Go to CCS 2022 homepageTChecker: Precise Static Inter-Procedural Analysis for Detecting Taint-Style Vulnerabilities in PHP Applications
Abstract: PHP applications provide various interfaces for end-users to interact with on the Web. They thus are prone to taint-style vulnerabilities such as SQL injection and cross-site scripting. For its high efficiency, static taint analysis is widely adopted to detect taint-style vulnerabilities before application deployment. Unfortunately, due to the high complexity of the PHP language, implementing a precise static taint analysis is difficult. The existing taint analysis solutions suffer from both high false positives and high false negatives because of their incomprehensive inter-procedural analysis and a variety of implementation issues. In this work, we present TChecker, a context-sensitive inter-procedural static taint analysis tool to detect taint-style vulnerabilities in PHP applications. We identify that supporting objects and type systems is critical for statically analyzing programs written in the dynamic language PHP. We first carefully model the PHP objects and the related object-oriented programming features in TChecker. It then iteratively performs an inter-procedural data-flow analysis on PHP objects to refine object types, thus could precisely identify the call targets. We also take a considerable amount of effort in supporting other dynamic features of PHP such as dynamic includes. We comprehensively evaluated TChecker on a diverse set of modern PHP applications and demonstrated its high effectiveness in vulnerability detection. Specifically, TChecker successfully detected 18 previously unknown vulnerabilities in these PHP applications. We compared TChecker with the related static analysis tools and found that it significantly outperformed them by detecting more vulnerabilities. TChecker could also find all the vulnerabilities the existing tools detect with a relatively good precision. We release the source code of our prototype implementation to facilitate future research.
0 Replies
Loading