Commit Graph

9 Commits

Author SHA1 Message Date
Morris Jobke c930f70b52
Harden phan checks to catch more errors
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-27 07:53:56 +01:00
Roeland Jago Douma 2f36744aff
Update phan config
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:14 +02:00
Roeland Jago Douma ab20a64ed4
DAV Autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:11 +02:00
Roeland Jago Douma 112b0d57a8
Comments Autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:11 +02:00
Roeland Jago Douma ce7c9dfe8a
Admin Audit autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:09 +02:00
Roeland Jago Douma ff9f325677
Ignore composer stuff in phan
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-17 22:22:36 +02:00
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Lukas Reschke 591aaa4154
Add workaround for https://github.com/etsy/phan/issues/1033
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 11:08:43 +02:00
Lukas Reschke d8ec399454
Run phan over code base
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 10:28:11 +02:00