A static analysis tool written in Python for identifying data flow integrity violations in PHP code.
-
phply (Python PHP parser)
git clone --depth 1 https://github.com/viraptor/phply.git export PYTHONPATH="$PYTHONPATH:$(pwd)/phply"
-
PLY (Python Lex-Yacc) (needed by
phply):pip install ply
Make sure it's installed for the correct python version. To do run the command
pip show plyand check the Location field.
-
Make sure all the dependencies are properly installed. Then, try analysing one of the sample files:
cd src
./analyzer.py ../tests/sqli_02.php 2>/dev/null2>/dev/null disables debug messages.
It should output something like:
> Tainted sink for SQL injection in line 3:
$hasil=mysql_query($q_sems,$koneksi);Another example:
./analyzer.py ../tests/qli_02_sanitized.php 2>/dev/nullShould output something like:
> Sanitization function for SQL injection in line 2:
$nis=mysql_real_escape_string($nis);The data structure used is rule. This structure has attributes name (name of the rule), entry_point ( a possible entry point of a vulnerability), validation (the validation function used for the vulnerability) and lastly a sink (the sink of the problem, where the vulnerability can be executed). All these attributes but the name one are lists which are all the attributes encontered in a config file which is read by the analyzer. This attributes if more than 1 are divided by commas (,). See more about config files on the examples at the tests folder.
list(struct:rule(string:name,list:entry_point,list:validation,list:sink))