementation by `smagnin `__ -0.1.0 - `Mighty Mammoth `__ - 2017/12/21 ---------------------------------------------------------------------------------------------------------- +0.1.0 - `Mighty Mammoth `__ - 2017/12/21 +------------------------------------------------------------------------------------------------------ - Initial release diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 6b0e210..213e27e 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -1,9 +1,9 @@ #ifndef PHP_SNUFFLEUPAGUS_H #define PHP_SNUFFLEUPAGUS_H -#define PHP_SNUFFLEUPAGUS_VERSION "0.5.1" +#define PHP_SNUFFLEUPAGUS_VERSION "0.6.0" #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus" -#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System" +#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin" #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" #define PHP_SNUFFLEUPAGUS_COPYRIGHT "LGPLv2" -- cgit v1.3 From f4bc388f1e4adb1b9dde5f3af77785101ad19857 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 12 Nov 2020 16:28:42 +0000 Subject: Snuffleupagus now uses pcre2 by default --- .travis.yml | 6 ++++++ src/config.m4 | 2 +- src/php_snuffleupagus.h | 3 +-- src/sp_pcre_compat.h | 8 +++++--- 4 files changed, 13 insertions(+), 6 deletions(-) (limited to 'src/php_snuffleupagus.h') diff --git a/.travis.yml b/.travis.yml index bcad3a7..de7febb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,11 @@ language: php +addons: + apt: + packages: + - libpcre2-dev + - libpcre2-8-0 + env: - secure: "fjx/arfcdoqWUIzlQXzQdW9gqXRG7Vpo8dTwJip0uJH8oFeTfYhw1V9EMS4JtKVGwQo3vaagehMflVr7swaoe9Nf4YoCjaEq8x6ZMJH3bLHNgtigfS03Uqop9FI/a/Jau/BL7ibIEkZRNfEIx8z+NyfY4bAeK35W/Ru5k2BHyp1GLKwBpizHdJsshG/ukM+4W8PY9BAeXVavqxQRywseQEsqmGruGLcYFuuh04D7cnNqyuYgbdaq7YMKZfVGxM7N5eeL5xSlw0Sl9yOutRzkxUmL1WSmYMFrkRLcc37hRTu67tCmP60tiGLGY2Ll8nUh6rkc3RwBgc1wOC7jRMrtoGvlgsLxz7kLOtpQ31PdJKefe99rQMkcYKLwCxXf7WQdOHY4YsTmjqlPyzfTKT3mNtGhUwp1rEvlcygZZK8osHtc46BUD6BKNRCvTyLNyLTx2IoA4WfrzWOaQ+A1gNRD5L9Jbqi0kY6teENCzzlHUe80mH7wBarCTRoDAD73w/EPgSn3+CeLALXXEu+r9Sm/e5YpaFfLdeKDC6fr1KwU69ddHUKWZqjFM8vEHjrIbmAdNwVsuCo8LeWdCCXdQlWrISQ4OUDBBEmnwlKoojSjIYP5SKoH1txZemGok1/TN/tvjlyrx2RYYxy7AdUulENKXXeqlwWsiwVZCZLR4tt+wEQ=" diff --git a/src/config.m4 b/src/config.m4 index 52b6d04..e4cc1f5 100644 --- a/src/config.m4 +++ b/src/config.m4 @@ -24,7 +24,7 @@ CFLAGS="$CFLAGS -Wall -Wextra -Wno-unused-parameter" CFLAGS="$CFLAGS -Wformat=2 -Wformat-security -D_FORTIFY_SOURCE=2" CFLAGS="$CFLAGS -fstack-protector" -LDFLAGS="$LDFLAGS -lpcre" +LDFLAGS="$LDFLAGS `pcre2-config --libs8`" if test "$PHP_DEBUG" = "yes"; then AC_DEFINE(SP_DEBUG, 1, [Wether you want to enable debug messages]) diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 213e27e..532516f 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -14,7 +14,7 @@ #include #include #include -#include +#include "sp_pcre_compat.h" #include #include #include @@ -34,7 +34,6 @@ #include "ext/standard/info.h" #include "ext/standard/url.h" #include "ext/standard/php_var.h" -#include "ext/pcre/php_pcre.h" #include "ext/session/php_session.h" #include "php.h" #include "php_ini.h" diff --git a/src/sp_pcre_compat.h b/src/sp_pcre_compat.h index 093a9c3..b429683 100644 --- a/src/sp_pcre_compat.h +++ b/src/sp_pcre_compat.h @@ -7,17 +7,19 @@ #undef pcre_exec #undef pcre_compile -/* We're not supporting pcre2 when it's not bundled with php7, +/* We're not supporting pcre when it's not bundled with php7, * yet. Pull-requests are welcome. */ #if HAVE_BUNDLED_PCRE #if PHP_VERSION_ID >= 