Skip to content

splendor-pro/splendor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
cpg/gremlin
cpg/gremlin
 
 
model
model
 
 
phpjoern
phpjoern
 
 
preparation
preparation
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
common.py
common.py
 
 
main.py
main.py
 
 

Repository files navigation

Splendor

Splendor is a prototype tool for static discovery of stored XSS from PHP source code. It now supports two scanning methods: If the complete database query string is available in the source code, Splendor will use string analysis for database read/write location analysis of the tainted data (Direct method[1]). Otherwise Splendor performs a DAL analysis and uses a fuzzy matching way to get this information(Fuzzy matching method).

Basis of analysis

Our analysis is based on phpJoern[2]. The PHP source code should be parsed as an AST and a CPG created by phpJoern.

Reference

[1] Dahse, Johannes and Thorsten Holz. “Static Detection of Second-Order Vulnerabilities in Web Applications.” USENIX Security Symposium (2014).
[2] https://github.com/malteskoruppa/phpjoern

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages