PHP vulnerability detection based on taint analysis-Codeshoppy
To detect the vulnerabilities of Web applications which based on the PHP scripting language. This paper proposes a PHP vulnerability detection method based on fine-grained taint analysis algorithm. First of all, this article generates the Abstract Syntax Tree by lexical and grammatical analysis on the PHP, and then produces the corresponding Control Flow Graph. At last, performing taint analysis on the Control Flow Graph. By tracking the program parameters, variables and other external input, marking the input type, propagating to various types of vulnerability function via the taint, and finally according to the tainted types of variable which are outputted to identify the vulnerabilities. We tested 16 programs of Damm Vulnerable Web App and found nine known vulnerabilities.
PHP language is widely used on the Web services, But it has the inherent vulnerability, so it is easy to produce a variety of vulnerabilities in the programming process, which is more common with SQL injection vulnerabilities and XSS (Cross Site Scripting) vulnerabilities. According to OWASP (Open Web Application Security) [1] 2017 latest data, in the top ten Web application security vulnerabilities, the first category is injection attacks, and Cross Site Scripting attack ranked third. The contributing factor of these two vulnerabilities is mainly that the validity of the user input data can not be reasonably
verified, so this type of vulnerabilities is called tainted vulnerabilities.
It is a static analysis tool based on the token flow. It uses PHP’s built-in token_get_all () to parse the PHP code to get the token, and then converts the code into an intermediate format for easy analysis, It adopts the taint analysis method to detect vulnerabilities. WAP(Web Application Protection) is a
PHP vulnerability detection tool which is developed by Java.Mca Projects Topics 2022 2023
This tool analyzes the source code by taint analysis. The advantage is that you can automatically repair the identified vulnerabilities. In addition, there are a lot of people also designed the relevant PHP static analysis tools. is combined with string analysis method, based on Pixy tool to achieve a combination of static and dynamic PHP code analysis method. Used e-SSA as an intermediate
representation to perform a taint analysis of PHP. Y.Zheng and X.Zhang proposed path and context-related inter-process analysis methods to detect vulnerabilities. But there are still many problems with the above tools, for instance the intermediate representation is not complete resulting in the loss
of a lot of important information; Some tools can not be fully compatible new version of the PHP syntax features; And the false negatives and false positives are relatively high.
it based on the experience of predecessors, we use the PHP-Parser which can be compatible with the latest and more widely used PHP5 and PHP7 to conduct lexical and grammatical analysis for PHP. The PHP-Parser can produce AST (Abstract Syntax Tree) with very complete information. Then building the CFG(Control Flow Graph). At last we perform the fine-grained taint propagate analysis and detect the
possible vulnerabilities. The experimental results show that we can really find a number of vulnerabilities by this method.