|
|
Posted by yawnmoth on 12/06/06 22:19
I'm trying to perform an audit on a PHP script and am curious what kind
of software there already exists to do such things.
I think the ideal solution would be something that, for each variable,
provided a list of the functions that variable was passed through. eg.
$a = someFunction($_GET['var']);
echo $a;
function someFunction($b) {
return htmlspecialchars($b);
}
Here, $_GET['var'] passes through someFunction and htmlspecialchars
before getting passed to echo (which I suppose isn't technically a
function, but rather, a language construct).
if statements could kinda confound this, but it seems like presenting
the data in an appropriate fashion could mitigate that.
Anyway, any ideas?
[Back to original message]
|