-
Notifications
You must be signed in to change notification settings - Fork 5
Home
Snuffleupagus is a marvellous security module for PHP 7 and PHP 8. This repository is a fork of the original Snuffleupagus repository used for development and testing of new and experimental features. It can be seen as the beta version of the Snuffleupagus PHP extension, showcasing new ideas, with the aim to eventually be ported back upstream to the original repository.
The Suhosin-NG project is an effort to advance PHP hardening by providing patches to Snuffleupagus, documentation and its own set of tools.
-
Prerequisites: Obviously, you will need a development environment with a C compiler and a PHP installation with headers (dev-package). See Github Workflows for examples.
-
Check out the repository and compile:
git clone https://github.com/sektioneins/snuffleupagus.git cd snuffleupagus make compile_debug
Future builds can be done using just
make
, e.g. after you made some code changes.
-
Run all tests:
It is possible to just run
make test
insrc/
, but debugging output will likely lead to most tests failing. This is why there is another Makefile rule calledtests
insrc/
, which sets theSP_NODEBUG=1
environment variable in order to prevent debugging output with a debug build.src$ make tests
-
Run just one test or a subset of tests:
make tests TESTS=tests/sid_too_long.phpt make tests TESTS=tests/disable_function
Suppose your PHP installations are in /opt/php/root/$PHP_VERSION/
, e.g. /opt/php/root/8.1.1-64bit
, just run in src/
/opt/php/root/8.1.1-64bit/bin/phpize
./configure --with-php-config=/opt/php/root/8.1.1-64bit/bin/php-config --enable-snuffleupagus --enable-debug --enable-debug-stderr
make
If you prefer running different PHP versions in different docker containers, just run
make docker DOCKER_IMAGE=php:7.4
This will spawn a new docker container using the specified image - or php:latest
if unspecified - and binds /sp
to your Snuffleupagus checkout directory.
The linked-clone
Makefile rule creates symbolic links to all source files into a new directory and copies all tests.
make linked-clone CLONE=8.1-debian
This will create a linked clone in src-8.1-debian
with all source files kept in sync with the src/
directory, but with its own set of tests. You can easily compile a debug build:
make compile_debug SRC=src-8.1-debian