基于污点分析的PHP漏洞检测

PHP Vulnerability Detection Based on Stain Analysis

提出了一种基于变量回溯的污点分析算法来进行PHP漏洞检测。首先,基于PHP语法分析器PHP-Parser对PHP进行词法和语法分析,产生抽象语法树,再由其产生对应的控制流图,然后在控制流图上实行污点分析。通过跟踪程序中可能导致漏洞的敏感函数中包含的危险参数,向前回溯处理,判断其是否来自于外部危险输入并判断是否经过了安全处理来确定漏洞。采用本方法对DVWA中的12个程序进行测试,发现了7个已知的漏洞,证明该方法具有较强的漏洞检测能力。

This paper proposes a taint analysis algorithm based on variable backtracking for PHP vulnerability detection. Firstly,this paper uses PHP-Parser to perform lexical and grammatical analysis on PHP and generate an Abstract Syntax Tree. Then generate a corresponding Control Flow Graph,and then perform a taint analysis on the Control Flow Graph. By tracking the dangerous parameters contained in sensitive functions that may cause vulnerabilities in the program,traceback processing is performed to determine whether it originates from an external hazard input and whether a security process has been determined to determine the vulnerabilities. By using this method to test 12 programs in DVWA,7 known vulnerabilities were discovered,which proved that this method has strong vulnerability detection capability.