A New Static Vulnerabilities Analysis Algorithm for PHP Codes

as for detecting taint-style vulnerabilities in PHP codes, this paper introduces function calling control vulnerability, which is a new kind of taint-style vulnerabilities in PHP codes without sensitive function, and enriches classical update rules for taint analysis with a new transfer function def...

Full description

Saved in:
Bibliographic Details
Published in2017 International Conference on Network and Information Systems for Computers (ICNISC) pp. 122 - 125
Main Authors Yan, Xue-Xiong, Ma, Heng-Tai
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.04.2017
Subjects
function control vulnerability
PHP
Software
SQL injection
Static analysis
Syntactics
taint analysis
taint-style vulnerability
Transfer functions
Online AccessGet full text
DOI10.1109/ICNISC.2017.00034

Cover

More Information
Summary:as for detecting taint-style vulnerabilities in PHP codes, this paper introduces function calling control vulnerability, which is a new kind of taint-style vulnerabilities in PHP codes without sensitive function, and enriches classical update rules for taint analysis with a new transfer function definition, which is used to deal with statements with a single function call. The new static vulnerabilities analysis algorithm is implemented in a tool named POSE, and the experiment results of the POSE show that the new algorithm is valid for detecting more type of taint-style vulnerabilities in PHP codes.
DOI:10.1109/ICNISC.2017.00034