snuffleupagus v0.10 releases: Security module for php7 and php8


Security module for php7 and php8 – Killing bugclasses and virtual-patching the rest!

Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes. It also provides a powerful virtual-patching system, allowing administrators to fix specific vulnerabilities and audit suspicious behaviours without having to touch the PHP code.snuffleupagus

Key Features

  • No noticeable performance impact
  • Powerful yet simple to write virtual-patching rules
  • Killing several classes of vulnerabilities
  • Several hardening features
    • Automatic secure and samesite flag for cookies
    • Bundled set of rules to detect post-compromissions behaviours
    • Global strict mode and type-juggling prevention
    • Whitelisting of stream wrappers
    • Preventing writeable files execution
    • Whitelist/blacklist for eval
    • Enforcing TLS certificate validation when using curl
    • Request dumping capability
  • A relatively sane code base:

Changelog v0.10

New features

  • Compatibility with PHP8.3
  • Add sp.log_max_len to limit the maximum size of the log messages
  • Add an example configuration for Xenforo 2.2.12

Breaking Changes

  • Url encode functions arguments when logging them

Bug fixes

  • Fix a possible NULL-byte truncation when outputting parameters in the logs
  • Make readonly_exec play nice on readonly filesystems

Download & Use

©2017-2018 NBS System, 2019-2021 Julien (jvoisin) Voisin