Jump to content

RIPS

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Derek R Bullamore (talk | contribs) at 09:41, 10 August 2016 (Filling in 6 references using Reflinks). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

RIPS
Developer(s)Johannes Dahse
Stable release
0.55 / March 31, 2015; 9 years ago (2015-03-31)
Written inPHP
Operating systemCross-platform
Available inPHP
TypeStatic code analysis
LicenseGNU General Public License
Websitewww.ripstech.com

RIPS is a static code analysis tool to automatically detect taint-style vulnerabilities in PHP applications. The initial version was written in PHP and released during the Month of PHP Security[1] in May 2010 as open source software.[2] A new rewritten version is available as cloud and standalone product that overcomes fundamental limitations of the open source version.

Analysis

RIPS tokenizes PHP code (lexical analysis) based on PHP's tokenizer extension and performs semantic analysis[disambiguation needed] to build a program model. Based on previously analyzed variable assignments, it performs backwards-directed inter-procedural taint analysis of sensitive sinks. RIPS strength is the ability to scan PHP applications very fast for PHP-specific vulnerabilities. The weakness of the open-source version is a rather high amount of false positives due to no use of an abstract syntax tree or control flow graph. The lacking support for object-oriented PHP code can lead to false negatives.

Vulnerability types

The detection of the following vulnerability types is supported:

  • Code Execution
  • Command Execution
  • Connection String Injection
  • Cross-Site Scripting
  • HTTP Response Splitting
  • File Disclosure
  • File Inclusion
  • File Manipulation
  • LDAP Injection
  • PHP Object Injection
  • SQL Injection
  • XPath Injection

Web interface

RIPS is controlled via web interface. It allows to initiate scans in local directories for specific vulnerability types or to perform regular expression searches. Detected vulnerabilities are presented in the web interface with a minimum set of affected code lines as well as a vulnerability summary. For each vulnerability an integrated code viewer can be opened in order to highlight the affected code lines in the original source code. Furthermore, help is offered to understand the vulnerability and exploits can be generated automatically. The interface also offers a list of scanned PHP files, user-defined functions, and detected sources.

Development

The development of the current version 0.55 is abandoned due to its fundamental limitations. A completely rewritten prototype is available[3] that improves analysis precision,[4] is able detect 36 vulnerability types, including second-order vulnerabilities,[5] and supports object-oriented PHP code.[6]

See also

References

  1. ^ "MOPS Submission 09: RIPS – A static source code analyser for vulnerabilities in PHP scripts « the Month of PHP Security". Php-security.org. 2010-05-24. Retrieved 2016-08-10.
  2. ^ "RIPS download". SourceForge.net. Retrieved 2016-08-10.
  3. ^ "RIPS - Automated Security Analysis for PHP Code". Ripstech.com. Retrieved 2016-08-10.
  4. ^ Johannes Dahse; Thorsten Holz (2014-02-22). "Simulation of Built-in PHP Features for Precise Static Code Analysis". Internet Society. Retrieved 2016-08-10.
  5. ^ "Static Detection of Second-Order Vulnerabilities in Web Applications". USENIX.org. 2014-08-01. Retrieved 2016-08-10.
  6. ^ "Code Reuse Attacks in PHP". Dl.acm.org. doi:10.1145/2660267.2660363. Retrieved 2016-08-10.