Since the pretty printing is coming along fine, I considered the phases for PSAT itself. I have also posted this to the psat-dev list. But this could also be discussed here off course. Any comments or suggestions are most welcome.
Identify and annotate the variables that come from the user with 'un-safe'
This includes the research of which variables can be altered by the
user. Some info
Identify and annotate the functions that can cause vulnerabilities
to occur if a 'un-safe' variable is used.
Generate a rapport in some form to show the user the possible vulnerability
At the end of this phase the following should give use full info:
echo $_GET['name'];The design of the rapport is also considered in this phase.
Identify and annotate the functions that make variables safe for use
within the 'un-safe' functions. The annotation should also be added to the variables used and propagated.
Add support for assignment variables and the (simple) propagation thereof
Add support for reference variables and the (simple) propagation thereof
Add support for the propagation within and coming from(user-defined) functions
Add support for the propagation within and coming from objects
Notice that the phases are build upon each other. The base-foundation
is made in the first four phases, the simplest case. The other phases
each add a layer of complexity. Each phase should result in a working
tool that supports the mentioned constructions.