Home > Backend Development > PHP Tutorial > PHP静态安全扫描器:php-security-scanner

PHP静态安全扫描器:php-security-scanner

WBOY
Release: 2016-06-20 12:51:37
Original
1239 people have browsed it

它能够探测传递的不安全变量到不安全的函数参数。

用法:

bin/php-security-scanner scan path/to/files
Copy after login

它将搜索所有文件的安全问题。

示例

Given the following code:

<?phpfunction bar() {    foo($_GET['name']);}function foo($name) {    mysql_query("SELECT * FROM foo WHERE name = '$name'");}?>
Copy after login

Running the scanner on this file will identify like 4 as an error, with the message:

Possible SQL Injection found in call to foo() argument number 1

Supported vulnerability scanners:

Currently, onlymysql_queryis supported, and only in limited situations.


项目主页:http://www.open-open.com/lib/view/home/1438239170863

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template