Skip to content

Add support for PHP dynamic file imports in cross-file analysis in GLAS

Problem

PHP supports dynamic file imports where the path is constructed at runtime using variables or constants:

// Using magic constants
require_once __DIR__ . '/config.php';

// Using variables
$module = 'users';
include("modules/{$module}.php");

// Using superglobals
require($_SERVER['DOCUMENT_ROOT'] . '/includes/header.php');

Our current static analysis implementation only supports static imports (where the path is a string literal), limiting our ability to perform cross-file analysis on dynamically included code.

Proposed Solution

Enhance our PHP analysis to support common dynamic import patterns:

  1. Path construction using PHP magic constants (__DIR__, __FILE__)
  2. Path construction using superglobals ($_SERVER variables)
  3. String concatenation in import paths
  4. All four import mechanisms with dynamic paths (require, require_once, include, include_once)

This would improve our ability to detect vulnerabilities across files in real-world PHP applications where dynamic file inclusion is common practice.

Implementation Plan

Not yet known.