{
    "href": "/post/2004/12/09/towards-a-secure-savant-compiler/",
    "relId": "2004/12/09/towards-a-secure-savant-compiler",
    "title": "Toward a Secure Compiler for Savant",
    "author": "pmjones",
    "markup": "html",
    "tags": [
        {
            "href": "/tag/php/",
            "relId": "php",
            "title": "PHP",
            "author": null,
            "created": null,
            "updated": [],
            "markup": "markdown"
        }
    ],
    "created": "2004-12-09 20:22:00 UTC",
    "updated": [
        "2004-12-09 20:22:00 UTC"
    ],
    "html": "<p><a href=\"http://phpsavant.com\">Savant</a> uses PHP for its template markup, but also supports extneral compilers.  Unfortunately, the example compiler in the distro is not that secure.</p>\n<p>But!  Joshua Eichorn has put together a <a href=\"http://blog.joshuaeichorn.com/index.php?p=84\">spiffy PHP code analysis tool</a> called <a href=\"http://bluga.net/projects/PHPCodeAnalyzer/\">PHPCodeAnalyzer</a>.  It takes PHP code, runs the <a href=\"http://php.net/tokenizer\">PHP tokenizer</a> on it, and reports back what functions, methods, etc. are present in the code.  This could serve as a basis for a secure compiler for Savant, which in turn might be the tipping point for <a href=\"http://revjim.net/comments/10171\">RevJim</a>.</p>\n<p>(Reverend, if you're reading, I'd be very happy to hear your comments on this).</p>\n"
}