RIPS

RIPS
Developer(s)	Johannes Dahse

Stable release	0.55 / March 31, 2015 (2015-03-31)
Written in	PHP
Operating system	Cross-platform
Available in	PHP
Type	Static code analysis
License	GNU General Public License
Website	www.ripstech.com

RIPS is a static code analysis tool to automatically detect taint-style vulnerabilities in PHP applications. The initial version was written in PHP and released during the Month of PHP Security^[1] in May 2010 as open source software.^[2] A new rewritten version is available as cloud and standalone product that overcomes fundamental limitations of the open source version.

Analysis

RIPS tokenizes PHP code (lexical analysis) based on PHP's tokenizer extension and performs semantic analysis to build a program model. Based on previously analyzed variable assignments, it performs backwards-directed inter-procedural taint analysis of sensitive sinks. RIPS strength is the ability to scan PHP applications very fast for PHP-specific vulnerabilities. The weakness of the open-source version is a rather high amount of false positives due to no use of an abstract syntax tree or control flow graph. The lacking support for object-oriented PHP code can lead to false negatives.

Vulnerability types

The detection of the following vulnerability types is supported:

Code Execution
Command Execution
Connection String Injection
Cross-Site Scripting
HTTP Response Splitting
File Disclosure
File Inclusion
File Manipulation
LDAP Injection
PHP Object Injection
SQL Injection
XPath Injection

Web interface

RIPS is controlled via web interface. It allows to initiate scans in local directories for specific vulnerability types or to perform regular expression searches. Detected vulnerabilities are presented in the web interface with a minimum set of affected code lines as well as a vulnerability summary. For each vulnerability an integrated code viewer can be opened in order to highlight the affected code lines in the original source code. Furthermore, help is offered to understand the vulnerability and exploits can be generated automatically. The interface also offers a list of scanned PHP files, user-defined functions, and detected sources.

Development

The development of the current version 0.55 is abandoned due to its fundamental limitations. A completely rewritten prototype is available^[3] that improves analysis precision,^[4] is able detect 36 vulnerability types, including second-order vulnerabilities,^[5] and supports object-oriented PHP code.^[6]

References

↑ "MOPS Submission 09: RIPS – A static source code analyser for vulnerabilities in PHP scripts « the Month of PHP Security". Php-security.org. 2010-05-24. Retrieved 2016-08-10.
↑ "RIPS download". SourceForge.net. Retrieved 2016-08-10.
↑ "RIPS - Automated Security Analysis for PHP Code". Ripstech.com. Retrieved 2016-08-10.
↑ Johannes Dahse; Thorsten Holz (2014-02-22). "Simulation of Built-in PHP Features for Precise Static Code Analysis". Internet Society. Retrieved 2016-08-10.
↑ "Static Detection of Second-Order Vulnerabilities in Web Applications". USENIX.org. 2014-08-01. Retrieved 2016-08-10.
↑ "Code Reuse Attacks in PHP". Dl.acm.org. doi:10.1145/2660267.2660363. Retrieved 2016-08-10.

This article is issued from Wikipedia - version of the 8/10/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.