|
|
Posted by naixn on 12/06/06 22:28
yawnmoth wrote :
> I'm trying to perform an audit on a PHP script and am curious what kind
> of software there already exists to do such things.
>
> I think the ideal solution would be something that, for each variable,
> provided a list of the functions that variable was passed through. eg.
>
> $a = someFunction($_GET['var']);
> echo $a;
>
> function someFunction($b) {
> return htmlspecialchars($b);
> }
>
> Here, $_GET['var'] passes through someFunction and htmlspecialchars
> before getting passed to echo (which I suppose isn't technically a
> function, but rather, a language construct).
>
> if statements could kinda confound this, but it seems like presenting
> the data in an appropriate fashion could mitigate that.
>
> Anyway, any ideas?
>
There is xDebug available for PHP :
http://www.xdebug.com/
It's able to do some profiling, and getting the functions call tree, showing
relative execution time, and so on (it generates cachegrind files, readable
with Kcachegrind.
See http://www.xdebug.com/docs-profiling2.php
It's not _exactly_ what you're looking for, but it's powerful enough to tell
you which function call costs the most time, and so on. :p
--
Naixn
http://fma-fr.net
Navigation:
[Reply to this message]
|