Using PHP Spike Security Audit Tool on large source trees / Fixing issues with PHP Spike Security Audit (Fatal Error: Allowed memory size exhausted)

Sunday, 25th April 2010

Whilst Running the PHP Spike Security Audit Tool to audit a php source files directory containing large number of PHP files,like let’s say 700+ php files produces the following error: Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 71 bytes) in /usr/local/spike_phpSecAudit_0.27/util/TokenUtils.php on line 85

It’s obvious that php spike is written in a way that all audited php files are stored in memory before being processed.
Therefore the larger amount of php source code targeted to be audited by the Spike Security PHP Audit tool the highter the amount of necessery memory by the spike security audit php script.

For that reason it’s necessery to increase the allowed amount of memory that the php CLI (Command Line Interface) can consume.

The default value for memory limit on the PHP5 precompiled binary on Debian Lenny is 16 MB. This value is really low and needs to be increased in order to be able to run the spike PHP Sec Audit on directories with many php scripts.

There are basicly two ways to achieve that:

1. Edit /etc/php5/apache2/php.ini on Debian Linux

And Increase the value:

memory_limit = 200M

Increasing the memory_limit from the php.ini configuration is not really wise since that will lessen your security. So use this only if you know what you’re doing.

2. Or the other possibility to get around the error message is increase the memory_limit value via the PHP Spike Source Security Audit script

That is by the way, the better choise IMHO. If you go that way edit your run.php script bunled with the spike_phpSecAudit archive and there make sure you insert on the second line:

ini_set('memory_limit', '200M');

Share this on:

Download PDFDownload PDF

Tags:

Leave a Reply

CommentLuv badge