[OWASP_PHPSEC] Start work on scanner

Abbas Naderi abiusx at owasp.org
Mon Aug 19 13:46:38 UTC 2013


Ok this is an example to detect:

		$x="<p>yo</p>";
		echo "this should be just warning"; //safe stuff
		echo "this one {$x} is error";
		print "this is ".$x." unsafe too.";
		printf("warning here");
		vprintf("warn %s",array($x));
		vprintf("not ok ".$x." %s",array($x));
		echo "you
				cant detect this.";

______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Mordad 28, 1392, at 6:15 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> https://github.com/OWASP/phpsec/commit/f0d6cc3e175eea232444e596c672f4a743102ea4
> 
> 
> 
> On Mon, Aug 19, 2013 at 7:15 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> I did that the day you told me to do so....I also pushed my codes back then only and then I informed you..
> 
> 
> On Mon, Aug 19, 2013 at 7:13 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> Have you finished determining a whole statement? Please push the code and I will push my part.
> -A
> ______________________________________________________________
> Notice: This message is digitally signed, its source and integrity are verifiable.
> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
> 
> On Mordad 28, 1392, at 6:10 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> 
>> Hello All,
>> 
>> Abbas, you mentioned earlier that for scanner, once we have created support for multi-line statements....we will start work on "concatenated statements"...should I start working on it ???
>> 
>> if yes, then can you give some examples of what kind of statements we are looking for ???
>> 
>> -- 
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>> _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130819/15e34134/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list