I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kweHubo 3.12, umhlaziyi omile wolimi lwe-PHP. Ukukhishwa kwe-Alpha kwe-PHP 8.0

Ukukhishwa kweHubo 3.12, umhlaziyi omile wolimi lwe-PHP. Ukukhishwa kwe-Alpha kwe-PHP 8.0

Inkampani yeVimeo eshicilelwe ukukhishwa okusha kwe-static analyzer IHubo 3.12, okukuvumela ukuthi ukhombe womabili amaphutha asobala nacashile kukhodi ye-PHP, kanye nokulungisa ngokuzenzakalelayo ezinye izinhlobo zamaphutha. Uhlelo lufanele ukuhlonza izinkinga kokubili kukhodi yefa kanye nekhodi esebenzisa izici zesimanje ezethulwe emagatsheni amasha e-PHP. Ikhodi yephrojekthi ibhalwe ku-PHP futhi isatshalaliswa ngu ngaphansi kwelayisensi ye-MIT.

IHubo likhomba izinkinga eziningi ezihlobene nokusetshenziswa kohlobo olungalungile, kanye nezinhlobonhlobo amaphutha ajwayelekile. Isibonelo, isekela izexwayiso mayelana nokuxuba okuhlukile kwezinhlobo ezahlukene enkulumweni, ukuhlola okunengqondo okungalungile (njengokuthi “uma ($a && $a) {}”, “uma ($a && !$a) {}” kanye “ uma ( $a) {} elseif ($a) {}"), ukuqaliswa okungaphelele kwezakhiwo zento. I-analyzer isebenza ngemodi enezintambo eziningi. Kungenzeka ukwenza ukuskena okukhuphukayo, okuhlaziya kuphela amafayela ashintshile kusukela ekuskeneni kokugcina.

Ukwengeza, amathuluzi okuhlela avikelekile ahlinzekwa ukuvumela sebenzisa izichasiselo ngefomethi I-Docblock (“/** @var Uhlobo */”) ukuze unikeze ulwazi mayelana nezinhlobo eziguquguqukayo, amanani okubuyisela, amapharamitha okusebenza, izici zento. Ukuchaza uhlobo lwamaphethini okusetshenziswa nokusebenzisa izitatimende zokugomela nakho kuyasekelwa. Ngokwesibonelo:

/** @var string|null */
$a = foo();

/** @var string $a */
echo strpos($a, 'sawubona');

/** @psalm-assert-uma-true B $a */
umsebenzi isValidB(A $a) : bool {
buyisela i-$a exampleof B && $a->isValid();
}

Ukwenza ngokuzenzakalelayo ukuqedwa kwezinkinga ezitholakele, insiza ye-Psalter inikezwa, esekela ama-plugin kanye kuvumela xazulula izinkinga zekhodi evamile, engeza izichasiselo zohlobo, futhi wenze ukukhohlisa njengokuhambisa amakilasi usuka endaweni yamagama uye kwenye, ukuhambisa izindlela phakathi kwamakilasi, nokuqamba kabusha amakilasi nezindlela.

Kumagazini omusha weHubo kwenziwe inketho ethi "--taint-analysis" ikuvumela ukuthi ulandelele ubudlelwano phakathi kwamapharamitha okokufaka atholwe kumsebenzisi (ngokwesibonelo, $_GET['igama']) kanye nokusetshenziswa kwawo ezindaweni ezidinga ukubaleka izinhlamvu (ngokwesibonelo, i-echo " $name "), kufaka phakathi amaketanga okulandelela emisebenzi ephakathi nendawo namakholi wemisebenzi. Ukusetshenziswa kwama-associative arrays $_GET, $_POST kanye ne-$_COOKIE kuthathwa njengemithombo yedatha engaba yingozi, kodwa futhi kungenzeka. nencazelo imithombo siqu. Izenzo ezidinga ukulandelela okuphunyukayo zihlanganisa imisebenzi yokukhiphayo ekhiqiza okuqukethwe kwe-HTML, engeza izihloko ze-HTTP, noma usebenzise imibuzo ye-SQL.

