Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss/twitter]

Snuffleupagus 0.2.0 - Elephant Rally
Thu 18 January 2018 — download

snuffleupagus logo

Yay, a new version of Snuffleupagus, the 0.2.0, codename Elephant Rally (after a famous motorcycle rally).

If you don't know what Snuffleupagus is, you might want to read the post about its previous release.


This release brings a lot of goodies:

  • glob is now supported in sp.configuration_file, allowing you to use several configuration files without having to name them one by one.
  • We implemented a whitelist/blacklist system for functions called from an eval, likely Suhosin, except that we're allowing you to authorize/block user-defined functions too, and not only builtin ones. This comes with a small performance hit compared to suhosin, but we think that it's worth it.
  • If you're current configuration is broken, snuffleupagus will tell you, in your phpinfo. It'll also display the paths to your configuration files. This is a minor information leak, but there are other variables containing paths too, so we're convinced that it's acceptable. Especially since this feature might help to keep the number of tickets entitled "Snuffleupagus isn't working :(" on our bugtracker.
  • Thanks to the stubbornness of fr33tux, we fixed two crashes that appeared when using some ultra-dense php frameworks with convoluted OOP code.
  • Since Snuffleupagus is not a proof of concept anymore, we spent some time tracking every single dynamic memory allocation, to ensure that it was freed at some point. We took the opportunity to decrease a bit the memory consumption.
  • Thanks to valgrind, we spotted (and fixed) some minor off-by-one in the configuration parsing code.
  • Good news for our windows users, we're now correctly handling your fancy EOL in the configuration files.
  • It's now possible to virtual-patch return values of user-defined function.
  • The codebase as been cleaned up, and has been made more portable: we're now compiling on FreeBSD and RHEL-based Linuxes.
  • The documentation is now way more consistent and complete


While snuffleupagus is mainly developed by blotus and me, we received three external contributions!

  1. From bui, implementing regexp for cookie names for our cookie-encryption feature
  2. From smagnin, overhauling our ultra-ghetto linked-list implementation to something more elegant.
  3. From Remi Collet, who opened issues, issued pull-requests, and published Snuffleupagus packages on his repositories, so maybe soon in Fedora, CentOS and Red Hat via EPEL!

We don't have many issues for the next release, so I guess we're close to being feature-complete. Odds are that we'll focus on stabilizing the codebase, and make Snuffleupagus even more reliable. We might start to publish some of our rules for popular CMS if people are interested.

See you in your PHP stack!