70300 #define SP_HAS_PCRE2 -#include "ext/pcre/pcre2lib/pcre2.h" +#include "ext/pcre/php_pcre.h" #else #include "ext/pcre/pcrelib/pcre.h" #endif #else -#include "pcre.h" +#define SP_HAS_PCRE2 +#define PCRE2_CODE_UNIT_WIDTH 8 +#include "pcre2.h" #endif #ifdef SP_HAS_PCRE2 -- cgit v1.3 From a64d0a29bf966135248fe53eefade0dd59652230 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 13 Dec 2020 19:15:48 +0100 Subject: Remove a duplicate include --- src/php_snuffleupagus.h | 1 - 1 file changed, 1 deletion(-) (limited to 'src/php_snuffleupagus.h') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 532516f..14efadb 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -29,7 +29,6 @@ #include #include "SAPI.h" -#include "ext/session/php_session.h" #include "ext/standard/head.h" #include "ext/standard/info.h" #include "ext/standard/url.h" -- cgit v1.3 From 98ed3be52fa15521ef405fc8029176279d80778e Mon Sep 17 00:00:00 2001 From: Julien Voisin Date: Thu, 24 Dec 2020 10:32:28 +0000 Subject: Add PHP8 support --- .travis.yml | 3 - src/php_snuffleupagus.h | 2 +- src/sp_pcre_compat.c | 24 ++++- src/sp_pcre_compat.h | 16 ++-- src/tests/xxe/disable_xxe_dom.phpt | 75 ---------------- src/tests/xxe/disable_xxe_dom_disabled_php8.phpt | 60 ------------- src/tests/xxe/disable_xxe_xml_parse_php8.phpt | 106 ----------------------- 7 files changed, 30 insertions(+), 256 deletions(-) delete mode 100644 src/tests/xxe/disable_xxe_dom.phpt delete mode 100644 src/tests/xxe/disable_xxe_dom_disabled_php8.phpt delete mode 100644 src/tests/xxe/disable_xxe_xml_parse_php8.phpt (limited to 'src/php_snuffleupagus.h') diff --git a/.travis.yml b/.travis.yml index 0bab804..b4c183e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,9 +38,6 @@ matrix: php: "7.4" - env: TARGET="gcc php nightly novld" CC="gcc" php: "nightly" - allow_failures: - - env: TARGET="gcc php nightly novld" CC="gcc" - php: "nightly" script: - if [[ ! "${TARGET}" = *"novld"* ]]; then pecl install vld-beta ; fi diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 14efadb..02b464e 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -14,7 +14,6 @@ #include #include #include -#include "sp_pcre_compat.h" #include #include #include @@ -29,6 +28,7 @@ #include #include "SAPI.h" +#include "ext/pcre/php_pcre.h" #include "ext/standard/head.h" #include "ext/standard/info.h" #include "ext/standard/url.h" diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c index c575a79..d2efc71 100644 --- a/src/sp_pcre_compat.c +++ b/src/sp_pcre_compat.c @@ -3,14 +3,21 @@ sp_pcre* sp_pcre_compile(const char* const pattern) { assert(NULL != pattern); + sp_pcre* ret = NULL; +#ifdef SP_HAS_PCRE2 unsigned char pcre_error[128] = {0}; int errornumber; PCRE2_SIZE erroroffset; - sp_pcre* ret = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, + ret = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS, &errornumber, &erroroffset, NULL); + pcre2_get_error_message(errornumber, pcre_error, sizeof(pcre_error)); +#else + const char* pcre_error = NULL; + int erroroffset; + ret = php_pcre_compile(pattern, PCRE_CASELESS, &pcre_error, &erroroffset, NULL); +#endif if (NULL == ret) { - pcre2_get_error_message(errornumber, pcre_error, sizeof(pcre_error)); sp_log_err("config", "Failed to compile '%s': %s on line %zu.", pattern, pcre_error, sp_line_no); } @@ -19,15 +26,26 @@ sp_pcre* sp_pcre_compile(const char* const pattern) { bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len) { + int ret = 0; + assert(NULL != regexp); assert(NULL != str); +#ifdef