Php Security Scanner is a tool that scans PhP source files for problems.

Set up

  1. On carson, the Php Security Scanner is installed in ~www/php/securityscanner-1.0.2 and ~www/php/sec_scanner is a link to that directory.
  2. On carson, /usr/local/apache/conf/rewrite.conf has these lines: 
    # Sec Scanner, see http://embedded.eecs.berkeley.edu/dopsysadmin/faq/48.html
# Usually, these rules are commented out
RewriteRule ^/sec_scanner$ /sec_scanner/ [R,L]
RewriteRule ^/sec_scanner/$ /home/www/php/sec_scanner/interface/index.php [L]
  3. If the lines are commented out, uncomment them and then, as root on carson, run: 
    /etc/init.d/apachectl graceful
  4. As the www user on carson, do 
    cd ~www/php/sec_scanner
bin/security_scan.php ~www/php nov_27_cxh_scan
    where nov_27_cxh_scan is any descriptive string.
  5. The results of the tests can be seen at http://chesstst.eecs.berkeley.edu/sec_scanner/