{"id":13767193,"url":"https://github.com/nbs-system/snuffleupagus","last_synced_at":"2025-05-10T22:31:42.169Z","repository":{"id":48134413,"uuid":"274939088","full_name":"nbs-system/snuffleupagus","owner":"nbs-system","description":null,"archived":true,"fork":false,"pushed_at":"2023-11-08T09:16:00.000Z","size":9569,"stargazers_count":26,"open_issues_count":0,"forks_count":1,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-17T02:34:27.752Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nbs-system.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-06-25T14:34:55.000Z","updated_at":"2023-11-08T09:17:04.000Z","dependencies_parsed_at":"2024-01-07T09:43:15.890Z","dependency_job_id":null,"html_url":"https://github.com/nbs-system/snuffleupagus","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbs-system%2Fsnuffleupagus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbs-system%2Fsnuffleupagus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbs-system%2Fsnuffleupagus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbs-system%2Fsnuffleupagus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nbs-system","download_url":"https://codeload.github.com/nbs-system/snuffleupagus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253492529,"owners_count":21916959,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T16:01:06.018Z","updated_at":"2025-05-10T22:31:37.157Z","avatar_url":"https://github.com/nbs-system.png","language":"C","funding_links":[],"categories":["Security","Hardening"],"sub_categories":["WebServers"],"readme":"# THIS REPO HAS BEEN ARCHIVED, PLEASE VISIT https://github.com/jvoisin/snuffleupagus\n\n\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://snuffleupagus.readthedocs.io/\"\u003e\n\t\t\u003cimg src=\"https://github.com/nbs-system/snuffleupagus/raw/master/doc/source/_static/sp.png\" alt=\"Snuffleupagus' logo\" width=\"200\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  Snuffleupagus\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eSecurity module for php7 - Killing bugclasses and virtual-patching the rest!.\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://travis-ci.org/nbs-system/snuffleupagus\"\u003e\n    \u003cimg src=\"https://travis-ci.org/nbs-system/snuffleupagus.svg?branch=master\"\n         alt=\"Travis-ci\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://scan.coverity.com/projects/nbs-system-snuffleupagus\"\u003e\n\t\t\u003cimg src=\"https://scan.coverity.com/projects/13821/badge.svg?flat=1\"\n\t\t\t\t alt=\"Coverity\"\u003e\n\t\u003c/a\u003e\n  \u003ca href=\"https://bestpractices.coreinfrastructure.org/projects/1267\"\u003e\n      \u003cimg src=\"https://bestpractices.coreinfrastructure.org/projects/1267/badge\"\n\t\t\t\t\t alt=\"CII Best Practises\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"http://snuffleupagus.readthedocs.io/?badge=latest\"\u003e\n    \u003cimg src=\"https://readthedocs.org/projects/snuffleupagus/badge/?version=latest\"\n\t\t\t\t alt=\"readthedocs.org\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://coveralls.io/github/nbs-system/snuffleupagus?branch=master\"\u003e\n    \u003cimg src=\"https://coveralls.io/repos/github/nbs-system/snuffleupagus/badge.svg?branch=master\"\n\t\t\t\t alt=\"coveralls\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://twitter.com/sp_php\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/twitter-follow-blue.svg\"\n\t\t\t\t alt=\"twitter\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#key-features\"\u003eKey Features\u003c/a\u003e •\n  \u003ca href=\"#download\"\u003eDownload\u003c/a\u003e •\n  \u003ca href=\"#examples\"\u003eExamples\u003c/a\u003e •\n\t\u003ca href=\"https://snuffleupagus.readthedocs.io/\"\u003eDocumentation\u003c/a\u003e •\n  \u003ca href=\"https://github.com/nbs-system/snuffleupagus/blob/master/LICENSE\"\u003eLicense\u003c/a\u003e •\n\t\u003ca href=\"#thanks\"\u003eThanks\u003c/a\u003e\n\u003c/p\u003e\n\nSnuffleupagus is a [PHP 7+](https://secure.php.net/) module designed to\ndrastically raise the cost of attacks against websites, by killing entire bug\nclasses. It also provides a powerful virtual-patching system, allowing\nadministrator to fix specific vulnerabilities and audit suspicious behaviours\nwithout having to touch the PHP code.\n\n## Key Features\n\n* Close to zero performance impact\n* Powerful yet simple to write virtual-patching rules\n* Killing several classes of vulnerabilities\n\t* [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution\n\t* [`mail`-based]( https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ ) code execution\n\t* Cookie-stealing [XSS]( https://en.wikipedia.org/wiki/Cross-site_scripting )\n\t* File-upload based code execution\n\t* Weak PRNG\n\t* [XXE]( https://en.wikipedia.org/wiki/XML_external_entity_attack )\n* Hardening features\n\t* Automatic `secure` and `samesite` flag for cookies\n\t* Bundled set of rules to detect post-compromissions behaviours\n\t* Global [strict mode]( https://secure.php.net/manual/en/migration70.new-features.php#migration70.new-features.scalar-type-declarations) and type-juggling prevention\n\t* Whitelisting of [stream wrappers](https://secure.php.net/manual/en/intro.stream.php)\n\t* Preventing writeable files execution\n\t* Whitelist/blacklist for `eval`\n\t* Request dumping capability\n\n## Download\n\nWe've got a [download\npage](https://snuffleupagus.readthedocs.io/download.html), where you can find\npackages for your distribution, but you can of course just `git clone` this\nrepo, or check the releases on [github](https://github.com/nbs-system/snuffleupagus/releases).\n\n## Examples\n\nWe're providing [various example rules](https://github.com/nbs-system/snuffleupagus/tree/master/config),\nthat are looking like this:\n\n```python\n# Harden the `chmod` function\nsp.disable_function.function(\"chmod\").param(\"mode\").value_r(\"^[0-9]{2}[67]$\").drop();\n\n# Mitigate command injection in `system`\nsp.disable_function.function(\"system\").param(\"command\").value_r(\"[$|;\u0026`\\\\n]\").drop();\n```\n\nUpon violation of a rule, you should see lines like this in your logs:\n\n```python\n[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in /var/www/index.php:2, because the return value (0) of the function 'strpos' matched a rule.\n```\n\n## Documentation\n\nWe've got a [comprehensive website](https://snuffleupagus.readthedocs.io/) with\nall the documentation that you could possibly wish for. You can of course\n[build it yourself](https://github.com/nbs-system/snuffleupagus/tree/master/doc).\n\n## Thanks\n\nMany thanks to the [Suhosin project](https://suhosin.org) for being a __huge__\nsource of inspiration, and to all [our\ncontributors](https://github.com/nbs-system/snuffleupagus/graphs/contributors).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnbs-system%2Fsnuffleupagus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnbs-system%2Fsnuffleupagus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnbs-system%2Fsnuffleupagus/lists"}