static lightweight includes resolution for php
play

Static, Lightweight Includes Resolution for PHP Mark Hills , Paul - PowerPoint PPT Presentation

Apr 02, 2023 •276 likes •798 views

Static, Lightweight Includes Resolution for PHP Mark Hills , Paul Klint, and Jurgen J. Vinju 29th IEEE/ACM International Conference on Automated Software Engineering September 17-19, 2014 Vsters, Sweden Motivating stats on PHP #7 on TIOBE

  1. Static, Lightweight Includes Resolution for PHP Mark Hills , Paul Klint, and Jurgen J. Vinju 29th IEEE/ACM International Conference on Automated Software Engineering September 17-19, 2014 Västerås, Sweden

  2. Motivating stats on PHP • #7 on TIOBE Programming Community Index • 4th most popular language on GitHub by repositories created • Used by 82.2% of all websites whose server-side language can be determined • Some figures show up to 20% of new sites run WordPress • Big projects: MediaWiki 1.22.0 has more than 1 million lines of PHP 2

  3. Open Source Commits by Language (Ohloh.net) http://www.ohloh.net/languages/compare?measure=commits&percent=true 3

  4. An Empirical Study of PHP Feature Usage (ISSTA 2013) • Research questions: • How do people actually use PHP? • What assumptions can we make about code and still have precise analysis in practice? • One finding: include expressions have a high impact on creating precise program analysis algorithms, and are a common feature 4

  5. Research Questions • Can we devise precise, lightweight static analysis algorithms for resolving PHP include expressions? • Can we provide support that is fast enough to realistically integrate with IDEs? • How far can we get without applying heavier-weight analysis, with assumption that these results can be refined in the future? Includes Analysis Alias Analysis Type Inference 5

  6. The (non-trivial) PHP File Inclusion Model Find Include File, Given Input File Name File found using Path starts with File found using File found using No No current working No directory characters? include path? including script path? directory? Yes Lookup File Yes Yes Yes No Using Directory Info Yes File located? File Found No File Missing 6

  7. What are the challenges? • Include expression may include concatenation, constants, function calls, or even arbitrary code • Location to load file from may not be obvious: • Is it on the include path? • Is it based on the current working directory? • Is it based on the script directory? • Are the first two changed at runtime? 7

  8. Statically resolving PHP includes: FLRES and PGRES • FLRES: F ile- L evel I ncludes RES olution • PGRES: P ro G ram-Level Includes RES olution • Why two? • PGRES can take advantage of context information unavailable to FLRES • FLRES tuned to provide fast resolution 8

  9. FLRES Building Blocks • We may have no information on the base path • We can take advantage of unique constants • We can simulate some PHP expressions • We can match the constant part of the path at the end of the given file name (if present) 9

  10. Building block 1: Base paths for includes template.php ... require './headers.php' ... 10

  11. Building block 1: Base paths for includes template.php ... require './headers.php' ... headers.php ... ... ... 11

  12. Building block 1: Base paths for includes template.php ... require './headers.php' ... headers.php ... ... ... 12

  13. Building block 1: Base paths for includes Directory / Directory d main.php template.php ... ... require 'd/template.php' require './headers.php' ... ... headers.php headers.php ... ... ... ... ... ... 13

  14. Building block 1: Base paths for includes Directory / Directory d main.php template.php ... ... require 'd/template.php' require './headers.php' ... ... headers.php headers.php ... ... ... ... ... ... 14

  15. Building block 1: Base paths for includes Directory / Directory d main.php template.php ... ... require 'd/template.php' require './headers.php' ... ... headers.php headers.php ... ... ... ... ... ... 15

  16. Building block 1: Base paths for includes Directory / Directory d main.php template.php ... ... require 'd/template.php' require './headers.php' ... ... headers.php headers.php ... ... ... ... ... ... 16

  17. Building block 1: Base paths for includes • If we have a literal path starting with ‘/‘, we can 
 use this — rules say it must be looked up from 
 web root • Note: this is very uncommon, forces install location • Otherwise, path can’t tell us where to start looking for the file 17

  18. Building block 2: Unique constants • If a constant is always defined with the same value, 
 we allow the algorithm to use it wp-mail.php wp-load.php ... ... ...Use Of WPINC... define( 'WPINC', 'wp-includes' ); ... ... wp-settings.php ... define( 'WPINC', 'wp-includes' ); ... 18

