phpscan
1.0.0
A static analysis tool for PHP.
Pseudo-executes PHP code to detect vulnerabilities.
It has the following features:
The following vulnerabilities can be checked:
The test results are output as HTML reports.
The inspection report describes the route of the call from the point where the user input value is first assigned to the point where it is used in a dangerous function.
It has been confirmed to work in the following environments:
Running gradlew build creates the phpscan-1.0-SNAPSHOT directory.
This example explains how to inspect a CMS plug-in.
phpscan-1.0-SNAPSHOT/bin/phpscan is executed, it will inspect the PHP files in the plugin directory.Operation settings are made using setting.properties.
Specifies the path to the directory where the PHP files to be inspected are located.
You must enter either ENTRY_POINT_PATH or ENTRY_POINT_PARENT_PATH.
Used when multiple ENTRY_POINT_PATHs exist.
You can inspect the ENTRY_POINT_PATH group by placing the ENTRY_POINT_PATH group in one directory and specifying the directory's path in this entry.
For example, if you want to inspect multiple plugins at the same time, specify the path to the directory where the plugin directories are located.
You must enter either ENTRY_POINT_PATH or ENTRY_POINT_PARENT_PATH.
Specify the path to the directory where the PHP files required to run the PHP file to be inspected are located.
PHP files in this directory are not subject to inspection.
For example, if you are inspecting a CMS plug-in, specify the path to the directory on the CMS itself in this item.
If not specified, one of the values ENTRY_POINT_PATH and ENTRY_POINT_PARENT_PATH is used.
Specify the path to the php.ini file.
These are required fields.
Specify the path of the text file containing the path of the PHP file to be excluded from inspection.
Specify the paths to be excluded from the check using regular expressions.
Multiple items can be specified separated by commas.
Specify the function name if your application implements its own function that escapes a string in a SQL statement.
Multiple items can be specified separated by commas.
Specify the function name if your application implements its own function that escapes HTML strings.
Multiple items can be specified separated by commas.
Specifies the categories of vulnerabilities to be excluded from inspection.
The specified category will not be displayed in the inspection report.
The possible values are as follows:
Multiple items can be specified separated by commas.
This lists the extension that is recognized as a PHP file.
Multiple items can be specified separated by commas.
If not specified, two extensions, php and inc, will be recognized as PHP files.
Specifies the framework, CMS that the application is using.
By specifying this, you can improve the comprehensiveness of the test.
The possible values are as follows:
Multiple items can be specified separated by commas.
All of the vulnerabilities listed on the following sites, PHP-related items have been discovered on PHPSCAN.
http://jvndb.jvn.jp/search/index.php?mode=_vulnerability_search_IA_VulnSearch&lang=ja&useSynonym=1&keyword=%90%F3%88%E4%81%40%8C%92
It is not compatible with PHP7 features.
This software is released under the MIT License, see LICENSE.txt.
