How to create a call graph for a PHP web application
The increase in the features requires a more complicated source code for a web application. As a result, the expansion of the source code can lead to security vulnerabilities that need our attention. Debugging the code base of a web application can be time-consuming and tiresome. This is the place where the debugging tools help us by providing more information regarding the functionality of each section of the code in the web application. In the next few posts, I want to explain how we can implement our own simple static analysis to create the call graph of a web application.
A call graph represents a directed graph where each node indicates a function or a method in our program. The edges in a call graph are drawn between two nodes when the first node calls the second node in our graph. I am going to show this by example. Consider the following snippet of code:
In the above example, our script invokes the function “b” and function “b” calls the function “a”. Both function “a” and “b” invoke the PHP built-in function echo. The call graph for our example looks like this:
To create a call graph of a PHP web application statically, we need to parse each script in the source code. By parsing the scripts, we will be able to differentiate between various statements written in each script. To do so, I am going to use php-parser which is written in the Go programming language. php-parser will generate an abstract syntax tree(AST) of each script which allows us to traverse this tree and identify function/method calls. The php-parser library will make our life easier to generate the call graph statically. In the next post, I am going to explain the first part of our static analysis which is identifying implemented functions, methods, and classes in a web application.
Azad, Babak Amin, Pierre Laperdrix, and Nick Nikiforakis. “Less is more: quantifying the security benefits of debloating web applications.” 28th USENIX Security Symposium 2019.