Stranger is an Automata-Based Symbolic String Analysis Library. You can use stranger to solve string constraints and/or compute pre and post-images of string manipulation operations such as concatenation and replacement. It can handle complex regular-expression based replace operations such as PHP's preg_replace and approximate these operations in the presence of unbounded loops with high precision and smooth performance. It can also be used to do automatic repair for such bugs. Stranger stands for STRing AutomatoN GEneratoR.

• Detect security vulnerability in PHP.

  We built a tool based on Stranger to detect validation and sanitization bugs that may result in security vulnerabilities in PHP web applications. The tool takes a PHP program as input along with a policy (an attack pattern), specified as a PHP regular expression, and automatically analyzes it and outputs possible bugs. We successfully tested the tool to detect XSS , SQL Injection and MFE vulnerabilities in a number PHP web programs (OWASP Top 10).

• Automatically Fix validation and sanitization problems in your code.

  SemRep is Semantic Differential Repair tool for input validation and sanitization code. The tool analyzes and repairs validation and sanitization functions against each other. The tool does not need any manual specification or intervention. It takes two functions as Dependency Graphs then it looks for differences in validation and sanitization operations for string variables. If a difference is found, the tool suggests a set of three patch functions that can be used to fix the difference.