Skip to content

Commit

Permalink
Use php's logging functions
Browse files Browse the repository at this point in the history 
This commit replace our usage of `php_log_err` with `zend_error`. This should
allow administrators to display errors in the webpage, should they want to;
and to properly manipulate the verbosity's level.

This should close #217
  • Loading branch information
@xXx-caillou-xXx @jvoisin
xXx-caillou-xXx authored and jvoisin committed Aug 28, 2018
1 parent eff2c65 commit aa5d689
Show file tree
Hide file tree
Showing 212 changed files with 638 additions and 421 deletions.
10 changes: 5 additions & 5 deletions src/sp_config.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ static int parse_line(char *line) {
}

if (strncmp(ptr, SP_TOKEN_BASE, strlen(SP_TOKEN_BASE))) {
sp_log_err("config", "Invalid configuration prefix for '%s' on line %zu.",
sp_log_err("config", "Invalid configuration prefix for '%s' on line %zu",
line, sp_line_no);
return -1;
}
Expand All @@ -51,7 +51,7 @@ static int parse_line(char *line) {
return sp_func[i].func(ptr + strlen(sp_func[i].token));
}
}
sp_log_err("config", "Invalid configuration section '%s' on line %zu.", line,
sp_log_err("config", "Invalid configuration section '%s' on line %zu", line,
sp_line_no);
return -1;
}
Expand Down Expand Up @@ -114,7 +114,7 @@ int parse_php_type(char *restrict line, char *restrict keyword, void *retval) {
"%s) is expecting a valid php type ('false', 'true',"
" 'array'. 'object', 'long', 'double', 'null', 'resource', "
"'reference',"
" 'undef') on line %zu.",
" 'undef') on line %zu",
keyword, sp_line_no);
return -1;
}
Expand Down Expand Up @@ -149,7 +149,7 @@ int parse_cidr(char *restrict line, char *restrict keyword, void *retval) {
*(sp_cidr **)retval = cidr;
return consumed;
} else {
sp_log_err("config", "%s doesn't contain a valid cidr on line %zu.", line,
sp_log_err("config", "%s doesn't contain a valid cidr on line %zu", line,
sp_line_no);
return -1;
}
Expand All @@ -174,7 +174,7 @@ int parse_regexp(char *restrict line, char *restrict keyword, void *retval) {
closing_paren[0] = '\0';
}
sp_log_err("config",
"'%s)' is expecting a valid regexp, and not '%s' on line %zu.",
"'%s)' is expecting a valid regexp, and not '%s' on line %zu",
keyword, line, sp_line_no);
return -1;
}
Expand Down
62 changes: 31 additions & 31 deletions src/sp_config_keywords.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ static int parse_enable(char *line, bool *restrict retval,
}

if (!(enable ^ disable)) {
sp_log_err("config", "A rule can't be enabled and disabled on line %zu.",
sp_log_err("config", "A rule can't be enabled and disabled on line %zu",
sp_line_no);
return -1;
}
Expand All @@ -44,19 +44,19 @@ int parse_session(char *line) {
if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)) {
sp_log_err(
"config",
"You're trying to use the session cookie encryption feature"
"You're trying to use the session cookie encryption feature "
"on line %zu without having set the `.cookie_env_var` option in"
"`sp.global`: please set it first.",
"`sp.global`: please set it first",
sp_line_no);
pefree(session, 0);
return -1;
} else if (0 ==
(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) {
sp_log_err(
"config",
"You're trying to use the session cookie encryption feature"
"You're trying to use the session cookie encryption feature "
"on line %zu without having set the `.encryption_key` option in"
"`sp.global`: please set it first.",
"`sp.global`: please set it first",
sp_line_no);
pefree(session, 0);
return -1;
Expand Down Expand Up @@ -114,7 +114,7 @@ int parse_unserialize(char *line) {
}

if (!(enable ^ disable)) {
sp_log_err("config", "A rule can't be enabled and disabled on line %zu.",
sp_log_err("config", "A rule can't be enabled and disabled on line %zu",
sp_line_no);
return -1;
}
Expand Down Expand Up @@ -145,7 +145,7 @@ int parse_readonly_exec(char *line) {
}

