auditing php programs?

I'm trying to perform an audit on a PHP script and am curious what kind
of software there already exists to do such things.

I think the ideal solution would be something that, for each variable,
provided a list of the functions that variable was passed through. eg.

$a = someFunction($_GET['var']);
echo $a;

function someFunction($b) {
return htmlspecialchars($b);
}

Here, $_GET['var'] passes through someFunction and htmlspecialchars
before getting passed to echo (which I suppose isn't technically a
function, but rather, a language construct).

if statements could kinda confound this, but it seems like presenting
the data in an appropriate fashion could mitigate that.

Anyway, any ideas?

yawnmoth wrote :
> I'm trying to perform an audit on a PHP script and am curious what kind
> of software there already exists to do such things.
>
> I think the ideal solution would be something that, for each variable,
> provided a list of the functions that variable was passed through. eg.
>
> $a = someFunction($_GET['var']);
> echo $a;
>
> function someFunction($b) {
> return htmlspecialchars($b);
> }
>
> Here, $_GET['var'] passes through someFunction and htmlspecialchars
> before getting passed to echo (which I suppose isn't technically a
> function, but rather, a language construct).
>
> if statements could kinda confound this, but it seems like presenting
> the data in an appropriate fashion could mitigate that.
>
> Anyway, any ideas?
>

There is xDebug available for PHP :
http://www.xdebug.com/

It's able to do some profiling, and getting the functions call tree, showing
relative execution time, and so on (it generates cachegrind files, readable
with Kcachegrind.
See http://www.xdebug.com/docs-profiling2.php

It's not _exactly_ what you're looking for, but it's powerful enough to tell
you which function call costs the most time, and so on. :p

--
Naixn
http://fma-fr.net