Skip to content

Lightz | Add support for case-insensitive (interproc) function lookup in PHP

Problem

PHP has a unique language feature where certain elements are case-insensitive:

  • Function names (both built-in and user-defined)
  • Class and method names
  • PHP keywords (if, echo, include, etc)

Our current static analysis implementation correctly handles case insensitivity within single files, but does not properly track taint flows across files when function/method names differ in case. This creates a potential blind spot when analyzing PHP codebases.

Proposed Solution

Implement case-insensitive matching for PHP identifiers specifically in cross-file analysis contexts. This would:

  1. Recognize when the target language is PHP and apply case-insensitive matching rules only for that language
  2. Normalize function/class/method names appropriately when tracking cross-file dependencies
  3. Maintain existing case-sensitive behavior for all other languages