Run Clear Help About

DevBug Black & White

<?php /* DevBug - PHP Static Code Analysis written (mostly) in JavaScript */ // Cross-Site Scripting (XSS) $name = $_GET['name']; // tainted by user input echo('Hello ' . $name); # tainted data reaches sensitive sink // SQL Injection $id = $_POST['id']; mysql_query("SELECT user FROM users WHERE id = " . $id); // Command Injection $cmd = $_COOKIE['cmd']; exec("cat /var/log/apache2/access.log | grep " . $cmd); // Deprecated Function $words = split(":","split:this"); ?>

DevBug consists of two panels, the code editor and the information panel that sits below it.

Code Editor

The Code Editor has line numbering and syntax highlighting capabilities. The Code Editor is used to write, edit and paste PHP source code into. The Code Editor uses the CodeMirror Open Source project, this was found to be the most suitable for my needs after testing alternatives including writing my own.

Information Panel

The Information Panel is where all of DevBug's important information is displayed; information such as this help information and potential vulnerabilities detected by the Static Analysis engine.

The run button will trigger Static Analysis on the PHP source code contained within the Code Editor. The clear button will clear the code from the Code Editor and if your browser supports it, clear the code from local storage.

The source code is sent to the server un-encrypted, however, the source code is not recorded by the server in any way.

DevBug checks for the following vulnerabilities from user supplied input:

Cross-Site Scripting (XSS)
Header Manipulation
Code Evaluation
File Inclusion
File Reads
Command Injection
SQL Injection
XPath Injection
LDAP Injection
Header Injection

DevBug is a basic PHP Static Code Analysis (SCA) tool written mostly in JavaScript. The idea behind DevBug is to make basic PHP Static Code Analysis accessible online, to raise security awareness and to integrate SCA into the development process. DevBug could be used to quickly test a page of PHP that you think may have some potential vulnerabilities, to run across a piece of code you have found on Google that you are unsure of or to directly write your own code in.

Static Code Analysis should be part of your development process through a Security Development Lifecycle (SDL). The Taint Analysis data, such as sources, securing functions and sinks were provided by Johannes Dahse of the awesome RIPS PHP Static Code Analysis tool. The source code editor was created by using the awesome CodeMirror project.

DevBug would not have been possible without:

RIPS
CodeMirror
jQuery
PHP

DevBug was created by Ryan Dewhurst (ethicalhack3r) as part of his undergraduate university thesis.