On Sat, 19 Feb 2005, Dries Buytaert wrote:
I slapped together the foundations of a code checker scripts and installed it on drupal.org. It took me 50 minutes to write and install. It catched hundreds of (small) issues already, and will continue to catch many more in future to it most certainly pays off.
talk == silver code == gold. :)
What is next? -------------
Of course, we'll want to integrate it better and make it visually more appealing. Also, we'll want to add many more tests.
I won't be able to work on it until after DrupalCon but you're all invited to add more tests. I'd be happy to install newer versions on drupal.org as soon they hit CVS.
So, who's first to add a new test?
I am. I added a test to check the integrity of database queries. It won't catch sql errors, but it will barf at variables in the middle of a query which could potentially be harmfull. Of course something like db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values); _is_ secure, but we should try to avoid such stuff nevertheless. Because of the ambiguity the error message is quite soft: - The INSERT query at line 164 is potentially insecure as it does not use our database query wrapper properly. Cheers, Gerhard