它能够探测传递的不安全变量到不安全的函数参数。
用法:
bin/php-security-scanner scan path/to/files
它将搜索所有文件的安全问题。
示例
Given the following code:
<?phpfunction bar() { foo($_GET['name']);}function foo($name) { mysql_query("SELECT * FROM foo WHERE name = '$name'");}?>
Running the scanner on this file will identify like 4 as an error, with the message:
Possible SQL Injection found in call to foo() argument number 1
Supported vulnerability scanners:
Currently, on2本文来源gaodaima#com搞(代@码$网6
搞gaodaima代码
lymysql_queryis supported, and only in limited situations.
项目主页:http://www.open-open.com/lib/view/home/1438239170863
搞代码网(gaodaima.com)提供的所有资源部分来自互联网,如果有侵犯您的版权或其他权益,请说明详细缘由并提供版权或权益证明然后发送到邮箱[email protected],我们会在看到邮件的第一时间内为您处理,或直接联系QQ:872152909。本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:PHP静态安全扫描器:php-security-scanner
转载请注明原文链接:PHP静态安全扫描器:php-security-scanner
