This project would not have been possible without these dependencies:
More than 2400 tests cases from PHP Vulnerability test suite are used to test progpilot.
To run the tests suite go to ./projects/tests folder and execute phpunit.
Progpilot is licensed under the MIT License
- Eric Therond | github | website | [email protected]
See also the list of contributors who participated in this project.
If you want to contribute to this project see the contributing rules.
There is a lot of tasks to do:
- Passing by reference
- Pushing elements into array (like array[] = ele; or push_array())
- Property of an object is an object
- definitions on the same line (def = eee; def = aaa;)
- If property hasn't been declared but used later (class { miss public $property;})
- Chained functions calls : $obj->func1()->func2()
- Chained references : $var = "eee"; $ref1 = &$var; $ref2 = &$ref1;
- Sprintf strings transformations
- $tainted = $tainted + 0; => cast to int
- Handle all tainted flows when severals definitions taint the same expression