phpsample's Introduction
Type the following commands to run Fortify Static Code Analyzer on source.php and sink.php:
$ sourceanalyzer -b sample-php -clean
$ sourceanalyzer -b sample-php source.php sink.php
$ sourceanalyzer -b sample-php -scan -f sample-php.fpr
As with all scripting languages, it is important to translate (the second command that converts source files into analyzable format) as many of the input source files as possible at one time. This enables the translation phase to glean more data from the original sources. In languages such as C or Java, the source files contain explicit information about types and externally referenced code and data, which we must infer for scripting languages.
Open the analysis results file in Audit Workbench:
$ auditworkbench sample-php.fpr
This test demonstrates a couple of simple dataflow vulnerabilities, and
one dangerous function. While it is artificial, it illustrates the types
of problems PHP programs frequently experience. The program reads data from
the $_GET array (which contains data provided by the -- potentially
hostile -- browser) into the variable $tainted. This data is added to
and modified, and copied into the variable $my_var.
This variable, which still contains potentially dangerous data from an
attacker, is passed to another function, do_work(), which is in the
sink.php file.
This function does two dangerous things with the arguments, which it
evidently trusts:
- Prints out a string, which will normally wind up on a
web page. An attacker carefully placing hostile data
in a URL can thus control this web page.
- Runs a SQL query. An attacker placing hostile data in
a URL can perform essentially any database operation.
The first issue is a cross-site scripting (XSS) attack, and the second
is a SQL Injection attack. Both of these issues should be shown in
Audit Workbench.
In addition, a third issue, Possible Variable Overwrite, should also
exist. A function in sink.php, do_other_work(), which is never called
nonetheless uses the extract() builtin function. The extract() function essentially
cannot be used safely, because its purpose is to overwrite variables.
The Fortify analysis might detect other types of issues depending on the Rulepack version used
in the scan.
phpsample's People
Contributors
Watchers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.