progpilot v0.5 releases: A static analysis tool for security
A static analyzer for security purposes – Only PHP language is currently supported.
- issues #9, #10, #11, #12 fixed
- support of call_user_func and call_user_func_array functions
- new kind of vulnerabilities detected:
- CWE-295: Improper Certificate Validation
- CWE-346: Origin Validation Error
- format of configuration file simplified
- Download the latest phar archive in releases folder (or builds folder for dev versions).
- Optional: configure your analysis with a yaml file.
- Optional : use the up-to-date security files configuration in package/src/uptodate_data folder.
- Progpilot takes two optional arguments :
- your YAML configuration file (if not the default configuration will be used)
- your files and folders that have to be analysed
Use getcomposer to install progpilot.
Your composer.json looks like this one :
Then run composer :
Then you could try the following example.
- For more information: look at the chapter about API explaination
- Use this code to analyze source_code1.php :
- When source_code1.php contains this code :
- The simplified output will be :
Copyright (c) 2017 Eric Therond <designsecurity.org>