RT, I am currently doing a code audit for a PHP project and found a vulnerable method, but how can I quickly find out where this method has been called in all other files, and where the parameters for calling this method are in other files? Where did it come from? It would be much more convenient if there was such a tool. Please recommend
I don’t have any good methods. I’m just going to talk about my approach. I feel like the poster has already tried it.
PhpStorm
,点击方法,按快捷键ALT + F7
或CTRL + ALT +SHIFT +F7
查找所有使用。参数变量按F4
或CTRL + 鼠标左键
Find the source. (This kind of search actually has many references that cannot be found), such as looping through a collection of objects to call the method of this objectIf it is a dynamic method, such as
function test()
全局搜索->test(
和->test (
If it is a static method, such as
static function test()
全局搜索Class::test(
和Class::test (
Through the above three steps, you may still miss things such as dynamic parameter calls, so you also need to consider searching for method strings
'test'
PHPStorm
phpStorm but you can’t judge with ajax
If you want to check the parameter transfer and value changes of the running call, you can use the php debug tool. Kint is recommended.
If you want to know which files may be called, you can use sublime to search in the folder.
The above recommended tools are all It's very light and small.