  19. Building block 2: Unique constants • If a constant is always defined with the same value, 
 we allow the algorithm to use it wp-mail.php wp-load.php ... ... ...'wp-includes'... define( 'WPINC', 'wp-includes' ); ... ... wp-settings.php ... define( 'WPINC', 'wp-includes' ); ... 19

  20. Building block 2: Unique constants • If a constant is always defined with the same value, 
 we allow the algorithm to use it • Is this sound? • See discussion in paper • Working assumption: we know all declared constants • Short answer: no if constant is undefined but used anyway or is one we are unaware of, otherwise yes 20

  21. Building block 3: PHP expression simulation From wp-comments-post.php: require( dirname(__FILE__) . '/wp-load.php' ); 21

  22. Building block 3: PHP expression simulation From wp-comments-post.php: require( dirname(__FILE__) . '/wp-load.php' ); 22

  23. Building block 3: PHP expression simulation From wp-comments-post.php: require( dirname(‘/webroot/wp-comments-post.php’) . '/wp-load.php' ); 23

  24. Building block 3: PHP expression simulation From wp-comments-post.php: require( dirname(‘/webroot/wp-comments-post.php’) . '/wp-load.php' ); 24

  25. Building block 3: PHP expression simulation From wp-comments-post.php: require(‘/webroot’ . '/wp-load.php' ); 25

  26. Building block 3: PHP expression simulation From wp-comments-post.php: require(‘/webroot’ . '/wp-load.php' ); 26

  27. Building block 3: PHP expression simulation From wp-comments-post.php: require(‘/webroot/wp-load.php' ); 27

  28. Building block 3: PHP expression simulation • Magic constants evaluated • Functions and string operations simulated on constant strings • This is a fixpoint computation — it can generate new string constants that allow further reduction 28

  29. Building block 4: Path matching Input Expression: require( "$maintenanceDir/Maintenance.php" ); Generate RegExp Generated RegExp: \S*Maintenance[.]php List of System Files: ... Match Available /includes/ImageFunctions.php Files /maintenance/Maintenance.php /skins/Vector.php ... Matched Files: /maintenance/Maintenance.php 29

  30. PGRES Building Blocks • We now have information on the base path • We can take advantage of non-unique constants • We need to be aware of PHP functions that can change the include path or current working directory at runtime 30

  31. Building block 1: We can use the base path Directory / Directory d main.php template.php ... ... require 'd/template.php' require './headers.php' ... ... X headers.php headers.php ... ... ... ... ... ... 31

  32. Building block 2: Unique constants • If a constant could have multiple values, we can use 
 it if all included definitions are the same wp-mail.php wp-load.php ... ... ...Use Of WPINC... define( 'WPINC', 'wp-includes' ); ... ... wp-settings.php ... define( 'WPINC', 'includes' ); ... 32

  33. Building block 2: Unique constants • If a constant could have multiple values, we can use 
 it if all included definitions are the same wp-mail.php wp-load.php ... ... ...Use Of WPINC... define( 'WPINC', 'wp-includes' ); ... ... wp-settings.php ... define( 'WPINC', 'includes' ); ... 33

  34. Building block 2: Unique constants • If a constant could have multiple values, we can use 
 it if all included definitions are the same wp-mail.php wp-load.php ... ... ...'wp-includes'... define( 'WPINC', 'wp-includes' ); ... ... wp-settings.php ... define( 'WPINC', 'includes' ); ... 34

  35. Building block 3: functions can impact lookups • PHP include paths and working directories can be 
 changed at runtime • chdir changes the current working directory • set_include_path sets the include path • ini_set can also set the include path • Reachable uses of these cause us to ignore base path info, just like in FLRES 35

  36. Any new soundness concerns? • Inherits all soundness concerns from FLRES • One new one: we assume functions that change include path and working directory not called in obfuscated ways (e.g., using eval) 36

  37. Setting Up the Experiment: Tools & Methods http://cache.boston.com/universal/site_graphics/blogs/bigpicture/lhc_08_01/lhc11.jpg 37

  38. Building an open-source PHP corpus • Same corpus as used in ISSTA 2013, updated 
 versions, added Magento • Systems selected based on Ohloh (now Black Duck) rankings • Totals: 20 open-source PHP systems, 4.59 million lines of PHP code, 32,682 files 38

  39. Evaluating FLRES: Technique • Run FLRES over entire corpus • Track execution time on each file • Basic stats: how many includes have static or dynamic args? • Includes stats: how many resolve to a unique file? to any file? to something in between? 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lightweight and Accurate Recursive Fractal Network for Image Super-Resolution Juncheng Li, Yiting

