DROPS - Document

License:

Creative Commons Attribution 3.0 Germany license (CC BY 3.0 DE)
When quoting this document, please refer to the following
DOI: 10.4230/DARTS.1.1.11
URN: urn:nbn:de:0030-drops-55208
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2015/5520/

Go back to Dagstuhl Artifacts Series

Hauzar, David ; Kofron, Jan

Framework for Static Analysis of PHP Applications (Artifact)

pdf-format:

11.pdf (0.3 MB)

Abstract

This artifact is based on Weverca, a static analyzer framework for PHP applications. The aim of Weverca is to provide developers with a framework that would allow for an easy implementation of custom static analyses of PHP, while not coping with the dynamic language issues. The framework processes the input source code in two phases. In the first phase, the program-point graph is constructed, which has the dynamic constructs (eval, dynamic includes, type information) already resolved. The developer can then implement a custom static analysis in the second phase, exploiting the output of the first phase. The provided package is designed to support repeatability of the experiments of the companion paper: in particular to perform security (taint) analyses of two bundled applications. Instruction to compile and run the analyzer are also provided.

BibTeX - Entry

@Article{hauzar_et_al:DARTS:2015:5520,
  author =	{David Hauzar and Jan Kofron},
  title =	{{Framework for Static Analysis of PHP Applications (Artifact)}},
  pages =	{11:1--11:2},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2015},
  volume =	{1},
  number =	{1},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2015/5520},
  URN =		{urn:nbn:de:0030-drops-55208},
  doi =		{10.4230/DARTS.1.1.11},
  annote =	{Keywords: Static analysis, abstract interpretation, dynamic languages, PHP, security}
}

Keywords: Static analysis, abstract interpretation, dynamic languages, PHP, security

Collection: DARTS, Volume 1, Issue 1

Related Scholarly Article: http://dx.doi.org/10.4230/LIPIcs.ECOOP.2015.689

Issue Date: 2015

Date of publication: 30.10.2015

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI

Keywords:		Static analysis, abstract interpretation, dynamic languages, PHP, security
Collection:		DARTS, Volume 1, Issue 1
Related Scholarly Article:		http://dx.doi.org/10.4230/LIPIcs.ECOOP.2015.689
Issue Date:		2015
Date of publication:		30.10.2015