RIPS是一款不错的静态源代码分析工具,主要用来挖掘PHP程序的漏洞。
RIPS 0.53发布了,在代码分析方面修复了一些bug并且增加了一些新的特性,具体改变如下:
fixed bug where RIPS hangs on includes building a loop 1->2->3->1->2->3->1… (thanks to Michael Hoffmann)
fixed bug where RIPS string analyzer hangs on certain array keys coming from foreach statements (thanks to Ricky-Lee Birtles)
fixed bug where RIPS hangs on certain switch statements (thanks to Jay Bonci)
fixed bug with wrong brace wrapping for “case x;” instead of “case x:” statements
fixed bug with wrong brace wrapping when if-clause contains only 1 token or in a try/catch block
fixed bug with parameter count in interprocedural analysis
fixed bug with register_globals implementation and constants
fixed bug with tokenizing a do-while in a do-while
fixed bug with wrong boundary detection when a function is declared in another function
fixed bug with wrong file pointer of included files, improved include rate
added auto_prepend/append_file support, improved include_path support (thanks to Jay Bonci)
added support for func_get_args() and func_get_arg()
added support for alternative syntax for control structures (while(): … endwhile;)
added new sensitive sinks
added experimental option SCAN_REGISTER_GLOBALS (/config/general.php)
added parsing errors to verbosity level = debug, improved code stability
工具下载:http://sourceforge.net/projects/rips-scanner/files/