Mar 162015
 
Screenshot of psecio-parse scan

I used rips for many years to help with auditing source code.  Lets face it, anytime you can automate a mundane task such as source code auditing, you free up time for other things to be done…..plus if you have ever stared at source code for 14+ hours straight reading line by line by line ….. you know how well automation helps save your vision.

Anyways, today I found a new project at github and wanted to document how I set it up.  One thing to keep in mind is that this is a relatively new project, and with any new project of this size and scope … we can generally expect a few things …. lots of development changes and false positives.  Even with this being known, I still love the direction the project is already moving … so lets begin.

First, you need to install composer.  I installed it globally but you can also do it locally if you do not have admin rights.

$ curl -sS https://getcomposer.org/installer | php
$ sudo cp composer.phar /usr/local/bin/composer
$ which composer
$ mkdir -p ~/.composer/vendor/bin

Next, get parse:

git clone https://github.com/psecio/parse.git
cd ../
mkdir -p psecio/parse
rsync -av parse/ psecio/parse/
composer global require psecio/parse

Next add the required path to .bashrc file:

export PATH=$PATH:~/.composer/vendor/bin

Source the .bashrc file to make it active:

source ~/.bashrc

Now you should be able to do an audit using default values (just specify the path to your code):

psecio-parse scan /path/to/my/project

View Help on scanning:

psecio-parse help scan

I generally trim the rules down to cut down on the noise:

psecio-parse scan --whitelist-rules PregReplaceWithEvalModifier,SessionRegenerateId,EchoWithFileGetContents,SystemFunctions,MysqlRealEscapeString,ExitOrDie,EvalFunction,GlobalsUse /path/to/code

An example screenshot:

 

Screenshot of psecio-parse scan

Screenshot of psecio-parse scan