Skip to content
BeF edited this page Jul 17, 2022 · 3 revisions

CI for PHP versions CI for Linux distos PHP7 CI for Linux distos PHP8 CI for CodeQL Analysis

About Snuffleupagus

Snuffleupagus is a marvellous security module for PHP 7 and PHP 8. This repository is a fork of the original Snuffleupagus repository used for development and testing of new and experimental features. It can be seen as the beta version of the Snuffleupagus PHP extension, showcasing new ideas, with the aim to eventually be ported back upstream to the original repository.

About Suhosin-NG

suhosin-ng logo

The Suhosin-NG project is an effort to advance PHP hardening by providing patches to Snuffleupagus, documentation and its own set of tools.

Building Snuffleupagus (SNG) for development and debugging

  • Prerequisites: Obviously, you will need a development environment with a C compiler and a PHP installation with headers (dev-package). See Github Workflows for examples.

  • Check out the repository and compile:

    git clone https://github.com/sektioneins/snuffleupagus.git
    cd snuffleupagus
    make compile_debug
    

    Future builds can be done using just make, e.g. after you made some code changes.

Running the test suite

  • Run all tests:

    It is possible to just run make test in src/, but debugging output will likely lead to most tests failing. This is why there is another Makefile rule called tests in src/, which sets the SP_NODEBUG=1 environment variable in order to prevent debugging output with a debug build.

    src$ make tests
    
  • Run just one test or a subset of tests:

    make tests TESTS=tests/sid_too_long.phpt
    make tests TESTS=tests/disable_function
    

Working with multiple PHP installations

Multiple PHP installations on the same host

Suppose your PHP installations are in /opt/php/root/$PHP_VERSION/, e.g. /opt/php/root/8.1.1-64bit, just run in src/

/opt/php/root/8.1.1-64bit/bin/phpize
./configure --with-php-config=/opt/php/root/8.1.1-64bit/bin/php-config --enable-snuffleupagus --enable-debug --enable-debug-stderr
make

Docker

If you prefer running different PHP versions in different docker containers, just run

make docker DOCKER_IMAGE=php:7.4

This will spawn a new docker container using the specified image - or php:latest if unspecified - and binds /sp to your Snuffleupagus checkout directory.

Separate multiple Snuffleupagus builds

The linked-clone Makefile rule creates symbolic links to all source files into a new directory and copies all tests.

make linked-clone CLONE=8.1-debian

This will create a linked clone in src-8.1-debian with all source files kept in sync with the src/ directory, but with its own set of tests. You can easily compile a debug build:

make compile_debug SRC=src-8.1-debian