Skip to content

tiandiyixian/progpilot

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

206 Commits
builds
builds
 
 
doc
doc
 
 
package
package
 
 
projects
projects
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
composer.json
composer.json
 
 

Repository files navigation

progpilot

A static analyzer for security purposes
Only PHP language is currently supported

Build Status Packagist Packagist

Standalone example

  • Download the latest phar archive in releases folder (or builds folder for dev versions).
  • Optional : configure your analysis with a yaml file.
  • Optional : use the up-to-date security data in package/src/uptodate_data folder.
  • Progpilot takes two optional arguments :
    • your YAML configuration file (if not the default configuration will be used)
    • your files and folders that have to be analysed
php progpilot.phar --configuration ./configuration.yml example1.php example2.php ./folder1/ ./folder2/

Library installation

Use getcomposer to install progpilot.
Your composer.json looks like this one :

{
    "name": "Example",
    "description": "Example of use of Progpilot",
    "minimum-stability": "dev",
    "require": {
        "designsecurity/progpilot": "dev-master"
    }
}

Then run composer :

composer install

If no errors occuring you could try the following example.

Library example

<?php

require_once './vendor/autoload.php';

$context = new \progpilot\Context;
$analyzer = new \progpilot\Analyzer;

$context->inputs->set_file("example1.php");

$analyzer->run($context);
$results = $context->outputs->get_results();

var_dump($results);

?>
  • When example1.php contains this code :
<?php

$var7 = $_GET["p"];
$var4 = $var7;
echo "$var4";

?>
  • The simplified output will be :
array(1) {
  [0]=>
  array(11) {
    ["source_name"]=>
    array(1) {
      [0]=>
      string(5) "$var4"
    }
    ["source_line"]=>
    array(1) {
      [0]=>
      int(4)
    }
    ["sink_name"]=>
    string(4) "echo"
    ["sink_line"]=>
    int(5)
    ["vuln_name"]=>
    string(3) "xss"
  }
}

All files (composer.json, example.php, example1.php) used in this example are in the projects/example folder.
For more examples look at this page.

Specify an analysis

You can configure an analysis (the definitions of sinks, sources, sanitizers and validators) according to your own context.
You can define traditional variables like _GET, _POST or _COOKIE as untrusted and for example the return of the function shell_exec() too like in the following configuration :

{
    "sources": [
        {"name": "_GET", "is_array": true, "language": "php"},
        {"name": "_POST", "is_array": true, "language": "php"},
        {"name": "_COOKIE", "is_array": true, "language": "php"},
        {"name": "shell_exec", "is_function": true, "language": "php"}
		]
}

See more available options in the corresponding chapter about specifying an analysis

Development

Learn more about the development of Progpilot

Faq

Here

About

A static analysis tool for security

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • PHP 99.2%
  • Other 0.8%