if (!(enable ^ disable)) {
sp_log_err("config", "A rule can't be enabled and disabled on line %zu.",
sp_log_err("config", "A rule can't be enabled and disabled on line %zu",
sp_line_no);
return -1;
}
Expand Down Expand Up @@ -236,7 +236,7 @@ int parse_cookie(char *line) {
"config",
"You're trying to use the cookie encryption feature"
"on line %zu without having set the `.cookie_env_var` option in"
"`sp.global`: please set it first.",
"`sp.global`: please set it first",
sp_line_no);
return -1;
} else if (0 ==
Expand All @@ -245,28 +245,28 @@ int parse_cookie(char *line) {
"config",
"You're trying to use the cookie encryption feature"
"on line %zu without having set the `.encryption_key` option in"
"`sp.global`: please set it first.",
"`sp.global`: please set it first",
sp_line_no);
return -1;
}
} else if (!samesite) {
sp_log_err("config",
"You must specify a at least one action to a cookie on line "
"%zu.",
"%zu",
sp_line_no);
return -1;
}
if ((!cookie->name || 0 == ZSTR_LEN(cookie->name)) && !cookie->name_r) {
sp_log_err("config",
"You must specify a cookie name/regexp on line "
"%zu.",
"%zu",
sp_line_no);
return -1;
}
if (cookie->name && cookie->name_r) {
sp_log_err("config",
"name and name_r are mutually exclusive on line "
"%zu.",
"%zu",
sp_line_no);
return -1;
}
Expand All @@ -280,7 +280,7 @@ int parse_cookie(char *line) {
sp_log_err(
"config",
"%s is an invalid value to samesite (expected %s or %s) on line "
"%zu.",
"%zu",
ZSTR_VAL(samesite), SP_TOKEN_SAMESITE_LAX, SP_TOKEN_SAMESITE_STRICT,
sp_line_no);
return -1;
Expand Down Expand Up @@ -350,7 +350,7 @@ int parse_disabled_functions(char *line) {
if (X && Y) { \
sp_log_err("config", \
"Invalid configuration line: 'sp.disabled_functions%s': " \
"'.%s' and '.%s' are mutually exclusive on line %zu.", \
"'.%s' and '.%s' are mutually exclusive on line %zu", \
line, STR1, STR2, sp_line_no); \
return 1; \
}
Expand All @@ -367,38 +367,38 @@ int parse_disabled_functions(char *line) {
sp_log_err(
"config",
"Invalid configuration line: 'sp.disabled_functions%s':"
"'.r_param', '.param' and '.pos' are mutually exclusive on line %zu.",
"'.r_param', '.param' and '.pos' are mutually exclusive on line %zu",
line, sp_line_no);
return -1;
} else if ((df->r_key || df->key) && (df->r_value || df->value)) {
sp_log_err("config",
"Invalid configuration line: 'sp.disabled_functions%s':"
"`key` and `value` are mutually exclusive on line %zu.",
"`key` and `value` are mutually exclusive on line %zu",
line, sp_line_no);
return -1;
} else if ((df->r_ret || df->ret || df->ret_type) && (df->r_param || param)) {
sp_log_err("config",
"Invalid configuration line: 'sp.disabled_functions%s':"
"`ret` and `param` are mutually exclusive on line %zu.",
"`ret` and `param` are mutually exclusive on line %zu",
line, sp_line_no);
return -1;
} else if ((df->r_ret || df->ret || df->ret_type) && (var)) {
sp_log_err("config",
"Invalid configuration line: 'sp.disabled_functions%s':"
