计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (1): 64-69.DOI: 10.3778/j.issn.1002-8331.1608-0258

• 理论与研发 • 上一篇    下一篇

PHP程序污点型漏洞静态检测方法

麻荣宽,魏  强,武泽慧   

  1. 解放军信息工程大学,郑州 450001
  • 出版日期:2018-01-01 发布日期:2018-01-15

Static detection method for tainted-style vulnerabilities of PHP application

MA Rongkuan, WEI Qiang, WU Zehui   

  1. PLA Information Engineering University, Zhengzhou 450001, China
  • Online:2018-01-01 Published:2018-01-15

摘要: 针对基于PHP语言开发的Web应用程序产生的污点型漏洞,提出一种静态代码分析检测的方法。提出的生成控制流图的算法,基于PHP内置函数解析PHP程序,生成抽象解析树,进而生成控制流图;对内置特征、入口点和敏感点进行建模,精确分析数据流;提出基于有效路径的污点分析方法,提高了分析的准确性,实现了基于变量回溯的路径遍历算法。实现了该方法的原型系统,并对两个广泛使用的PHP应用程序进行测试,发现了6个未公开漏洞和11个已公开漏洞,证明了该系统具有较强的漏洞检测能力。

关键词: 抽象解析树, 控制流图, 污点型漏洞, 路径遍历, 污点分析

Abstract: This paper proposes a method based on static code analysis to detect vulnerabilities for PHP tainted-style vulnerability caused by Web Apps. Firstly, the paper provides the control flow graph generating algorithm. By employing the PHP built-in function, it analyzes the PHP program to construct the abstract parse tree, and then it generates the control flow graph. Secondly, it models the built-in features, the entry point and the sensitive point, and presents the data flow analysis approach. Then, it proposes the effective paths analysis approach based on taint analysis to improve the accuracy of the analysis and gives the variable backtracking algorithm. Finally, the paper implements the prototype of the approach, and tests on two widely used PHP applications and finds 6 undisclosed vulnerabilities and 11 disclosed vulnerabilities.

Key words: abstract parse tree, Control Flow Graph(CFG), tainted-style vulnerability, path traversal, taint analysis