Should not alert in PHP comments

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Stefan Kalscheuer

    (@stklcode)

    You are right, comments usually won’t do any harm.

    The theme file scan in the current version is pretty simple, as it scans each line of PHP sources and applies a set of expressions to them, mainly to identify potentially malicious code patterns. Many of them ca be used for good, too, so false positives in the first run are likely normal for complex themes.

    A really dumb implementation that scans for /* or // won’t do the job here, as it’s easy to work around and target for false positives itself, so the routine has to be extended quite a bit.

    We will note this (reasonable) request, but to be honest I would not expect to see this extension in the near future. However, everybody is invited to contribute.

    Regards,
    Stefan

    Plugin Support Torsten Landsiedel

    (@zodiac1978)

    This feature request is handled in https://github.com/pluginkollektiv/antivirus/issues/114

    Therefore closing this thread as resolved, because further discussion on the implementation should be on Github.

    All the best
    Torsten

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Should not alert in PHP comments’ is closed to new replies.