progpilot v0.5 releases: A static analysis tool for security

progpilot

A static analyzer for security purposes – Only PHP language is currently supported.

Changelog v0.5

Use

  • Download the latest phar archive in releases folder (or builds folder for dev versions).
  • Optional: configure your analysis with a yaml file.
  • Optional : use the up-to-date security files configuration in package/src/uptodate_data folder.
  • Progpilot takes two optional arguments :
    • your YAML configuration file (if not the default configuration will be used)
    • your files and folders that have to be analysed
      php progpilot.phar --configuration ./configuration.yml example1.php example2.php ./folder1/ ./folder2/

       

       

      progpilot

Library installation

Use getcomposer to install progpilot.
Your composer.json looks like this one :

{
    "name": "Example",
    "description": "Example of use of Progpilot",
    "require": {
        "designsecurity/progpilot": "@dev",
        "ircmaxell/php-cfg": "@dev"
    }
} 

 

 

Then run composer :

composer install

Then you could try the following example.

Library example

  • For more information: look at the chapter about API explaination
  • Use this code to analyze source_code1.php :
    <?php
    
    require_once './vendor/autoload.php';
    
    $context = new \progpilot\Context;
    $analyzer = new \progpilot\Analyzer;
    
    $context->inputs->setFile("source_code1.php");
    
    $analyzer->run($context);
    $results = $context->outputs->getResults();
    
    var_dump($results);
    
    ?>

     

     

  • When source_code1.php contains this code :
    <?php
    
    $var7 = $_GET["p"];
    $var4 = $var7;
    echo "$var4";
    
    ?>	

     

     

     

  • The simplified output will be :
    array(1) {
      [0]=>
      array(11) {
        ["source_name"]=>
        array(1) {
          [0]=>
          string(5) "$var4"
        }
        ["source_line"]=>
        array(1) {
          [0]=>
          int(4)
        }
        ["sink_name"]=>
        string(4) "echo"
        ["sink_line"]=>
        int(5)
        ["vuln_name"]=>
        string(3) "xss"
      }
    }

     

     

    All files (composer.json, example1.php, source_code1.php) used in this example are in the projects/example folder.
    For more examples look at this page.

Tutorial

Copyright (c) 2017 Eric Therond <designsecurity.org>

Source: https://github.com/designsecurity/

Share