PHP code example of pheromone / phpcs-security-audit
1. Go to this page and download the library: Download pheromone/phpcs-security-audit library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
pheromone / phpcs-security-audit example snippets
public static function is_direct_user_input($var) {
if (parent::is_direct_user_input($var)) {
return TRUE;
} else {
if ($var == 'get_param') {
return TRUE;
}
}
return FALSE;
}
$ phpcs --extensions=php,inc,lib,module,info --standard=./vendor/pheromone/phpcs-security-audit/example_base_ruleset.xml ./vendor/pheromone/phpcs-security-audit/tests.php
FILE: tests.php
--------------------------------------------------------------------------------
FOUND 18 ERRORS AND 36 WARNINGS AFFECTING 44 LINES
--------------------------------------------------------------------------------
6 | WARNING | Possible XSS detected with . on echo
6 | ERROR | Easy XSS detected because of direct user input with $_POST on echo
9 | WARNING | Usage of preg_replace with /e modifier is not recommended.
10 | WARNING | Usage of preg_replace with /e modifier is not recommended.
10 | ERROR | User input and /e modifier found in preg_replace, remote code execution possible.
11 | ERROR | User input found in preg_replace, /e modifier could be used for malicious intent.
...