摘要
针对基于PHP语言开发的Web应用程序产生的污点型漏洞,提出一种静态代码分析检测的方法。提出的生成控制流图的算法,基于PHP内置函数解析PHP程序,生成抽象解析树,进而生成控制流图;对内置特征、入口点和敏感点进行建模,精确分析数据流;提出基于有效路径的污点分析方法,提高了分析的准确性,实现了基于变量回溯的路径遍历算法。实现了该方法的原型系统,并对两个广泛使用的PHP应用程序进行测试,发现了6个未公开漏洞和11个已公开漏洞,证明了该系统具有较强的漏洞检测能力。
This paper proposes a method based on static code analysis to detect vulnerabilities for PHP tainted-style vulnerability caused by Web Apps. Firstly, the paper provides the control flow graph generating algorithm. By employing the PHP built-in function, it analyzes the PHP program to construct the abstract parse tree, and then it generates the control flow graph. Secondly, it models the built-in features, the entry point and the sensitive point, and presents the data flow analysis approach. Then, it proposes the effective paths analysis approach based on taint analysis to improve the accuracy of the analysis and gives the variable backtracking algorithm. Finally, the paper implements the prototype of the approach,and tests on two widely used PHP applications and finds 6 undisclosed vulnerabilities and 11 disclosed vulnerabilities.
出处
《计算机工程与应用》
CSCD
北大核心
2018年第1期64-69,共6页
Computer Engineering and Applications
基金
国家高技术研究发展计划(863)(No.2012AA012902)
关键词
抽象解析树
控制流图
污点型漏洞
路径遍历
污点分析
abstract parse tree
Control Flow Graph(CFG)
tainted-style vulnerability
path traversal
taint analysis