auditing php programs?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm trying to perform an audit on a PHP script and am curious what kind
of software there already exists to do such things.

I think the ideal solution would be something that, for each variable,
provided a list of the functions that variable was passed through.  eg.

$a = someFunction($_GET['var']);
echo $a;

function someFunction($b) {
   return htmlspecialchars($b);

Here, $_GET['var'] passes through someFunction and htmlspecialchars
before getting passed to echo (which I suppose isn't technically a
function, but rather, a language construct).

if statements could kinda confound this, but it seems like presenting
the data in an appropriate fashion could mitigate that.

Anyway, any ideas?

Re: auditing php programs?

yawnmoth wrote :
Quoted text here. Click to load it

There is xDebug available for PHP :

It's able to do some profiling, and getting the functions call tree, showing
relative execution time, and so on (it generates cachegrind files, readable
with Kcachegrind.

It's not _exactly_ what you're looking for, but it's powerful enough to tell
you which function call costs the most time, and so on. :p


Site Timeline