https://github.com/laruence/taint

Taint is a PHP extension, used for detecting XSS codes
https://github.com/laruence/taint

c detect-xss-codes php taint

Last synced: 8 months ago
JSON representation

Taint is a PHP extension, used for detecting XSS codes

• Host: GitHub
• URL: https://github.com/laruence/taint
• Owner: laruence
• License: other
• Created: 2012-02-13T11:33:43.000Z (almost 14 years ago)
• Default Branch: master
• Last Pushed: 2024-07-01T04:24:46.000Z (over 1 year ago)
• Last Synced: 2025-04-04T01:11:11.502Z (9 months ago)
• Topics: c, detect-xss-codes, php, taint
• Language: C
• Homepage:
• Size: 233 KB
• Stars: 612
• Watchers: 44
• Forks: 128
• Open Issues: 20
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-php-extensions - taint - 检查XSS漏洞 (安全检查)

README

          
# Taint

[![Build status](https://ci.appveyor.com/api/projects/status/69ucxc2pwx333s3j/branch/master?svg=true)](https://ci.appveyor.com/project/laruence/taint/branch/master)

php extension used to detect XSS codes(tainted string), And also can be used to spot sql injection vulnerabilities, shell inject, etc.

The idea is from https://wiki.php.net/rfc/taint, I implemented it in a php extension which make the patch no-needed.

Please note that do not enable this extension in product env, since it will slowdown your app.

## Requirement

- PHP-5.2 +

## NOTE

Due to complication of PHP8.0 implementation, taint is not going to be compatible with PHP8.0+.

## Install

taint is an PECL extension, thus you can simply install it by:

````

pecl install taint

````

### Compile taint in Linux

````

$/path/to/phpize

$./configure --with-php-config=/path/to/php-config/

$make && make install

````

### Usage

When taint is enabled, if you pass a tainted string(comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that.

````php