vip-scanner
vip-scanner copied to clipboard
Automattic
Deprecated: Scan all sorts of themes and files and things! Use PHPCS and the VIP coding standards instead
Per #107, we can now convert scans from regex to the `AnalyzedFile` class, which should be much faster.
As the number of tests increases (especially things like virus scanning and PHP Codesniffer tests) the time it takes to scan slows. I think this can be addressed with some...
We should flag missed escaping. I do a check with ack, like: ``` ack 'echo \$' ack 'echo get' ``` This finds a majority of missed escaping of variables as...
No need to double up on code - if a theme includes a plugin we already provide, we should flag it on VIP sites.
Need to maintain a list of plugins VIP has reviewed and rejected, and flag their inclusion in a theme.
Should be using [VIP Related Posts](http://vip.wordpress.com/plugins/wpcom-related-posts/) rather than a custom implementation, which is slower and not as accurate. A good enough implementation is to check all function names for `related_posts`...
Catch unprepared SQL - can do pattern matching for common SQL queries (`SELECT`, `INSERT`, `DELETE`, `UPDATE`) and find any matching strings that include variables that haven't been run through `$wpdb->prepare()`.
If a theme is registering and/or enqueuing a custom js or css asset, we should ensure that a unique slug is used. A relatively simple way to do so would...
Any class or function name that is less than X characters long, or does not include at least an underscore can be assumed to be generic. Should take into account...
Sites should never attempt to re-register core types like `post` and `page`.
Metadata
Owner
Metadata
Deprecated: Scan all sorts of themes and files and things! Use PHPCS and the VIP coding standards instead