Skip to content
/ SS1617 Public

A static analysis tool written in Python for identifying data flow integrity violations in PHP code.

License

Notifications You must be signed in to change notification settings

Gisson/SS1617

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SS1617

A static analysis tool written in Python for identifying data flow integrity violations in PHP code.

Dependencies

  • phply (Python PHP parser)

    git clone --depth 1 https://github.com/viraptor/phply.git
    export PYTHONPATH="$PYTHONPATH:$(pwd)/phply"
    • PLY (Python Lex-Yacc) (needed by phply):

      pip install ply

      Make sure it's installed for the correct python version. To do run the command pip show ply and check the Location field.

Running the project

Make sure all the dependencies are properly installed. Then, try analysing one of the sample files:

cd src
./analyzer.py ../tests/sqli_02.php 2>/dev/null

2>/dev/null disables debug messages.

It should output something like:

> Tainted sink for SQL injection in line 3:
$hasil=mysql_query($q_sems,$koneksi);

Another example:

./analyzer.py ../tests/qli_02_sanitized.php 2>/dev/null

Should output something like:

> Sanitization function for SQL injection in line 2:
$nis=mysql_real_escape_string($nis);

Data structures

The data structure used is rule. This structure has attributes name (name of the rule), entry_point ( a possible entry point of a vulnerability), validation (the validation function used for the vulnerability) and lastly a sink (the sink of the problem, where the vulnerability can be executed). All these attributes but the name one are lists which are all the attributes encontered in a config file which is read by the analyzer. This attributes if more than 1 are divided by commas (,). See more about config files on the examples at the tests folder.

	list(struct:rule(string:name,list:entry_point,list:validation,list:sink))

About

A static analysis tool written in Python for identifying data flow integrity violations in PHP code.

Resources

License

Stars

Watchers

Forks

Packages

No packages published