Rapid Code Patching

Deploy recommended code patches automatically so you can focus on developing secure applications


Request Demo

Generated Patch

Controller/UserController.php
19-
$image = "<img title='" . $name . "' src='1.png'/>";
19+
$image = "<img title='" . htmlentities($name, ENT_QUOTES) . "' src='1.png'/>';

Rapid and Accurate Code Issue Resolution

RIPS code analysis engines simulate language-specific features, pitfalls, and frameworks in order to deliver the most accurate static analysis possible. RIPS is able to detect the most complex security issues in even the largest code bases. Utilizing RIPS, our customers report being able to reallocate valuable engineering resources, that were previously spent on manual code review, to meeting product delivery and release deadlines.

About our approach

Controller/UserController.php
10
class UserController extends AbstractController
11
{
12
public function show(Request $request): Response
13
{
14
$name = $request->get('name');
19
$image = "<img title='" . $name . "' src='1.png'/>";
26
return new Response($image);
27
}
28
}

Issue Context Evaluation

In order to generate an accurate patch, RIPS evaluates the exact context of the detected security issue. Patches always must be applied context-sensitive to ensure that all malicious characters are sanitized or validated that would otherwise be exploited by attackers. RIPS considers all typing behaviours of the programming language as well as built-in sanitizers and validators, analyzes the markup context (e.g. HTML or SQL), and evaluates the combination of user input with the vulnerable statement. Within this process, RIPS is also able to identify patches that are insufficient or incorrectly applied.

Cross-Site Scripting Vulnerability
(single-quoted attribute)
<img title=' $_REQUEST['name'] ' src='1.png'/>

First Patch Generation

As a result of this unique analysis approach, RIPS is the first SAST solution that is able to automatically generate a customized patch. Each patch is specifically tailored to your vulnerable code and fixes the detected issue for you securely. You can easily copy-paste the fixed line into your code for remediation and save additional hours or days of research and rework. Finding and fixing security bugs was never that easy!

Controller/UserController.php
19-
$image = "<img title='" . $name . "' src='1.png'/>";
19+
$image = "<img title='" . htmlentities($name, ENT_QUOTES) . "' src='1.png'/>';