Lightweight and Accurate Recursive Fractal Network for Image Super-Resolution Juncheng Li, Yiting

Lightweight and Accurate Recursive Fractal Network for Image Super-Resolution Juncheng Li, Yiting Yuan, Kangfu Mei, and Faming Fang* International Conference on Computer Vision, 2019 Learning for Computational Imaging (LCI) Workshop MIVRC:

443 views • 31 slides
Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
Static Resolution of Implicit Control Flow for Reflection and Message-Passing Paulo Barros , Ren

Static Resolution of Implicit Control Flow for Reflection and Message-Passing Paulo Barros , Ren

Static Resolution of Implicit Control Flow for Reflection and Message-Passing Paulo Barros , Ren Just, Suzanne Millstein, Paul Vines, Werner Dietl, Marcelo dAmorim and Michael D. Ernst Implicit control flow Indirect method call

1.05k views • 79 slides
The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will revolutionise the international high-rise construction industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight

417 views • 12 slides
The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept will revolutionise the aviation industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight applications Patent Applied For

479 views • 12 slides
CCP Resolution: proposal for an EU Regulation and FSB Guidance on CCP Resolution 2ND EUROPEAN

CCP Resolution: proposal for an EU Regulation and FSB Guidance on CCP Resolution 2ND EUROPEAN

CCP Resolution: proposal for an EU Regulation and FSB Guidance on CCP Resolution 2ND EUROPEAN RECOVERY AND RESOLUTION SUMMIT Frankfurt, 5 July 2017 David Blache, Deputy Director for Resolution, ACPR (Resolution Authority, France) 1

292 views • 27 slides
Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables all instances of the class share the same static variable example: serial/VIN number for Car static methods invoked through class

324 views • 7 slides
1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

Static/ Dynamic Deformation I ntroduction to Static deformation Dynamic deformation Static/ Dynamic Deformation with Mass-Spring Systems undeformed shape f internal + = f inertia = 0 f external Min Gyu Choi deformed

426 views • 4 slides
New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K. Schramm Workshop on Fast Software Encryption 2007 Outline Introduction Why lightweight? Why choose DES? DESL: DES Lightweight Why change DES?

364 views • 12 slides
CAM ROLLER SPRING CASE UIAA INTERNATIONAL CLIMBING AND MOUNTAINEERING FEDERATION UNION

CAM ROLLER SPRING CASE UIAA INTERNATIONAL CLIMBING AND MOUNTAINEERING FEDERATION UNION

CAM ROLLER SPRING CASE UIAA INTERNATIONAL CLIMBING AND MOUNTAINEERING FEDERATION UNION INTERNATIONALE DES ASSOCIATIONS DALPINISME 4 kN STATIC LOAD 110 kg at 3 m/s DYNAMIC LOAD SIMPLE SIMPLE LIGHTWEIGHT SIMPLE LIGHTWEIGHT RELIABLE

679 views • 46 slides
SIGBI Limited General Meeting 2019 Resolutions 1-6 Resolution 1 Resolution 2 Resolution 3

SIGBI Limited General Meeting 2019 Resolutions 1-6 Resolution 1 Resolution 2 Resolution 3

SIGBI Limited General Meeting 2019 Resolutions 1-6 Resolution 1 Resolution 2 Resolution 3 Resolution 4 Resolution 5 Resolution 6 SIGBI Articles SIGBI Byelaws SIGBI Byelaw SIGBI Region/ SIGBI Club Membership 8.1 NA/Network/

533 views • 8 slides
Static and dynamic verification Static and dynamic V&V Software inspections Concerned

Static and dynamic verification Static and dynamic V&V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Tunable Static Inference for Generic Universe Types Werner Dietl Michael Ernst & Peter

Tunable Static Inference for Generic Universe Types Werner Dietl Michael Ernst & Peter

Tunable Static Inference for Generic Universe Types Werner Dietl Michael Ernst & Peter Mller Generic Universe Types (GUT) Lightweight ownership type system Heap topology Owner-as-Modifier encapsulation discipline Glimpse

840 views • 40 slides
Physics 1 Overview Collision detection Model representation Dynamic vs. static

Physics 1 Overview Collision detection Model representation Dynamic vs. static

Physics 1 Overview Collision detection Model representation Dynamic vs. static Discrete vs. continuous Efficiency issues Collision resolution Events Solvers Dynamics Rigid bodies Impulse-based collision

433 views • 24 slides
Hermes: A Language for Lightweight Encryption Torben gidius Mogensen RC 2020 Background:

Hermes: A Language for Lightweight Encryption Torben gidius Mogensen RC 2020 Background:

Hermes: A Language for Lightweight Encryption Torben gidius Mogensen RC 2020 Background: Lightweight Encryption Lightweight: Meant to be fast. Symmetric key: Same key used for encryption and decryption. Used in embedded systems, browsers,

300 views • 12 slides
Lightweight Cryptography and and RFID Security Svetla Nikova COSIC KUL COSIC, KULeuven and

Lightweight Cryptography and and RFID Security Svetla Nikova COSIC KUL COSIC, KULeuven and

Lightweight Cryptography and and RFID Security Svetla Nikova COSIC KUL COSIC, KULeuven and UTwente d UT t Overview Lightweight cryptography - state of the art Comparison Standard vs. Lightweight Comparison Standard vs. Lightweight

599 views • 39 slides
LIMSI English-French Speech Translation System Natalia Segal H el` ene Bonneau-Maynard Quoc

LIMSI English-French Speech Translation System Natalia Segal H el` ene Bonneau-Maynard Quoc

LIMSI English-French Speech Translation System Natalia Segal H el` ene Bonneau-Maynard Quoc Khanh Do Alexandre Allauzen Jean-Luc Gauvain Lori Lamel Franc ois Yvon LIMSI-CNRS and Universit e Paris-Sud December 4th, 2014 1/18 H

285 views • 27 slides
Fli-o: The File I/O language Manager: Matthew Chan (mac2474) System Architect: Justin Gross

Fli-o: The File I/O language Manager: Matthew Chan (mac2474) System Architect: Justin Gross

Fli-o: The File I/O language Manager: Matthew Chan (mac2474) System Architect: Justin Gross (jg3544) Tester: Gideon Cheruiyot (gkc2112) Language Guru: Eyob Tefera (et2546) File manipulation in most Motivation languages leaves something

921 views • 16 slides
Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) etworks (WPANs)

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) etworks (WPANs)

March 2003 doc.: IEEE 802.15-03/153r3 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) etworks (WPANs) Project: IEEE P802.15 Working Group for Wireless Personal Area N Submission Title: [XtremeSpectrum CFP

611 views • 28 slides
Evaluation of JSCC for Multi-hop Wireless Channels Huiyu Luo and Yichen Liu EE206A Spring, 2002

Evaluation of JSCC for Multi-hop Wireless Channels Huiyu Luo and Yichen Liu EE206A Spring, 2002

Evaluation of JSCC for Multi-hop Wireless Channels Huiyu Luo and Yichen Liu EE206A Spring, 2002 Outlines Introduction and overview Related work System model Simulation results Conclusion Bibliography 2005-10-7 EE206A

458 views • 23 slides
OCL Contracts for the Verification of Model Transformations LIUPPA Laboratory Self-* Team

OCL Contracts for the Verification of Model Transformations LIUPPA Laboratory Self-* Team

OCL Contracts for the Verification of Model Transformations LIUPPA Laboratory Self-* Team Eric Cariou, Nicolas Belloir, Franck Barbier and Nidal Djemam LIUPPA Laboratory Self-* team Universit de Pau et des Pays de lAdour

647 views • 27 slides
Building Blocks Yang Xu Department of Automatic Control Building blocks Synchronized

Building Blocks Yang Xu Department of Automatic Control Building blocks Synchronized

Building Blocks Yang Xu Department of Automatic Control Building blocks Synchronized collections Concurrent collections Blocking queues and the producer-consumer pattern Blocking and interruptible methods Synchronizers

493 views • 18 slides
quences. Sections 4 and 5 develop algorithmically and The intersection of a set of sequences s 1 ,

quences. Sections 4 and 5 develop algorithmically and The intersection of a set of sequences s 1 ,

Summarizing Sequential Data with Closed Partial Orders Gemma Casas-Garriga Abstract a closure operator is defined by using the properties of In this paper we address the task of summarizing a set of the Galois connection, and from there,

236 views • 12 slides
The SG@home SG@home Project: Project: The Experience Sharing Experience Sharing Hing-Yan LEE,

The SG@home SG@home Project: Project: The Experience Sharing Experience Sharing Hing-Yan LEE,

The SG@home SG@home Project: Project: The Experience Sharing Experience Sharing Hing-Yan LEE, Jon LAU Khee-Erng and Nigel TEOW National Grid Office Singapore International Symposium on Grid Computing 2007 PC Grid Computing PC Grid

782 views • 34 slides

More recommend