SP_HAS_PCRE2 pcre2_match_data* match_data = pcre2_match_data_create_from_pattern(regexp, NULL); - int ret = pcre2_match(regexp, (PCRE2_SPTR)str, len, 0, 0, match_data, NULL); + ret = pcre2_match(regexp, (PCRE2_SPTR)str, len, 0, 0, match_data, NULL); +#else + int vec[30]; + ret = php_pcre_exec(regexp, NULL, str, len, 0, 0, vec, sizeof(vec) / sizeof(int)); +#endif if (ret < 0) { +#ifdef SP_HAS_PCRE2 if (ret != PCRE2_ERROR_NOMATCH) { +#else + if (ret != PCRE_ERROR_NOMATCH) { +#endif // LCOV_EXCL_START sp_log_err("regexp", "Something went wrong with a regexp (%d).", ret); // LCOV_EXCL_STOP diff --git a/src/sp_pcre_compat.h b/src/sp_pcre_compat.h index 6fcb383..b70630d 100644 --- a/src/sp_pcre_compat.h +++ b/src/sp_pcre_compat.h @@ -7,18 +7,18 @@ #undef pcre_exec #undef pcre_compile -#if HAVE_BUNDLED_PCRE -#if PHP_VERSION_ID >= 70300 -#include "ext/pcre/php_pcre.h" -#else -#include "ext/pcre/pcrelib/pcre.h" -#endif -#else + #define PCRE2_CODE_UNIT_WIDTH 8 -#include "pcre2.h" +#if PHP_VERSION_ID >= 70300 +#define SP_HAS_PCRE2 #endif +#include "ext/pcre/php_pcre.h" // PCRE1 +#ifdef SP_HAS_PCRE2 #define sp_pcre pcre2_code +#else +#define sp_pcre pcre +#endif sp_pcre* sp_pcre_compile(const char* str); #define sp_is_regexp_matching_zend(regexp, zstr) \ diff --git a/src/tests/xxe/disable_xxe_dom.phpt b/src/tests/xxe/disable_xxe_dom.phpt deleted file mode 100644 index 99ed572..0000000 --- a/src/tests/xxe/disable_xxe_dom.phpt +++ /dev/null @@ -1,75 +0,0 @@ ---TEST-- -Disable XXE, in php8 ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/disable_xxe.ini ---EXTENSIONS-- -dom ---FILE-- - - -]> -&foo; -EOD; - -file_put_contents('content.xml', $xml); - -libxml_disable_entity_loader(true); -$dom = new DOMDocument('1.0'); -$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); -printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); - -libxml_disable_entity_loader(false); -$dom = new DOMDocument('1.0'); -$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); -printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); - -$xml = "foo"; -file_put_contents('content.xml', $xml); - -libxml_disable_entity_loader(false); -$dom = new DOMDocument('1.0'); -$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); -printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue); - -?> ---CLEAN-- - ---EXPECTF-- -Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom.php on line %d - -Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%s/tests/xxe/content.txt" in /var/www/html/snuffleupagus/src/tests/xxe/disable_xxe_dom.php on line %d - -Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: 6 in %s/tests/xxe/disable_xxe_dom.php on line %d - -Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: 6 in %s/tests/xxe/disable_xxe_dom.php on line %d - -Warning: Attempt to read property "nodeValue" on null in %s/tests/xxe/disable_xxe_dom.php on line %d -libxml_disable_entity to true: - -Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom.php on line %d - -Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%s/tests/xxe/content.txt" in /var/www/html/snuffleupagus/src/tests/xxe/disable_xxe_dom.php on line %d - -Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: 6 in %s/tests/xxe/disable_xxe_dom.php on line %d - -Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: 6 in %s/tests/xxe/disable_xxe_dom.php on line %d - -Warning: Attempt to read property "nodeValue" on null in %s/tests/xxe/disable_xxe_dom.php on line %d -libxml_disable_entity to false: - -Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom.php on line %d diff --git a/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt b/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt deleted file mode 100644 index c0db7fc..0000000 --- a/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt +++ /dev/null @@ -1,60 +0,0 @@ ---TEST-- -Disable XXE in php8 ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/disable_xxe_disable.ini ---EXTENSIONS-- -dom ---FILE-- -WARNING, external entity loaded!'; -file_put_contents($dir . '/content.txt', $content); - -$xml = << - -]> -&foo; -EOD; - -file_put_contents($dir . '/content.xml', $xml); - -libxml_disable_entity_loader(true); -$dom = new DOMDocument('1.0'); -$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); -printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); - -libxml_disable_entity_loader(false); -$dom = new DOMDocument('1.0'); -$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); -printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); - -$xml = "foo"; -file_put_contents('content.xml', $xml); - -libxml_disable_entity_loader(false); -$dom = new DOMDocument('1.0'); -$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); -printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue); - -?> ---CLEAN-- - ---EXPECTF-- -Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom_disabled.php on line %d -libxml_disable_entity to true: WARNING, external entity loaded! - -Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom_disabled.php on line %d -libxml_disable_entity to false: WARNING, external entity loaded! - -Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom_disabled.php on line %d - diff --git a/src/tests/xxe/disable_xxe_xml_parse_php8.phpt b/src/tests/xxe/disable_xxe_xml_parse_php8.phpt deleted file mode 100644 index 4a8622a..0000000 --- a/src/tests/xxe/disable_xxe_xml_parse_php8.phpt +++ /dev/null @@ -1,106 +0,0 @@ ---TEST-- -Disable XXE in xml_parse, in php8 ---SKIPIF-- - - ---EXTENSIONS-- -xml ---INI-- -sp.configuration_file={PWD}/config/disable_xxe.ini ---FILE-- - - -]> -&foo; -EOD; - -file_put_contents('content.xml', $xml); - -function create_parser() { - $parser = xml_parser_create(); - xml_set_element_handler( - $parser, - function($parser, $name, array $attributes) { - var_dump($name); - echo "\n"; - var_dump($attributes); - }, - function($parser, $name) { - var_dump($name); - } - ); - - xml_set_character_data_handler( - $parser, - function ($parser, $text){ - echo 'text' . $text; - } - ); - - return $parser; -} - -libxml_disable_entity_loader(true); -$parser = create_parser(); -$doc = xml_parse($parser, $xml, true); -xml_parser_free($parser); - -libxml_disable_entity_loader(false); -$parser = create_parser(); -$doc = xml_parse($parser, $xml, true); -xml_parser_free($parser); - -$xml = "foo"; -file_put_contents('content.xml', $xml); -$parser = create_parser(); -$doc = xml_parse($parser, $xml, true); -xml_parser_free($parser); - ---EXPECTF-- - Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_xml_parse.php on line 41 -string(4) "TEST" - -array(0) { -} -string(7) "TESTING" - -array(0) { -} -string(7) "TESTING" -string(4) "TEST" - -Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_xml_parse.php on line 46 -string(4) "TEST" - -array(0) { -} -string(7) "TESTING" - -array(0) { -} -string(7) "TESTING" -string(4) "TEST" -string(4) "TEST" - -array(0) { -} -string(7) "TESTING" - -array(0) { -} -textfoostring(7) "TESTING" - -- cgit v1.3 From 