Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/laruence/taint
Taint is a PHP extension, used for detecting XSS codes
https://github.com/laruence/taint
c detect-xss-codes php taint
Last synced: 3 days ago
JSON representation
Taint is a PHP extension, used for detecting XSS codes
- Host: GitHub
- URL: https://github.com/laruence/taint
- Owner: laruence
- License: other
- Created: 2012-02-13T11:33:43.000Z (almost 13 years ago)
- Default Branch: master
- Last Pushed: 2024-07-01T04:24:46.000Z (6 months ago)
- Last Synced: 2024-12-14T01:05:54.062Z (10 days ago)
- Topics: c, detect-xss-codes, php, taint
- Language: C
- Homepage:
- Size: 233 KB
- Stars: 610
- Watchers: 45
- Forks: 128
- Open Issues: 21
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-php-extensions - taint - 检查XSS漏洞 (安全检查)
README
# Taint
[![Build status](https://ci.appveyor.com/api/projects/status/69ucxc2pwx333s3j/branch/master?svg=true)](https://ci.appveyor.com/project/laruence/taint/branch/master)php extension used to detect XSS codes(tainted string), And also can be used to spot sql injection vulnerabilities, shell inject, etc.
The idea is from https://wiki.php.net/rfc/taint, I implemented it in a php extension which make the patch no-needed.
Please note that do not enable this extension in product env, since it will slowdown your app.
## Requirement
- PHP-5.2 +## NOTE
Due to complication of PHP8.0 implementation, taint is not going to be compatible with PHP8.0+.## Install
taint is an PECL extension, thus you can simply install it by:
````
pecl install taint
````
### Compile taint in Linux
````
$/path/to/phpize
$./configure --with-php-config=/path/to/php-config/
$make && make install
````
### Usage
When taint is enabled, if you pass a tainted string(comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that.````php