progpilot v1.0.2 releases: A static analysis tool for security

progpilot

A static analyzer for security purposes – Only PHP language is currently supported.

Changelog v1.0.2

• Fix new bug reported in #44
• update dependencies

Use

• Download the latest phar archive in releases folder (or builds folder for dev versions).
• Optional: configure your analysis with a yaml file.
• Optional : use the up-to-date security files configuration in package/src/uptodate_data folder.
• Progpilot takes two optional arguments :
  • your YAML configuration file (if not the default configuration will be used)
  • your files and folders that have to be analysed

    php progpilot.phar --configuration ./configuration.yml example1.php example2.php ./folder1/ ./folder2/

     

     

    

Library installation

Use getcomposer to install progpilot.
Your composer.json looks like this one :

{

    "name": "Example",

    "description": "Example of use of Progpilot",

    "require": {

        "designsecurity/progpilot": "@dev",

        "ircmaxell/php-cfg": "@dev"

    }

} 

Then run composer :

Then you could try the following example.

Library example

• For more information: look at the chapter about API explaination
• Use this code to analyze source_code1.php :

  <?php
  
  
  
  require_once './vendor/autoload.php';
  
  
  
  $context = new \progpilot\Context;
  
  $analyzer = new \progpilot\Analyzer;
  
  
  
  $context->inputs->setFile("source_code1.php");
  
  
  
  $analyzer->run($context);
  
  $results = $context->outputs->getResults();
  
  
  
  var_dump($results);
  
  
  
  ?>

   

   

• When source_code1.php contains this code :

  <?php
  
  
  
  $var7 = $_GET["p"];
  
  $var4 = $var7;
  
  echo "$var4";
  
  
  
  ?>	

   

   

• The simplified output will be :

  array(1) {
  
    [0]=>
  
    array(11) {
  
      ["source_name"]=>
  
      array(1) {
  
        [0]=>
  
        string(5) "$var4"
  
      }
  
      ["source_line"]=>
  
      array(1) {
  
        [0]=>
  
        int(4)
  
      }
  
      ["sink_name"]=>
  
      string(4) "echo"
  
      ["sink_line"]=>
  
      int(5)
  
      ["vuln_name"]=>
  
      string(3) "xss"
  
    }
  
  }

   

   

  All files (composer.json, example1.php, source_code1.php) used in this example are in the projects/example folder.
  For more examples look at this page

Tutorial

Copyright (c) 2017 Eric Therond <designsecurity.org>

Source: https://github.com/designsecurity/