047b2d08a5d01c2c8654f16fb97bb99d0b25052b Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 2 Jan 2021 19:22:07 +0100 Subject: Bump the changelog --- debian/changelog | 10 +++++++++- doc/source/changelog.rst | 21 +++++++++++++++++++++ src/php_snuffleupagus.h | 2 +- 3 files changed, 31 insertions(+), 2 deletions(-) (limited to 'src/php_snuffleupagus.h') diff --git a/debian/changelog b/debian/changelog index 3177034..d0ab5e0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +snuffleupagus (0.7.0) UNRELEASED; urgency=medium + [ jvoisin ] + * PHP8 support + * Stacktraces in dumps + * The `>` operator skips over functions + * PCRE2 is used when possible + * The `generate_rules.php` script is now more portable + * The strict mode is now disableable + snuffleupagus (0.6.0) UNRELEASED; urgency=medium [ jvoisin ] @@ -12,7 +21,6 @@ snuffleupagus (0.6.0) UNRELEASED; urgency=medium -- jvoisin Fri, 06 Nov 2020 17:45:00 +0200 - snuffleupagus (0.5.1) UNRELEASED; urgency=medium [ jvoisin ] diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst index b4b87b8..307c92c 100644 --- a/doc/source/changelog.rst +++ b/doc/source/changelog.rst @@ -1,6 +1,27 @@ Changelog ========= +0.7.0 - `Los Elefantes `__ 2021/01/02 +---------------------------------------------------------------------------------------------------------- + +New features +^^^^^^^^^^^^ +* PHP8 support +* Stacktraces in dumps +* The ``>`` operator now skips over functions + +Improvements +^^^^^^^^^^^^ +* Move the CI from travis to gitlab-ci +* Some code simplifications and constifications +* PCRE2 is now used when possible +* The ``generate_rules.php`` script is now more portable + +Bug fixes +^^^^^^^^^ +* The strict mode is now disableable + + 0.6.0 - `Elephant in the room `__ 2020/11/06 ---------------------------------------------------------------------------------------------------------- diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 02b464e..dc0a471 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -1,7 +1,7 @@ #ifndef PHP_SNUFFLEUPAGUS_H #define PHP_SNUFFLEUPAGUS_H -#define PHP_SNUFFLEUPAGUS_VERSION "0.6.0" +#define PHP_SNUFFLEUPAGUS_VERSION "0.7.0" #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus" #define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin" #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" -- cgit v1.3 From 3c528d9d03cec872382a6f400b5701a8fbfd59b4 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 3 Jan 2021 14:12:54 +0100 Subject: Don't check for bundled pcre in php8 Patch coming from https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/16372/diffs#diff-content-c2549fd272f686fb013e5c74164615ca073560bb --- src/php_snuffleupagus.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/php_snuffleupagus.h') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index dc0a471..248045c 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -45,9 +45,6 @@ #include "zend_vm.h" /* Compatibility */ -#if ( !HAVE_PCRE && !HAVE_BUNDLED_PCRE ) -#error Snuffleupagus requires PHP7+ with PCRE support -#endif #if PHP_VERSION_ID < 70000 #error Snuffleupagus only works with PHP7+. You shouldn't use PHP5 anyway, \ since it's not supported anymore: https://secure.php.net/supported-versions.php @@ -58,6 +55,10 @@ typedef void (*zif_handler)(INTERNAL_FUNCTION_PARAMETERS); #if PHP_VERSION_ID >= 80000 #define TSRMLS_FETCH() #define TSRMLS_C +#else +#if ( !HAVE_PCRE && !HAVE_BUNDLED_PCRE ) +#error Snuffleupagus requires PHP7+ with PCRE support +#endif #endif #define SP_CONFIG_VALID 1 -- cgit v1.3