5ec276fb51
Run onyl when required |
||
---|---|---|
src | ||
tests/integration | ||
vendor | ||
.drone.yml | ||
LICENSE | ||
README.md | ||
composer.json | ||
composer.lock | ||
instrumentalize.php |
README.md
PHP Static Scanner Instrumentalization
Static security scanners usually are not clever enough to detect our injection of parameters in the Nextcloud source code.
This instrumentalization script loops over a given directory and instrumentalizes the source code by directly injecting
a $_GET
on code related to the Nextcloud appframework. So the original code would look like:
<?php
use OCP\AppFramework\Controller;
class Foo extends Controller {
public function list($index, $bar) {
// Logic of the code
}
}
$index
in the function list
here would automatically be read from $_GET
, to make the static scanners aware of that
the resulting code would look like:
<?php
use OCP\AppFramework\Controller;
class Foo extends Controller {
public function list() {
$index = $_GET['index'];
$bar = $_GET['bar'];
// Logic of the code
}
}