"`ret` and `var` are mutually exclusive on line %zu.",
"`ret` and `var` are mutually exclusive on line %zu",
line, sp_line_no);
return -1;
} else if ((df->r_ret || df->ret || df->ret_type) &&
(df->value || df->r_value)) {
sp_log_err("config",
"Invalid configuration line: 'sp.disabled_functions%s':"
"`ret` and `value` are mutually exclusive on line %zu.",
"`ret` and `value` are mutually exclusive on line %zu",
line, sp_line_no);
return -1;
} else if (!(df->r_function || df->function)) {
sp_log_err("config",
"Invalid configuration line: 'sp.disabled_functions%s':"
" must take a function name on line %zu.",
" must take a function name on line %zu",
line, sp_line_no);
return -1;
} else if (df->filename && (*ZSTR_VAL(df->filename) != '/') &&
Expand All @@ -407,13 +407,13 @@ int parse_disabled_functions(char *line) {
sp_log_err(
"config",
"Invalid configuration line: 'sp.disabled_functions%s':"
"'.filename' must be an absolute path or a phar archive on line %zu.",
"'.filename' must be an absolute path or a phar archive on line %zu",
line, sp_line_no);
return -1;
} else if (!(allow ^ drop)) {
sp_log_err("config",
"Invalid configuration line: 'sp.disabled_functions%s': The "
"rule must either be a `drop` or `allow` one on line %zu.",
"rule must either be a `drop` or `allow` one on line %zu",
line, sp_line_no);
return -1;
}
Expand All @@ -423,7 +423,7 @@ int parse_disabled_functions(char *line) {
char *endptr;
df->pos = (int)strtol(ZSTR_VAL(pos), &endptr, 10);
if (errno != 0 || endptr == ZSTR_VAL(pos)) {
sp_log_err("config", "Failed to parse arg '%s' of `pos` on line %zu.",
sp_log_err("config", "Failed to parse arg '%s' of `pos` on line %zu",
ZSTR_VAL(pos), sp_line_no);
return -1;
}
Expand All @@ -434,7 +434,7 @@ int parse_disabled_functions(char *line) {
char *endptr;
df->line = (unsigned int)strtoul(ZSTR_VAL(line_number), &endptr, 10);
if (errno != 0 || endptr == ZSTR_VAL(line_number)) {
sp_log_err("config", "Failed to parse arg '%s' of `line` on line %zu.",
sp_log_err("config", "Failed to parse arg '%s' of `line` on line %zu",
ZSTR_VAL(line_number), sp_line_no);
return -1;
}
Expand All @@ -460,7 +460,7 @@ int parse_disabled_functions(char *line) {
df->param = sp_parse_var(ZSTR_VAL(param));
}
if (!df->param) {
sp_log_err("config", "Invalid value '%s' for `param` on line %zu.",
sp_log_err("config", "Invalid value '%s' for `param` on line %zu",
ZSTR_VAL(param), sp_line_no);
return -1;
}
Expand All @@ -470,12 +470,12 @@ int parse_disabled_functions(char *line) {
if (ZSTR_LEN(var)) {
df->var = sp_parse_var(ZSTR_VAL(var));
if (!df->var) {
sp_log_err("config", "Invalid value '%s' for `var` on line %zu.",
sp_log_err("config", "Invalid value '%s' for `var` on line %zu",
ZSTR_VAL(var), sp_line_no);
return -1;
}
} else {
sp_log_err("config", "Empty value in `var` on line %zu.", sp_line_no);
sp_log_err("config", "Empty value in `var` on line %zu", sp_line_no);
return -1;
}
}
Expand Down Expand Up @@ -534,7 +534,7 @@ int parse_upload_validation(char *line) {
}

if (!(enable ^ disable)) {
sp_log_err("config", "A rule can't be enabled and disabled on line %zu.",
sp_log_err("config", "A rule can't be enabled and disabled on line %zu",
sp_line_no);
return -1;
}
Expand All @@ -545,15 +545,15 @@ int parse_upload_validation(char *line) {

if (!script) {
sp_log_err("config",
"The `script` directive is mandatory in '%s' on line %zu.", line,
"The `script` directive is mandatory in '%s' on line %zu", line,
sp_line_no);
return -1;
} else if (-1 == access(ZSTR_VAL(script), F_OK)) {
sp_log_err("config", "The `script` (%s) doesn't exist on line %zu.",
sp_log_err("config", "The `script` (%s) doesn't exist on line %zu",
ZSTR_VAL(script), sp_line_no);
return -1;
} else if (-1 == access(ZSTR_VAL(script), X_OK)) {
sp_log_err("config", "The `script` (%s) isn't executable on line %zu.",
sp_log_err("config", "The `script` (%s) isn't executable on line %zu",
ZSTR_VAL(script), sp_line_no);
return -1;
}
Expand Down
6 changes: 3 additions & 3 deletions src/sp_config_utils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ int parse_keywords(sp_config_functions *funcs, char *line) {
}

if (*line) {
sp_log_err("config", "Trailing chars '%s' at the end of '%s' on line %zu.",
sp_log_err("config", "Trailing chars '%s' at the end of '%s' on line %zu",
line, original_line, sp_line_no);
return -1;
}
Expand Down Expand Up @@ -91,12 +91,12 @@ zend_string *get_param(size_t *consumed, char *restrict line, sp_type type,
}
err:
if (0 == j) {
sp_log_err("error", "A valid string as parameter is expected on line %zu.",
sp_log_err("error", "A valid string as parameter is expected on line %zu",
sp_line_no);
} else {
sp_log_err("error",
"There is an issue with the parsing of '%s': it doesn't look "
"like a valid string on line %zu.",
"like a valid string on line %zu",
original_line ? original_line : "NULL", sp_line_no);
}
line = NULL;
Expand Down
12 changes: 6 additions & 6 deletions src/sp_crypt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,10 @@ void generate_key(unsigned char *key) {
if (env_var) {
PHP_SHA256Update(&ctx, (unsigned char *)env_var, strlen(env_var));
} else {
sp_log_err(
sp_log_warn(
"cookie_encryption",
"The environment variable '%s'"
"is empty, cookies are weakly encrypted.",
"The environment variable '%s' "
"is empty, cookies are weakly encrypted",
ZSTR_VAL(
SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var));
}
Expand Down Expand Up @@ -58,13 +58,13 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) {
sp_log_msg(
"cookie_encryption", SP_LOG_SIMULATION,
"Buffer underflow tentative detected in cookie encryption handling "
"for %s. Using the cookie 'as it' instead of decrypting it.",
"for %s. Using the cookie 'as it' instead of decrypting it",
hash_key ? ZSTR_VAL(hash_key->key) : "the session");
return ZEND_HASH_APPLY_KEEP;
} else {
sp_log_msg(
"cookie_encryption", SP_LOG_DROP,
"Buffer underflow tentative detected in cookie encryption handling.");
"Buffer underflow tentative detected in cookie encryption handling");
return ZEND_HASH_APPLY_REMOVE;
}
}
Expand Down Expand Up @@ -106,7 +106,7 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) {
return ZEND_HASH_APPLY_KEEP;
} else {
sp_log_msg("cookie_encryption", SP_LOG_DROP,
"Something went wrong with the decryption of %s.",
"Something went wrong with the decryption of %s",
hash_key ? ZSTR_VAL(hash_key->key) : "the session");
return ZEND_HASH_APPLY_REMOVE;
}
Expand Down
13 changes: 4 additions & 9 deletions src/sp_disabled_functions.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ static bool is_param_matching(zend_execute_data* execute_data,
if (config_node->pos != -1) {
if (config_node->pos > nb_param - 1) {
char* complete_function_path = get_complete_function_path(execute_data);
sp_log_err("config",
sp_log_warn("config",
"It seems that you wrote a rule filtering on the "
"%d%s argument of the function '%s', but it takes only %d "
"arguments. "
Expand Down Expand Up @@ -290,8 +290,6 @@ bool should_disable(zend_execute_data* execute_data,
const char* builtin_param_name, const sp_list_node* config,
const zend_string* current_filename) {
char current_file_hash[SHA256_SIZE * 2 + 1] = {0};
unsigned int line = 0;
char* filename = NULL;

while (config) {
sp_disabled_function const* const config_node =
Expand Down Expand Up @@ -327,9 +325,6 @@ bool should_disable(zend_execute_data* execute_data,
is_file_matching(execute_data, config_node, current_filename);
if (!ex) {
goto next;
} else if (ex != execute_data) {
line = ex->opline->lineno;
filename = ZSTR_VAL(ex->func->op_array.filename);
}
}

Expand Down Expand Up @@ -360,7 +355,7 @@ bool should_disable(zend_execute_data* execute_data,
(config_node->pos != -1)) {
if (!builtin_param &&
execute_data->func->op_array.arg_info->is_variadic) {
sp_log_err(
sp_log_warn(
"disable_function",
"Snuffleupagus doesn't support variadic functions yet, sorry. "
"Check https://github.com/nbs-system/snuffleupagus/issues/164 for "
Expand Down Expand Up @@ -391,10 +386,10 @@ bool should_disable(zend_execute_data* execute_data,

if (config_node->functions_list) {
sp_log_disable(ZSTR_VAL(config_node->function), arg_name, arg_value_str,
config_node, line, filename);
config_node);
} else {
sp_log_disable(complete_function_path, arg_name, arg_value_str,
config_node, line, filename);
config_node);
}
if (true == config_node->simulation) {
goto next;
Expand Down

0 comments on commit aa5d689

Please sign in to comment.