RIPS 0.53 发布,静态PHP代码漏洞分析 - 开源中国社区
RIPS 0.53 发布,静态PHP代码漏洞分析
红薯 2012年03月22日

RIPS 0.53 发布,静态PHP代码漏洞分析

红薯 红薯 发布于2012年03月22日 收藏 2 评论 2

有免费的MySQL,为什么还要买? >>>  

RIPS是一款不错的静态源代码分析工具,主要用来挖掘PHP程序的漏洞。

RIPS 0.53发布了,在代码分析方面修复了一些bug并且增加了一些新的特性,具体改变如下:

  fixed bug where RIPS hangs on includes building a loop 1->2->3->1->2->3->1… (thanks to Michael Hoffmann)
  fixed bug where RIPS string analyzer hangs on certain array keys coming from foreach statements (thanks to Ricky-Lee Birtles)
  fixed bug where RIPS hangs on certain switch statements (thanks to Jay Bonci)
  fixed bug with wrong brace wrapping for “case x;” instead of “case x:” statements
  fixed bug with wrong brace wrapping when if-clause contains only 1 token or in a try/catch block
  fixed bug with parameter count in interprocedural analysis
  fixed bug with register_globals implementation and constants
  fixed bug with tokenizing a do-while in a do-while
  fixed bug with wrong boundary detection when a function is declared in another function
  fixed bug with wrong file pointer of included files, improved include rate
  added auto_prepend/append_file support, improved include_path support (thanks to Jay Bonci)
  added support for func_get_args() and func_get_arg()
  added support for alternative syntax for control structures (while(): … endwhile;)
  added new sensitive sinks
  added experimental option SCAN_REGISTER_GLOBALS (/config/general.php)
  added parsing errors to verbosity level = debug, improved code stability

工具下载:http://sourceforge.net/projects/rips-scanner/files/

本站文章除注明转载外,均为本站原创或编译。欢迎任何形式的转载,但请务必注明出处,尊重他人劳动共创开源社区。
转载请注明:文章转载自 开源中国社区 [http://www.oschina.net]
本文标题:RIPS 0.53 发布,静态PHP代码漏洞分析
分享
评论(2)
最新评论
0
解压缩。用php服务器环境执行。
0
好用么?怎么用?
顶部