一种新的PHP代码静态漏洞分析算法

2017 International Conference on Network and Information Systems for Computers (ICNISC) Pub Date : 2017-04-01 DOI:10.1109/ICNISC.2017.00034

Xue-xiong Yan, Hengtai Ma

{"title":"一种新的PHP代码静态漏洞分析算法","authors":"Xue-xiong Yan, Hengtai Ma","doi":"10.1109/ICNISC.2017.00034","DOIUrl":null,"url":null,"abstract":"as for detecting taint-style vulnerabilities in PHP codes, this paper introduces function calling control vulnerability, which is a new kind of taint-style vulnerabilities in PHP codes without sensitive function, and enriches classical update rules for taint analysis with a new transfer function definition, which is used to deal with statements with a single function call. The new static vulnerabilities analysis algorithm is implemented in a tool named POSE, and the experiment results of the POSE show that the new algorithm is valid for detecting more type of taint-style vulnerabilities in PHP codes.","PeriodicalId":429511,"journal":{"name":"2017 International Conference on Network and Information Systems for Computers (ICNISC)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A New Static Vulnerabilities Analysis Algorithm for PHP Codes\",\"authors\":\"Xue-xiong Yan, Hengtai Ma\",\"doi\":\"10.1109/ICNISC.2017.00034\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"as for detecting taint-style vulnerabilities in PHP codes, this paper introduces function calling control vulnerability, which is a new kind of taint-style vulnerabilities in PHP codes without sensitive function, and enriches classical update rules for taint analysis with a new transfer function definition, which is used to deal with statements with a single function call. The new static vulnerabilities analysis algorithm is implemented in a tool named POSE, and the experiment results of the POSE show that the new algorithm is valid for detecting more type of taint-style vulnerabilities in PHP codes.\",\"PeriodicalId\":429511,\"journal\":{\"name\":\"2017 International Conference on Network and Information Systems for Computers (ICNISC)\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Network and Information Systems for Computers (ICNISC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICNISC.2017.00034\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Network and Information Systems for Computers (ICNISC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNISC.2017.00034","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

针对PHP代码中的污染式漏洞检测，本文引入了函数调用控制漏洞，这是一种不含敏感函数的PHP代码中的新型污染式漏洞，并通过新的传递函数定义丰富了经典的污染分析更新规则，用于处理单函数调用语句。在一个名为POSE的工具中实现了新的静态漏洞分析算法，POSE的实验结果表明，新算法可以有效地检测出PHP代码中更多类型的污点式漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A New Static Vulnerabilities Analysis Algorithm for PHP Codes

as for detecting taint-style vulnerabilities in PHP codes, this paper introduces function calling control vulnerability, which is a new kind of taint-style vulnerabilities in PHP codes without sensitive function, and enriches classical update rules for taint analysis with a new transfer function definition, which is used to deal with statements with a single function call. The new static vulnerabilities analysis algorithm is implemented in a tool named POSE, and the experiment results of the POSE show that the new algorithm is valid for detecting more type of taint-style vulnerabilities in PHP codes.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 International Conference on Network and Information Systems for Computers (ICNISC)

自引率

0.00%

发文量