Ukuqinisekisa kusetshenziswa uma kusetshenziswa imisebenzi efana ne-echo, exec, hlanganisa kanye nesihloko. Lapho kuhlaziywa isidingo sokubaleka, izinhlobo zedatha ezinjengombhalo, izintambo ezine-SQL, i-HTML nekhodi ye-Shell, izintambo ezinamapharamitha wokuqinisekisa ziyacatshangelwa. Imodi ehlongozwayo ikuvumela ukuthi ukhombe ubungozi kukhodi eholela ekubhalweni kwe-cross-site (XSS) noma esikhundleni se-SQL.

Ukwengeza, kungaphawulwa isiqalo ukuhlolwa kwe-alpha kwegatsha elisha le-PHP 8.0. Ukukhululwa kuhlelelwe uNovemba 26. Okulandelayo kulindeleke egatsheni elisha: emishanjengo:

  • Iyavula I-JIT compiler, ukusetshenziswa okuzokwenza ngcono ukukhiqiza.
  • ukweseka izinhlobo zezinyunyana, echaza amaqoqo ezinhlobo ezimbili noma ngaphezulu (isibonelo, “umsebenzi womphakathi foo(Foo|Bar$input): int|float;”).
  • ukweseka izimfanelo (izichasiselo) ezikuvumela ukuthi ubophe imethadatha (efana nolwazi lohlobo) emakilasini ngaphandle kokusebenzisa i-syntax ye-Docblock.
  • I-syntax efushanisiwe Izincazelo zekilasi, ezikuvumela ukuthi uhlanganise incazelo yomakhi nezakhiwo.
  • Uhlobo olusha lokubuyisela - Static.
  • Uhlobo olusha - Kuxutshwe, engasetshenziswa ukunquma ukuthi umsebenzi uyawamukela yini amapharamitha ezinhlobo ezahlukene.
  • Isimo phosa ukuphatha okuhlukile.
  • I-WeakMap ukudala izinto ezinganikelwa ngesikhathi sokuqoqwa kukadoti (isibonelo, ukugcina ama-caches angadingekile).
  • Ithuba usebenzisa isisho esithi “::class” ezintweni (okufana nokubiza get_class()).
  • Ithuba izincazelo kubhlokhi yokubamba kokuhlukile okungaboshelwe kokuguquguqukayo.
  • Ithuba kushiya ukhefana ngemva kwento yokugcina ohlwini lwamapharamitha omsebenzi.
  • Isixhumi esibonakalayo esisha Iqinile ukukhomba noma yiziphi izinhlobo zeyunithi yezinhlamvu noma idatha engaguqulelwa kuyunithi yezinhlamvu (lapho __toString() indlela etholakalayo).
  • Isici esisha str_contains(), i-analogue eyenziwe lula ye-strpos yokunquma ukwenzeka kochungechunge oluncane, kanye nemisebenzi ethi str_starts_with() kanye ne-str_ends_with() yokuhlola okufanayo ekuqaleni nasekupheleni kweyunithi yezinhlamvu.
  • Isici esingeziwe fdiv(), eyenza umsebenzi wokuhlukanisa ngaphandle kokuphonsa iphutha lapho ihlukanisa ngoziro.
  • Kushintshiwe intambo yokuhlanganisa ingqondo. Isibonelo, isisho esithi 'echo "sum:" . I-$a + $b' ngaphambilini yayihunyushwa ngokuthi 'echo ("sum: " . $a) + $b', futhi ku-PHP 8 izothathwa ngokuthi 'echo "sum: " . ($a + $b)'.
  • Iqinisiwe ukuhlola izibalo nokusebenza kwebhithi, isibonelo, izinkulumo "[] % [42]" kanye "$object + 4" kuzoholela ephutheni.
  • Kwenziwa i-algorithm yokuhlunga ezinzile lapho ukuhleleka kwamanani afanayo kugcinwa kuwo wonke ama-run ahlukene.

Source: opennet.ru

Engeza amazwana