Black Aura

projects | posts | contact

pyparsephp

https://bitbucket.org/blackaura/pyparsephp

pyparsephp is a set of libraries which can be used to parse PHP files. The library is designed to be used in PHP source code analysis tools, especially security related tools. This code will eventually be used in a larger project which will try to identify bugs in PHP code such as SQL injection and XSS.

Best runs on Python2.7.

The library files can also be used as standalone programs.

phpextract.py

usage: phpextract.py [-h] -d DIR [-o OUTPUT]

optional arguments:
  -h, --help            show this help message and exit
  -d DIR, --dir DIR     Directory
  -o OUTPUT, --output OUTPUT
                        Output file

This program extracts PHP source code that it finds in files. It recursively crawls the directory DIR for PHP files and extracts code between .

phpgetfunctions.py

usage: phpgetfunctions.py [-h] -d DIR [-o OUTPUT]

optional arguments:
  -h, --help            show this help message and exit
  -d DIR, --dir DIR     Directory
  -o OUTPUT, --output OUTPUT
                        Output file

phpgetfunctions.py extracts functions from PHP files.

phpgetclass.py

usage: phpgetclass.py [-h] -d DIR [-o OUTPUT] [-e]

optional arguments:
  -h, --help            show this help message and exit
  -d DIR, --dir DIR     Directory
  -o OUTPUT, --output OUTPUT
                        Output file
  -e, --execdot         Execute dot

phpgetclass.py extracts classes from PHP files and generates a class diagram in the form of a Graphviz dot file. If the parameter -e is supplied it tries to execute dot and generate a PNG of the class diagram (Note: you need graphviz to be installed)

Example:

>pyparsephp>phpgetclass.py -d testcases\classes\simple -o testcases\classes\simple.report -e

Parsing classes
Generating testcases\classes\simple.report
Generating testcases\classes\simple.report.dot
Generating testcases\classes\simple.report.dot.png

simple.report

\A
  extends: None
  implements: None
  use: []
  functions
    a1
    {'body': ['function a1()', '{', '}'], 
     'name': 'a1', 
     'use_predef': {
         'files': [], 'get': [], 'global': [], 'request': [], 
         'server': [], 'session': [], 'cookie': [], 'env': [], 
         'post': []
     }, 'access': None, 'static': False, 'params': None}


\X
  extends: None
  implements: None
  use: []
  functions
    x2
    {'body': 
       ['public function x2()', '{', '}'], 
       'name': 'x2', 
       'use_predef': {
           'files': [], 'get': [], 'global': [], 'request': [], 
           'server': [], 'session': [], 'cookie': [], 'env': [], 
           'post': []
       }, 
       'access': 'public', 'static': False, 'params': None}
    x3
    {'body': ['protected function x3()', '{', '}'], 
     'name': 'x3', 
     'use_predef': {
       'files': [], 'get': [], 'global': [], 'request': [], 
       'server': [], 'session': [], 'cookie': [], 'env': [], 
       'post': []
    }, 'access': 
    'protected', 'static': False, 'params': None}
    x1
    {'body': ['private function x1()', '{', '}'], 
     'name': 'x1', 
     'use_predef': {
         'files': [], 'get': [], 'global': [], 'request': [], 
         'server': [], 'session': [], 'cookie': [], 'env': [], 
         'post': []
    }, 'access': 'private', 'static': False, 'params': None}
    x4
    {'body': ['function x4()', '{', '}'], 
     'name': 'x4', 
     'use_predef': {
         'files': [], 'get': [], 'global': [], 'request': [], 
         'server': [], 'session': [], 'cookie': [], 'env': [], 
         'post': []
     }, 'access': None, 'static': False, 'params': None}


\B
  extends: None
  implements: None
  use: []
  functions


\C
  extends: \A
  implements: \B
  use: []
  functions


\Y
  extends: \C
  implements: None
  use: []
  functions


\Z
  extends: \Y
  implements: None
  use: []
  functions

dot report: simple.report.dot

digraph G { Node1 [label="\\A", shape=box];
    Node2 [label="\\X", shape=box];
    Node3 [label="\\B" , shape=box, style=dotted];
    Node4 [label="\\C", shape=box];
    Node5 [label="\\Y", shape=box];
    Node6 [label="\\Z", shape=box];
    Node4 -> Node1;
    Node4 -> Node3 [style=dotted];
    Node5 -> Node4;
    Node6 -> Node5;
}

dot graphical result

phpgetexecutable.py

usage: phpgetexecutable.py [-h] -d DIR [-o OUTPUT] [-p]

optional arguments:
  -h, --help            show this help message and exit
  -d DIR, --dir DIR     Directory
  -o OUTPUT, --output OUTPUT
                        Output file
  -p, --params          Show only if predefined variables ($_GET, $_POST,
                        etc..) are present

phpgetexecutable.py extracts code from PHP pages that can be readily executed when the PHP page is loaded. Elements such as functions and classes are skipped.