|
Dobrica Pavlinušić's random unstructured stuff
Disappointed in php -- again!: Revision 3
Taint checking? "Just say no"<http://marc.info/?l=php-internals&m=116621380305497&w=2>, according to php developers (I must admit, I stopped reading after first two replies).
"Pixy"<http://pixybox.seclab.tuwien.ac.at/pixy/> tries to address that (in Java, sic!) and fails on my test code. Only hope left (as it seems) is generation of AST tree using "phc"<http://www.phpcompiler.org/> or using "Parse_Tree"<http://pecl.php.net/package/Parse_Tree>. Both look like a workable way to get AST tree, but I really wouldn't like to implement taint analysis for language which I don't particularly like. Any suggestions from idle readers of my blog? OOH, this day would be more-or-less complete waste if I didn't stumble upon "hypertable"<http://code.google.com/p/hypertable/> which seem like nice implementation of bigtable in sane language (C/C++). Now if I could just find bunch of machines to run it on... |