Web Index

PHP-Sat offers the functionality to automatically analyze files which are included with the require / include functions of PHP. Many projects use some kind of include ...

The Nix buildfarm continuously builds PHP-front and PHP-sat packages. Reports Reports and logs from the build tasks are available at: DIST Some more direct links: ...

This page describes how you can set up your development environment for PHP-Sat/PHP-Front. Most of the information is located elsewhere, if a link is dead please let ...

There are two mailing lists that you may want to subscribe to. psat-commits All SVN-, Jira- and Buildfarm-messages. To stay really up to date. psat-dev List for ...

The following programming constructs are currently supported by the MCV000-pattern: Operator Expressions Control-flow statements This means that the security check ...

TOC Features PHP-front is a package you can use to generate, analyse, or transform PHP code. It contains a handcrafted SDF grammar for PHP, a handcrafted pretty printer ...

Syntax definition The syntax definition can be browsed online: PHP4 syntax definition PHP5 syntax definition The syntax definition of the PHP versions identify which ...

The idea for a library that gives access to common php-meta-programming facilities was already mentioned in the application for the SoC. A quote: The community will ...

Syntax Definition PHP-Front has an extensive test suite that is run on every build. The grammar is tested by over six hunderd unit-tests that cover at least every ...

Stable Releases There is no stable release of PHP-Front (yet). Check the road map for the current status of the 0.1 release. Latest Developments Distributions of ...

TOC Features Some of the (unique) features of PHP-sat are: Documented bug-patterns Configurable security check (status) Option to preserve comments Pretty printer ...

TOC What is a bug-pattern? Let us start with a definition: A bug-pattern describes a common mistake at the application level. So each bug-pattern describes a pattern ...

TOC Why configuration? The configuration file is used to configure the security-analysis within php-sat. It contains information about three things: Which variables ...

PHP-Sat is always on the lookout for developers. If you are interested in working on PHP-Sat there are a couple of things that can come in handy. The source of the ...

TOC Installation The installation process is the same as for PHP-Front. Usage Getting started with PHP-Sat PHP-Sat configuration explained Development If you want ...

TOC Analyzing a file After you have installed php-sat you can run it by typing: php-sat h If this command does not produce a list of all the options that are available ...

The PHP-Sat logo is made by Robert van Geenhuizen. We are very grateful that he took the time to develop this logo. We think it is 'compleet hip', which means so much ...

!! Under construction !! This page will hold the description of the security algorithm of PHP-Sat as flagged by pattern MCV000. The information is already available ...

PHP-Sat was originally called PSAT. This stands for PHP Static Analysis Tool. This name should not come as a surprise. When the time came to publish the project on ...

There where two sources that made the idea for PHP-Sat. The first source of inspiration came from my work as a assistant at the course "internet programmeren" (Internet ...

Bugpatterns Each bugpattern category within PHP-Sat has his own testsuite. Each bugpattern has is own section within the testsuite to test different properties of ...

There is no stable release of PHP-Sat (yet). Check the road map for the current status of the 0.1 release. You can always download, install and try the latest version ...

If you are in need of support you can try either one of these channels to ask questions or file issues: Mailing lists IRC Issues

TOC Introduction Within the documentation of PHP-front the TheExampleProject is used to explain how you can setup your own project. This documentation uses PHP-Tools ...

The pretty printer that comes with PHP is designed to pretty print an AST-representation of a PHP-program according to a set of rules. It is not designed to return ...

Safety levels are used to represent the level of security a variable has within the security analysis. The set of safety levels is finite and has a partial order by ...

A sensitive sink is every construct/function that can cause a vulnerability when it is given TaintedData as a parameter. The following constructs are listed as a SensitiveSink ...

INCLUDE{ TWIKIWEB .SiteMap}

The following text was submitted as my proposal for Google's Summer of Code 2006: Project Title Using static analysis to find vulnerabilities Synopsis Applications ...

Any data that comes from outside the script should be considered tainted data. This includes user-input, database-results, file-system data or anything else that is ...

The pr-department proudly presents the following list of activities. Talks PHP-sat has been the subject of the following talks: 2006-11-09: Software Technology Colloquium ...

We would like to thank the following people/projects/institutes for contributing to PHP-SAT: (In alphabetical order) Bravenboer, Martin For being my mentor during ...

The empty module is a top-level directory in the SVN-repository which contains everything you need to start your own project based on PHP-Front. The special name that ...

These pages describe how you can set-up your PHP-Front-based project. We will use a real-life example to explain all the steps that are involved in making a PHP-Front ...

SEARCH{". " web " INCLUDINGWEB " regex "on" nosearch "on" order "modified" reverse "on" limit "50" format " $percntCALC{\"$dollarPROPERSPACE($topic(40, ...))\"}$percnt ...

INCLUDE{ MAINWEB .WebChanges100}

INCLUDE{ MAINWEB .WebChanges200}

INCLUDE{ MAINWEB .WebChanges500}

PHP-Sat is a Static Analysis tool that can be used to check for common mistakes in PHP source code. One of the key-features of PHP-Sat is the automatic detection of ...

SEARCH{"\. " scope "topic" regex "on" nosearch "on" noheader "on" format " $topic "}

PHP-sat Download Documentation Bugpatterns Quality Origin Name PHP-front Download Documentation Quality Origin PHP-tools Support Mailing lists IRC Issues Developers ...

2007 02 18 Added page to archive talks and papers 2007 02 18 Added page for the PHP-Tools-package 2007 01 27 Official launch of PHP-Sat.org 2006 08 24 PHP ...

NOTIFYTOPIC is a subscription service to be automatically notified by email when topics change in the TWiki.PHP web. This is a convenient service, so you do not have ...

TWiki.PHP Web Preferences The following settings are web preferences of the TWiki.PHP web. These preferences overwrite the site-level preferences in TWIKIWEB . WIKIPREFSTOPIC ...

TWiki's PHP web SCRIPTURL /view SCRIPTSUFFIX /PHP The PHP web of TWiki. TWiki is a Web-Based Collaboration Platform for the Corporate World. INCLUDE{" TWIKIWEB .WebRssBase ...

INCLUDE{" TWIKIWEB .WebSearch"}

INCLUDE{" TWIKIWEB .WebSearchAdvanced"}

Statistics for TWiki.PHP Web Month: Topic views: Topic saves: File uploads: Most popular topic views: Top contributors for topic save and uploads: Feb 2008 3910 0 ...

Finding topics RoadMap WebIndex: all topics in the PHP web WebSearch: find topics Tracking activity WebNews: selected changes WebChanges: recent changes WebNotify ...

TOPICLIST{" $name "} See also the verbose WebIndex.

Main.EricBouwers 18 Feb 2007