Snuffleupagus did;nt work as expected

[barianto2007]

Hi,

My Name is Budi from Indonesia.

Been two days hasn't able to solve the problem i facing with snuffleupagus with php 8.3

Build latest snuffleupagus (v.0.10.0) for ubuntu, build success with some error when "make test". Check on phpinfo it say snuffleupagus enabled with config.

But when i testing some simple configuration like

sp.eval_whitelist.list("strlen,strcmp").simulation(); or sp.eval_whitelist.list("strlen,strcmp");

and on php run this code :

<?php
$string = phpinfo();
$time = "winter";

$str = 'This is a $string $time morning!';
echo $str. "<br>";

eval("\$str = \"$str\";");
echo $str;
?>

My log file didn't catch anything, and on 2nd case (i drop phpinfo) phpinfo still show up.

I even revert back to snuffleupagus v0.9.0 and the result where the same.

please help...

[barianto2007]

Try with wrong configuration

sp.eval_whitelist.list("strlen,strcmp").simulate();

php catch the wrong configuration on log :

AH01071: Got error 'PHP message: PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0'

[barianto2007]

I found out the culprit.

When i remove this line from sample config : defautl_php8.rules that i use,

#ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));

My configuration i add seem to working.

[jvoisin]

Weird.
Should be fixed by 320b3f8