René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Any interest in Polyscripting to mitigate code injections","articleBody":"**Background:**\r\n\r\nHello stackery folks, I wanted to get an opinion on whether integrating with an OSS project we're building at Polyverse would be of any interest. \r\n\r\n_Free-as-in-speech_: It's free in the way that you take it, and make billions off of it, and we'll be happy for you. There's no catch (and if you foresee any, happy to license/legalese/sign-something stating that it won't be ever.) We have no interest in backdoor monetizing this. We literally built it to see if it could be done, and whether it could be seamless to utilize. And it worked!\r\n\r\nWe had the idea of stopping code injections in PHP by just-before-deployment changing the PHP built-in keywords/symbols (over time we want to change the AST/Grammar itself), transforming the closure to this new \"language\", and deploying it. Nothing changes for the developer, but everything changes for the attacker, especially with things like unguraded `eval()`s and what not.\r\n\r\nMore details here: One of our open source (the kind where you can fork it and make billions off of it and we'll be happy for you) R\u0026D projects is called Polyscripting where we generate a new PHP runtime right at deployment, unique to a particular closure of execution.\r\n\r\nWe call the approach Polyscripting: https://polyverse.com/polyscripting/\r\n\r\nThe intent behind this is project is to effectively make code-injections impossible, by evading against the attack entirely (and detecting an attempt thanks to the syntax error.)\r\n\r\nWe prototyped deploying this to lambda: https://github.com/polyverse/pxp-lambda\r\n\r\nWe've merged it in Wordpress: https://www.katacoda.com/polyverse/scenarios/polyversepolyscripted-wordpress-v2\r\n\r\nHere's a detailed whitepaper of the concept/internals:\r\n[Polyscripting-10-18.pdf](https://github.com/stackery/php-lambda-layer/files/3672211/Polyscripting-10-18.pdf)\r\n\r\n\r\n**Any interest?**\r\n\r\nWould this be of interest to the PHP lambda layer? Happy to answer any questions and discuss.\r\n\r\nIf there is interest, we're happy to invest in integration.\r\n\r\nDefinitely let me know your thoughts, opinions, and don't hold back criticism!","author":{"url":"https://github.com/archisgore","@type":"Person","name":"archisgore"},"datePublished":"2019-09-30T16:17:10.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/54/php-lambda-layer/issues/54"}