Forum OpenACS Development: Static Security Analysis of OpenACS / ]project-open[ files?
Do you know if somebody tried to perform a "static" security analysis of TCL files in the past? We've started to run the Arachni Web application security checker, but I'm not very satisfied with this approach...
I know that static analysis isn't possible in general. However, I've got an algorithm in my mind that would cover all security issues that have appeared in ]po[ so far:
- Parse all TCL files in the system and identify all "critical" commands (db_*, exec, eval)
- Identify all variables and commands used to create parameters to critical commands
- Recursively build the dependency tree
- Check the dependency tree for dollar variables and trace inputs back to ad_page_contract and similar.