Uploaded image for project: 'Product Roadmaps'
  1. Product Roadmaps
  2. MMF-2114

Symbolic Analysis for PHP

    XMLWordPrintable

    Details

    • Type: MMF
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Labels:

      Description

      Why

      Symbolic Analysis allows to be more precise and powerful when tracking taint values across a project. Enabling it for PHP will allow the analysis to be field-sensitive, which is a known drawback of the current fixpoint analysis: it will significantly reduce the number of FP that we are seeing while keeping TP found with fixpoint.

      Furthermore, having a more precise tracking of values will allow to fine-tune rules to further reduce the number of FP in the future.

      Given that both engines run on our intermediate representation (UCFGs), switching from one to the other should be a minimal effort.

      What

      The Symbolic Analysis engine is a result of merging the current SonarSecurity analyzer with the advanced technology coming from RIPS DJaVu. The current engine runs for Java on the UCFGs generated by the java-security-frontend plugin. The goal here is to reuse the engine and the UCFGs generated by the csharp-security-frontend to switch the PHP analysis to use symbolic analysis.

      How

      • Updating the engine to run Symbolic Analysis by default for the PHP language.
      • Specific "Stubs" will have to be written for collections, as was done for Java. These "Stubs" will allow to correctly create an ArraySymbol when a collection is instantiated inside UCFGs.
      • Investigate IT & peach results

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              alexandre.gigleux Alexandre Gigleux
              Reporter:
              alexandre.gigleux Alexandre Gigleux
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: