Framework for Static Analysis of PHP Applications (Artifact)

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216208%3A11320%2F15%3A10320495" target="_blank" >RIV/00216208:11320/15:10320495 - isvavai.cz</a>

Výsledek na webu

<a href="http://d3s.mff.cuni.cz/projects/formal_methods/weverca/" target="_blank" >http://d3s.mff.cuni.cz/projects/formal_methods/weverca/</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Framework for Static Analysis of PHP Applications (Artifact)

Popis výsledku v původním jazyce

This artifact is based on Weverca, a static analyzer framework for PHP applications. The aim of Weverca is to provide developers with a framework that would allow for an easy implementation of custom static analyses of PHP, while not coping with the dynamic language issues. The framework processes the input source code in two phases. In the first phase, the program-point graph is constructed, which has the dynamic constructs (eval, dynamic includes, type information) already resolved. The developer canthen implement a custom static analysis in the second phase, exploiting the output of the first phase. The provided package is designed to support repeatability of the experiments of the companion paper: in particular to perform security (taint) analysesof two bundled applications. Instruction to compile and run the analyzer are also provided.

Název v anglickém jazyce

Framework for Static Analysis of PHP Applications (Artifact)

Popis výsledku anglicky

This artifact is based on Weverca, a static analyzer framework for PHP applications. The aim of Weverca is to provide developers with a framework that would allow for an easy implementation of custom static analyses of PHP, while not coping with the dynamic language issues. The framework processes the input source code in two phases. In the first phase, the program-point graph is constructed, which has the dynamic constructs (eval, dynamic includes, type information) already resolved. The developer canthen implement a custom static analysis in the second phase, exploiting the output of the first phase. The provided package is designed to support repeatability of the experiments of the companion paper: in particular to perform security (taint) analysesof two bundled applications. Instruction to compile and run the analyzer are also provided.

Druh

R - Software

CEP obor

JC - Počítačový hardware a software

OECD FORD obor

—

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2015

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Interní identifikační kód produktu

Weverca

Technické parametry

jan.kofron@d3s.mff.cuni.cz

Ekonomické parametry

Nelze aplikovat - jedná se o framework pro implementaci konkrétních nástrojů.

IČO vlastníka výsledku

00216208

Název vlastníka

Univerzita Karlova v Praze