Hướng dẫn php security scanner github
The Parse scanner is a static scanning tool to review your PHP code for potential security-related issues. A static scanner means that the code is not executed and tested via a web interface (that's dynamic testing). Instead, the scanner looks through your code and checks for certain markers and notifies you when any are found. For example, you really shouldn't
be using eval in your code anywhere if you can help it. When the scanner runs, it will parse down each of your files and look for any InstallationInstall as a development dependency in your project using composer:
The path to the installed executable may vary depending on your bin-dir setting. With the default value parse is located at For a system-wide installation use:
Make sure
you have Usage
To use the scanner execute it from the command line:
For more detailed information see the Output formatsCurrently console (dots), xml and json output formats are available. Set format with the
The console formats supports setting the verbosity using the
If your platform does not support ANSI codes, or if you want to redirect the console output to a file, use the
Listing the checksYou can also get a listing of the current checks being done with the Managing rules to runThere are several ways to control which rules are run. You can specifically include rules using the Excluding and Including rulesBy default, Any rules specified by If AnnotationsRules can be enabled and disabled using DocBlock annotations. These are comments in the code being scanned that tells Parse to specifically enable or disable a rule for the block of code the DocBlock applies to.
Note that annotations cannot enable tests that have been omitted via the command line options. If a test is disabled at the command line, it is disabled for the entire scan, regardless of any annotations. Comments can be added after To disable the use of annotations, use the See the The ChecksHere's the current list of checks:
Plenty more to come... (yup, TODOSee the current issues list for Parse is covered under the MIT license. @author Chris Cornutt () |