This detects passing unsafe variables to unsafe function arguments.
bin/php-security-scanner scan path/to/files
It will search through all files for security issues.
Given the following code:
<?php
function bar() {
foo($_GET['name']);
}
function foo($name) {
mysql_query("SELECT * FROM foo WHERE name = '$name'");
}
?>
Running the scanner on this file will identify like 4 as an error, with the message:
Possible SQL Injection found in call to foo() argument number 1
Currently, only mysql_query
is supported, and only in limited situations.