ProHoster > Blog > labaran intanet > Sakin Zabura 3.12, mai nazarin yaren PHP. Sakin Alpha na PHP 8.0

Sakin Zabura 3.12, mai nazarin yaren PHP. Sakin Alpha na PHP 8.0

Kamfanin Vimeo aka buga sabon saki na static analyzer Zabura 3.12, wanda ke ba ka damar gano kurakurai na bayyane da kuma da hankali a cikin lambar PHP, da kuma gyara wasu nau'ikan kurakurai ta atomatik. Tsarin ya dace don gano matsalolin duka a cikin lambar gado da kuma cikin lambar da ke amfani da fasalulluka na zamani da aka gabatar a cikin sabbin rassan PHP. An rubuta lambar aikin a cikin PHP kuma rarraba ta karkashin lasisin MIT.

Zabura ta bayyana yawancin matsalolin da ke tattare da nau'in amfani da ba daidai ba, da kuma iri-iri kuskuren kuskure. Misali, yana goyan bayan gargaɗi game da haɗa masu canji na nau'ikan daban-daban a cikin magana, gwaje-gwajen ma'ana ba daidai ba (kamar "idan ($a &&$a) {}", "idan ($a && !$a) {}" da " idan ($a) {} elseif ($a) {}"), rashin kammala farawar kayan abu. Mai nazari yana aiki a yanayin zaren da yawa. Yana yiwuwa a yi ƙarin sikanin sikanin, waɗanda ke bincika fayilolin kawai waɗanda suka canza tun daga binciken ƙarshe.

Bugu da ƙari, an samar da amintattun kayan aikin shirye-shirye don ba da izini amfani annotations a cikin tsari Docblock ("/** @ var Nau'in */") don samar da bayanai game da nau'ikan masu canzawa, ƙimar dawowa, sigogin aiki, kaddarorin abu. Hakanan ana goyan bayan ayyana nau'in tsarin amfani da yin amfani da bayanan dalla-dalla. Misali:

/** @var kirtani | babu */
$a = foo();

/** @var string $a */
echo strpos($a, 'sannu');

/** @ zabura-ssert-idan-gaskiya B $a */
aiki isValidB(A $a): bool {
dawo $a misalin B && $a->isValid();
}

Don sarrafa aikin kawar da matsalolin da aka samo, an samar da kayan aikin Psalter, wanda ke goyan bayan plugins da Yana da damar magance matsalolin lambar gama gari, ƙara nau'in annotations, da aiwatar da gyare-gyare kamar matsar da azuzuwan daga sararin suna zuwa wani, hanyoyin motsi tsakanin azuzuwan, da canza suna azuzuwan da hanyoyi.

A cikin sabuwar fitowar Zabura aiwatar zaɓin "--taint-analysis" yana ba ku damar gano alaƙa tsakanin sigogin shigarwar da aka karɓa daga mai amfani (misali, $ _GET['suna']) da kuma amfani da su a wuraren da ke buƙatar tserewa hali (misali, echo" $ suna "), gami da ta hanyar bin diddigin sarƙoƙi na tsaka-tsakin ayyuka da kiran aiki. Ana ɗaukar amfani da tsarin haɗin gwiwa $_GET, $_POST da $_COOKIE a matsayin tushen bayanai masu haɗari, amma kuma yana yiwuwa. ma'anar nasu kafofin. Ayyukan da ke buƙatar gujewa bin diddigin sun haɗa da ayyukan fitarwa waɗanda ke haifar da abun ciki na HTML, ƙara masu kan HTTP, ko aiwatar da tambayoyin SQL.

Ana amfani da tabbatarwa lokacin amfani da ayyuka kamar echo, exec, haɗawa da kai. Lokacin nazarin buƙatar tserewa, nau'ikan bayanai kamar rubutu, kirtani tare da SQL, HTML da lambar Shell, kirtani tare da sigogin tantancewa ana la'akari da su. Yanayin da aka tsara yana ba ku damar gano lahani a cikin lambar da ke haifar da rubutun giciye (XSS) ko maye gurbin SQL.

Bugu da ƙari, ana iya lura da shi Fara gwajin alpha na sabon reshe na PHP 8.0. An shirya sakin ranar 26 ga Nuwamba. Ana sa ran abubuwa masu zuwa a sabon reshe: sababbin abubuwakamar:

  • Hada Mai tarawa JIT, yin amfani da shi zai inganta yawan aiki.
  • Taimako nau'ikan kungiya, ma'anar tarin nau'ikan nau'ikan biyu ko fiye (misali, "aiki na jama'a foo(Foo|Bar $input): int|float;").
  • Taimako halaye (bayani) waɗanda ke ba ku damar ɗaure metadata (kamar bayanin nau'in) zuwa azuzuwan ba tare da amfani da haɗin gwiwar Docblock ba.
  • Taqaitaccen magana ma'anar aji, yana ba ku damar haɗa ma'anar mai gini da kaddarorin.
  • Sabon nau'in dawowa - canzawa.
  • Sabon nau'in - gauraye, wanda za'a iya amfani dashi don tantance ko aiki yana karɓar sigogi na nau'ikan daban-daban.
  • Magana Jefa don kula da keɓancewa.
  • WeakMap don ƙirƙirar abubuwan da za a iya yin hadaya a lokacin tattara datti (misali, don adana abubuwan da ba dole ba).
  • Dama ta amfani da kalmar ":: class" don abubuwa (mai kama da kiran get_class()).
  • Dama ma'anoni a cikin kama toshe na keɓancewa waɗanda ba su da alaƙa da masu canji.
  • Dama barin waƙafi bayan kashi na ƙarshe a cikin jerin sigogin ayyuka.
  • Sabuwar dubawa Zaƙi don gano kowane nau'in kirtani ko bayanan da za a iya canza su zuwa igiya (wanda hanyar __toString() ke samuwa).
  • Sabon fasali str_ya ƙunshi(), Sauƙaƙe analogue na strpos don tantance abin da ya faru na ƙananan igiyoyi, da kuma ayyukan str_starts_with() da str_ends_with() don duba matches a farkon da ƙarshen kirtani.
  • Ƙara fasalin fdiv(), wanda ke yin aikin rarraba ba tare da jefa kuskure ba lokacin rarraba ta sifili.
  • Canza kirtani shiga dabaru. Misali, kalmar 'echo "sum:" . $a + $b' an fassara shi a baya da 'echo (" jimla: " . $a) + $b', kuma a cikin PHP 8 za a kula da shi a matsayin 'echo "sum:" . ($a +$b)'.
  • Takura duba lissafi da ayyukan bit, misali, maganganun "[] ​​% [42]" da "$ abu + 4" zasu haifar da kuskure.
  • An aiwatar wani barga mai daidaitawa wanda a cikinsa ana kiyaye tsari na dabi'u iri ɗaya a cikin gudu daban-daban.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster