{"title":"一种新的PHP代码静态漏洞分析算法","authors":"Xue-xiong Yan, Hengtai Ma","doi":"10.1109/ICNISC.2017.00034","DOIUrl":null,"url":null,"abstract":"as for detecting taint-style vulnerabilities in PHP codes, this paper introduces function calling control vulnerability, which is a new kind of taint-style vulnerabilities in PHP codes without sensitive function, and enriches classical update rules for taint analysis with a new transfer function definition, which is used to deal with statements with a single function call. The new static vulnerabilities analysis algorithm is implemented in a tool named POSE, and the experiment results of the POSE show that the new algorithm is valid for detecting more type of taint-style vulnerabilities in PHP codes.","PeriodicalId":429511,"journal":{"name":"2017 International Conference on Network and Information Systems for Computers (ICNISC)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A New Static Vulnerabilities Analysis Algorithm for PHP Codes\",\"authors\":\"Xue-xiong Yan, Hengtai Ma\",\"doi\":\"10.1109/ICNISC.2017.00034\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"as for detecting taint-style vulnerabilities in PHP codes, this paper introduces function calling control vulnerability, which is a new kind of taint-style vulnerabilities in PHP codes without sensitive function, and enriches classical update rules for taint analysis with a new transfer function definition, which is used to deal with statements with a single function call. The new static vulnerabilities analysis algorithm is implemented in a tool named POSE, and the experiment results of the POSE show that the new algorithm is valid for detecting more type of taint-style vulnerabilities in PHP codes.\",\"PeriodicalId\":429511,\"journal\":{\"name\":\"2017 International Conference on Network and Information Systems for Computers (ICNISC)\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Network and Information Systems for Computers (ICNISC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICNISC.2017.00034\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Network and Information Systems for Computers (ICNISC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNISC.2017.00034","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A New Static Vulnerabilities Analysis Algorithm for PHP Codes
as for detecting taint-style vulnerabilities in PHP codes, this paper introduces function calling control vulnerability, which is a new kind of taint-style vulnerabilities in PHP codes without sensitive function, and enriches classical update rules for taint analysis with a new transfer function definition, which is used to deal with statements with a single function call. The new static vulnerabilities analysis algorithm is implemented in a tool named POSE, and the experiment results of the POSE show that the new algorithm is valid for detecting more type of taint-style vulnerabilities in PHP codes.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
