本文探讨了使用PHPCheckStyle进行代码静态扫描时遇到的高误报率问题,并通过具体示例展示了其对PHP代码的一些不合理警告。
今天尝试用了下PHPCheckStyle看看对PHP代码做静态扫描效果如何,结果误报率,,,掺不忍睹啊,是不是我哪里用错了?源代码:<?php
$first=$_GET["first"];
$value=strval($_GET["tainted"]);
echo $$first;
?>
扫描之后报告:2 Whitespace must preceed =. warning
2 Whitespace must follow =. warning
3 Whitespace must preceed =. warning
3 Whitespace must follow =. warning
6 A php close tag must not be included at the end of the file. warning
$first=$_GET["first"];
$value=strval($_GET["tainted"]);
echo $$first;
?>
扫描之后报告:2 Whitespace must preceed =. warning
2 Whitespace must follow =. warning
3 Whitespace must preceed =. warning
3 Whitespace must follow =. warning
6 A php close tag must not be included at the end of the file. warning
2 Undeclared or unused variable : $value. warning
这,,,明显不靠谱啊,,,我close tag灰常明显的已经,,,include了啊,,,费解
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
