今天尝试用了下PHPCheckStyle看看对PHP代码做静态扫描效果如何,结果误报率,,,掺不忍睹啊,是不是我哪里用错了?源代码:<?php
$first=$_GET["first"];
$value=strval($_GET["tainted"]);
echo $$first;
?>
扫描之后报告:2 Whitespace must preceed =. warning
2 Whitespace must follow =. warning
3 Whitespace must preceed =. warning
3 Whitespace must follow =. warning
6 A php close tag must not be included at the end of the file. warning
$first=$_GET["first"];
$value=strval($_GET["tainted"]);
echo $$first;
?>
扫描之后报告:2 Whitespace must preceed =. warning
2 Whitespace must follow =. warning
3 Whitespace must preceed =. warning
3 Whitespace must follow =. warning
6 A php close tag must not be included at the end of the file. warning
2 Undeclared or unused variable : $value. warning
这,,,明显不靠谱啊,,,我close tag灰常明显的已经,,,include了啊,,,费解