Awesome

Eir

PHP vulnerability scanner written in C#. Why C#? Because! That's why!

Requirements

• .NET 4.5 or Mono 3.12.0-1
• PHP >= 5.3
• Good intentions

Getting it running

1. Download project
2. Install Composer (for the PHP parser)
   2.1. From the PHPAnalysis-parser folder run composer update in terminal
   2.2. Make sure all dependencies are correctly installed.
3. Fix the config.yml
4. Run the application

Getting it running on Ubuntu 16.04

1. Install PHP
   sudo apt install php7.0-cli
2. Make sure you have the XML library
   sudo apt install php-xml
3. Install Composer
   sudo apt install composer
4. Install Mono
   sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
echo "deb http://download.mono-project.com/repo/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/mono-official.list
sudo apt-get update
sudo apt-get install mono-devel
5. Install NuGet
   sudo apt install nuget
6. Install PHPAnalysis-parser dependencies with Composer
   composer install
composer update
7. Restore NuGet packages for PHPAnalysis solution
   nuget restore
8. Build solution
   msbuild ./PHPAnalysis.sln
9. Update the config.yml file with correct settings
   • Remember to reference the FileWriter and/or the WordPress dll files if needed
10. Run the analysis
    mono PHPAnalysis.exe --all --target ./myPhpFile.php

Errors

A list of possible errors you might experience while setting up/using this application and possible ways to mitigate them.

"Parser error: Syntax error, unexpected EOF on line xx"

(PHP project/parser throws this error)

Make sure that there is no syntactical errors in your PHP code. This scanner does not handle syntax errors very well.
If the syntax is correct, try updating to the newest version of PHP.

CONFIGURATION ERROR

Make sure the configuration file (config.yml) is present and has the correct format. It should look like the config-template.yml file. Standard rules for Yaml files apply.

Common error:
Using tabs instead of spaces. Indentation should be done using spaces.

External dependencies

• CommandLineParser 1.9.71

• Newtonsoft.Json 10.0.0

• PHP-Parser 1.1.0

• QuickGraph 3.6.61119.7

• Microsoft.Bcl.Immutable 1.0.34

• YamlDotNet 4.2.2

• Moq 4.7.127

• NUnit 3.8.1