1
Hi XOOPSers,
I'm trying to adapt a program that finds flaws in C/C++ code to PHP, so that we could have large scale automated (and somewhat dumb, but still worth IMHO) code security scans. The original app,
Flawfinder, has a list of C/C++ functions that may create security issues, then a few functions to check whether the way a given 'flagged' function is used makes it safe or a problem.
I've built a list of functions (>3600, almost all at php.net) with short descriptions and links to the PHP Manual and will start picking the ones I find in
PHP security articles, assigning arbitrary risk values and trying to prune false positives for them. My PHP security knowledge is very very small, so if you can contribute (like listing functions you think should be included and why), things could work a lot faster and better
So, in a nuts-hell
, I need help to determine which core PHP functions bring security issues, what checks I could do to eliminate false-positives (i.e., safe ways of using flagged functions) and to rank the hits the program finds.
Sample output (for a pretty naive version, numbers between '[' and ']' would be risk rank, and you'll be able to limit scans for hits above rank X using command line options).