[Owasp-orizon] Php parser and Mirage per language skeleton brainstorm...

[Paolo Perego]

On Tue, Feb 24, 2009 at 5:43 PM, Stephen Craig Evans
<stephencraig.evans at gmail.com> wrote:
> Hi Paolo,
Hi Stephen..

Thanks for your great feedback...
> Do with it what you wish; I was playing around.
Those days I'm working over Mirage classes defining abstract methods
in order to have a consistent architecture.
I defined a Modeler and a Collector class with a bunch of abstract
methods than per language modelers and collectors will be supposed to
implement.

I'm going to merge your updates with the code base and then I'll
commit in the repository.

> Out of the PHP book samples - that I mentioned previously - from the
> chapters, I inspected them and 20 out of 190 total did not pass; so in
> my spare time on a rainy day :-) soon I will figure out what is wrong
> with those.
Great! :)

> I still think the Ounce CIR XML format is the best to write to since
> it is already defined and O2 can use it. It includes the AST, symbol
> table, SSA stuff, call graph, and everything that is necessary (and
Sure this is the way. But we have to write down the infos contained in the CIR.
I mean, at the same time you work hard to improve PHP model we must
build a list of information a modeler need to keep track for these
reasons:
* we need to implement the classes that manage those infos (the AST,
the symbol table, ...)
* we need to document it
* we need to make it there for other Collectors.

What do you think?

So my opinion is, meanwhile we're working, to describe in pseudocode
the CIR internals so that we can build the code behind that.
I hope my English was good enough to make the point clear :)

Cheers
Paolo

-- 
"stay hungry, stay foolish"

OWASP Orizon project, http://orizon.sourceforge.net
"enjoy your code review experience"