Since the pretty printing is coming along fine, I considered the phases for PSAT itself. I have also posted this to the psat-dev list. But this could also be discussed here off course. Any comments or suggestions are most welcome.
Phase 1:
Identify and annotate the variables that come from the user with 'un-safe'
This includes the research of which variables can be altered by the
user. Some info
Phase 2:
Identify and annotate the functions that can cause vulnerabilities
to occur if a 'un-safe' variable is used.
Phase 3:
Generate a rapport in some form to show the user the possible vulnerability
At the end of this phase the following should give use full info:
echo $_GET['name'];The design of the rapport is also considered in this phase.
Phase 4:
Identify and annotate the functions that make variables safe for use
within the 'un-safe' functions. The annotation should also be added to the variables used and propagated.
Phase 5:
Add support for assignment variables and the (simple) propagation thereof
Phase 6:
Add support for reference variables and the (simple) propagation thereof
Phase 7:
Add support for the propagation within and coming from(user-defined) functions
Phase 8:
Add support for the propagation within and coming from objects
Notice that the phases are build upon each other. The base-foundation
is made in the first four phases, the simplest case. The other phases
each add a layer of complexity. Each phase should result in a working
tool that supports the mentioned constructions.
No comments:
Post a Comment