each CFG node is associated with information about which literal is mapped to a variablebefore executing that node.Resolution of non-literal include statements, variable variables, variable array indices, and variable function calls (only for potential uses).Ignore program paths that cannot be executed at runtime (called path pruning).Can improve the precision of the overall analysis by:.Purpose: To determine, for each program point, the literal that a variable or a constant can hold.A data structure built on top of the intermediate code representation abstracting the control flow behavior of a function that is being compiled.Operates on the control flow graph (CFG) of a program. transformed into linearized form resembling three-address code(TAC), and kept as a control flow graph for each encounter function.construct a parse tree for PHP input file.Statistically compute certain information for every single program point (or for coarser units such as functions).Identify the taint value of variables used in these sinks.Goal: To determine whether it is possible that tainted data reaches sensitive sinks without being properly sanitized.htmlentities(), htmlspecialchars(), and type casts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |