RT, I am currently doing a code audit for a PHP project and found a vulnerable method, but how can I quickly find out where this method has been called in all other files, and where the parameters for calling this method are in other files? Where did it come from? It would be much more convenient if there was such a tool. Please recommend
滿天的星座2017-05-27 17:43:57
I don’t have any good methods. I’m just going to talk about my approach. I feel like the poster has already tried it.
PhpStorm ,点击方法,按快捷键 ALT + F7 或 CTRL + ALT +SHIFT +F7 查找所有使用。参数变量按 F4 或 CTRL + 鼠标左键 Find the source. (This kind of search actually has many references that cannot be found), such as looping through a collection of objects to call the method of this object
If it is a dynamic method, such as function test() 全局搜索 ->test( 和 ->test (
If it is a static method, such as static function test() 全局搜索 Class::test( 和 Class::test (
Through the above three steps, you may still miss things such as dynamic parameter calls, so you also need to consider searching for method strings 'test'
$func = 'test';
$ojb->$func();
滿天的星座2017-05-27 17:43:57
If you want to check the parameter transfer and value changes of the running call, you can use the php debug tool. Kint is recommended.
If you want to know which files may be called, you can use sublime to search in the folder.
The above recommended tools are all It's very light and small.