Skip to content
This repository was archived by the owner on Nov 21, 2017. It is now read-only.

diogocp/ssoft-project

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
php-parser
php-parser
 
 
slices
slices
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
analyzer.py
analyzer.py
 
 
patterns.txt
patterns.txt
 
 
report.pdf
report.pdf
 
 
run_tests.py
run_tests.py
 
 

Repository files navigation

Discovering vulnerabilities in PHP web applications

The aim of this project is to study how vulnerabilities in PHP code can be detected statically by means of taint and input validation analysis.

Running the analysis tool

Run analyzer.py in the project root directory. The name of the file to analyze may be passed in as an argument. If no argument is specified, the program will read from stdin.

Example:

./analyzer.py slices/slice1.json

To run the tests:

./run_tests

Parsing PHP code

If you have Node.js installed, you can convert PHP into a JSON AST by doing

cd php-parser
npm install
npm run parser -- slice.php

This will create a file slice.json with the AST.

About

No description or website provided.

Topics

security static-analysis course-project information-flow

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages