Static Analysis for the PHP Language
نویسنده
چکیده
This report presents the work that was done to implement a static analysis tool for the PHP programming language. The kind of analysis done by the compiler or by the multiple development environments are very limited. This tool aims at providing further feedback to a developer by checking for multiple bug conditions or mis-uses of the language and should reduce the risk of encountering fatal errors at runtime after deployment of PHP based application.
منابع مشابه
Static analysis of dynamic scripting languages
Scripting languages, such as PHP, are among the most widely used and fastest growing programming languages, particularly for web applications. Static analysis is an important tool for detecting security flaws, finding bugs, and improving compilation of programs. However, static analysis of scripting languages is difficult due to features found in languages such as PHP. These features include ru...
متن کاملSimulation of Built-in PHP Features for Precise Static Code Analysis
The World Wide Web grew rapidly during the last decades and is used by millions of people every day for online shopping, banking, networking, and other activities. Many of these websites are developed with PHP, the most popular scripting language on the Web. However, PHP code is prone to different types of critical security vulnerabilities that can lead to data leakage, server compromise, or at...
متن کاملStatic Detection of Security Vulnerabilities in Scripting Languages
We present a static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications. Our analysis employs a novel three-tier architecture to capture information at decreasing levels of granularity at the intrablock, intraprocedural, and interprocedural level. This architecture enables us to handle dynamic features of scrip...
متن کاملFramework for Static Analysis of PHP Applications (Artifact)
This artifact is based on Weverca, a static analyzer framework for PHP applications. The aim of Weverca is to provide developers with a framework that would allow for an easy implementation of custom static analyses of PHP, while not coping with the dynamic language issues. The framework processes the input source code in two phases. In the first phase, the program-point graph is constructed, w...
متن کاملRuntime Instrumentation for Precise Flow-Sensitive Type Analysis
We describe a combination of runtime information and static analysis for checking properties of complex and configurable systems. The basic idea of our approach is to 1) let the program execute and thereby read the important dynamic configuration data, then 2) invoke static analysis from this runtime state to detect possible errors that can happen in the continued execution. This approach impro...
متن کامل