Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PDO note #11034

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add PDO note #11034

wants to merge 1 commit into from

Conversation

natmchugh
Copy link

Summary

Added a note to describe how to enable the PDO extension in the security analysis.

Reason

I spent a long time trying to understand why the SQLTaint errors were not showing for my project that uses PDO. I added the examples of SQL issues to my project but they still would still not be found despite other issues from the examples being found. Eventually after reading all the docs I found the answer that PDO must be enabled as an extension if it is not defined in composer.json as a dependency. Requiring PHP PDO as a dependency had not been done which I think is probably fairly common.

I thought this requirement could do with pointing out more prominently in the documentation and when describe the sinks involved in security analysis which i think is Psalms killer feature. After all the PDO sink is described on this page but users may not know it needs further configuration to enable it.

If you think it belongs somewhere else or could be worded better then happy to work on it. Hope you find this helpful and thanks for the project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@natmchugh