RIPS
| Developer(s) | Johannes Dahse |
|---|---|
| Stable release | 0.54 / February 24, 2013 |
| Written in | PHP |
| Operating system | Cross-platform |
| Available in | PHP |
| Type | Static code analysis |
| License | GNU General Public License |
| Website | http://rips-scanner.sourceforge.net/ |
RIPS is a static code analysis tool to automatically detect taint-style vulnerabilities in PHP applications. It is written in PHP and was released during the Month of PHP Security[1] in May 2010 as open source software.[2]
Analysis
RIPS tokenizes PHP code (lexical analysis) based on PHP's tokenizer extension and performs semantic analysis to build a program model. Based on previously analyzed variable assignments, it performs backwards-directed inter-procedural taint analysis of sensitive sinks. RIPS strength is the ability to scan PHP applications very fast for PHP-specific vulnerabilities. Its weakness is a rather high amount of false positives due to no use of an abstract syntax tree or control flow graph. The lacking support for object-oriented PHP code can lead to false negatives.
Vulnerability Types
The detection of the following vulnerability types is supported:
- Code Execution
- Command Execution
- Connection String Injection
- Cross-Site Scripting
- HTTP Response Splitting
- File Disclosure
- File Inclusion
- File Manipulation
- LDAP Injection
- PHP Object Injection
- SQL Injection
- XPath Injection
Web Interface
RIPS is controlled via web interface. It allows to initiate scans in local directories for specific vulnerability types or to perform regular expression searches. Detected vulnerabilities are presented in the web interface with a minimum set of affected code lines as well as a vulnerability summary. For each vulnerability an integrated code viewer can be opened in order to highlight the affected code lines in the original source code. Furthermore, help is offered to understand the vulnerability and exploits can be generated automatically. The interface also offers a list of scanned PHP files, user-defined functions, and detected sources.
Development
The development of the current version 0.54 is abandoned. A completely rewritten prototype is under development that improves analysis precision,[3] is able detect more vulnerability types such as second-order vulnerabilities,[4] and supports object-oriented PHP code.[5] Its release date is currently unknown.
See also
References
- ↑ http://www.php-security.org/2010/05/24/mops-submission-09-rips-a-static-source-code-analyser-for-vulnerabilities-in-php-scripts/index.html
- ↑ http://sourceforge.net/projects/rips-scanner/
- ↑ http://www.internetsociety.org/doc/simulation-built-php-features-precise-static-code-analysis
- ↑ https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/dahse
- ↑ http://dl.acm.org/citation.cfm?id=2660363