Code Analysis

XSS in PHP Source Code

#!/bin/bash

# 1) save it as xssaminer
# 2) allow execution: chmod +x xssaminer
# 3) run it & check usage: ./xssaminer

if [ -z $1 ]
then
	echo -e "Usage:\n$0 FILE\n$0 -r FOLDER"
	exit
else
	f=$1
fi

sources=(GET POST REQUEST "SERVER\['PHP" "SERVER\['PATH_" "SERVER\['REQUEST_U")
sinks=(? echo die print printf print_r var_dump)

xssam(){
	for i in ${sources[@]}
	do
		a=$(grep -in "\$_${i}" $f | grep -o "\$.*=" | sed "s/[ ]\?=//g" | sort -u)

		for j in ${sinks[@]}
		do
			grep --color -in "${j}.*\$_${i}" $f

			for k in $a
			do
				grep --color -in "${j}.*$k" $f
			done
		done
	done
}

if [ $f != "-r" ]
then
	xssam
else
	for i in $(find $2 -type f -name "*.php")
	do
		echo "File: $i"
		f=$i
		xssam
	done
fi

http://brutelogic.com.br/brutal/xssaminer.txt

Looking for XSS in PHP Source CodeBrute XSS

SpotBugs

Java Code

GitHub - spotbugs/spotbugs: SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.GitHub

Semgrep

GitHub - semgrep/semgrep: Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.GitHub

Getting Started with Semgrep and Finding VulnerabilitiesPayatu

Semgrep A Practical IntroductionNotSoSecure

Rules - C/C++

GitHub - 0xdea/semgrep-rules: A collection of my Semgrep rules to facilitate vulnerability research.GitHub

Rules - Python, Javascript/GraphQL, Go, Rust

GitHub - trailofbits/semgrep-rules: Semgrep queries developed by Trail of Bits.GitHub

Rules - Java/Android, PHP, Kotlin

GitHub - federicodotta/semgrep-rules: A collection of my Semgrep rulesGitHub

Rules - Multiple Languages

GitHub - semgrep/semgrep-rules: Semgrep rules registryGitHub

Sonarqube

Scan

osboxes@osboxes:~/Desktop/test$ /opt/sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner   -Dsonar.projectKey=test   -Dsonar.sources=.   -Dsonar.host.url=http://localhost:9000   -Dsonar.token=sqp_298c331b3738f8a44310aece9e2de4008d82cde5

Snyk

Online

Not recommanded or remove sensitive information

Vérificateur de code | Outil de sécurité du code gratuit basé sur l’IA | SnykSnyk

Snyk CLI

Snyk CLI Quick Guide: Installation and Common CommandsBright Security

https://app.snyk.io/loginapp.snyk.io

CodeQL

CodeQL

Getting started with the CodeQL CLI - GitHub DocsGitHub Docs

Example with Visual Studio:

https://www.cyberark.com/resources/threat-research-blog/discovering-hidden-vulnerabilities-in-portainer-with-codeqlwww.cyberark.com

Vulnhuntr

GitHub - protectai/vulnhuntr: Zero shot vulnerability discovery using LLMsGitHub

PHP Static Analysis Tool

GitHub - phpstan/phpstan: PHP Static Analysis Tool - discover bugs in your code without running it!GitHub

List of Static Application Security Testing (SAST) Tools

Source Code Analysis Tools | OWASP Foundation

Resources

SEI CERT C Coding Standard

Confluence Mobile - Confluence

SEI CERT C++ Coding Standard

Confluence Mobile - Confluence

SEI CERT Oracle Coding Standard for Java

Confluence Mobile - Confluence

OWASP Secure Coding Practices

OWASP Secure Coding Practices-Quick Reference Guide | OWASP Foundation