Related
Links:
Tabs
When using the Exclude List (in the Project Areas Exclude List Tab) there are several code related issues that should be considered.
The following describes the instances where it is recommended to add different entities to the Exclude List and how to optimize your selections.
Contents:
Functions Referenced via a Variable
Functions Passed via Arguments
Functions Implementing External Interfaces
Functions Used as Object Callbacks
Functions that are referenced by a variable that holds their name, should be added to the Exclude List.
function do_mysql_query($query)
{ ... }
function do_sqlite_query($query) {
... }
if($db == "mysql")
{
$query_function = "do_mysql_query"
}
else
{
$query_function = "do_sqlite_squery";
}
$result = $query_function ("SELECT * FROM TABLE");
The functions do_mysql_query and do_sqlite_query should be added to the exclude list so their names will stay intact.
Functions that their name is passed to other functions through arguments (callbacks), should be added to the Exclude List. In the code example below, the functions myerror and myfunc are callback functions and should be added to the Exclude List.
function myerror() {
... }
set_error_handler('myerror');
- or -
function myfunc($data)
{ ... }
array_walk($array, 'myfunc');
Functions that implement an external interface (in this example: rewind, valid, current, next and key) should be added to the Exclude List otherwise the c_iter will no longer implement the iterator interface.
class c_iter implements Iterator {
function rewind() { ... }
function valid() { ... }
function current() { ... }
function next() { ... }
function key() { ... }
}
Functions and classes that are related to object callbacks should be added to the Exclude List.
class VariableStream {
function stream_open(...) {}
function stream_read($count)
{}
...
}
stream_wrapper_register("var", "VariableStream");
In this example, the class name VariableStream and its methods (i.e. stream_open, stream_read) must be added to the Exclude List. (See http://www.php.net/manual/en/function.stream-wrapper-register.php for a complete list of callback names, classes and other such functions).
When the code refers to class names (or methods) through strings, the class name (or method name) must stay the same. Therefore the class name must be added to the exclude list (to avoid obfuscation).
Example:
<?php
class MyClass
{
public function printName()
{
echo "John";
}
public function printLastName()
{
echo "Doe";
}
}
$className = "MyClass";
// runtime error: after obfuscation MyClass is no longer the class name
$obj = new $className();
$obj->printName();
// runtime error: after obfuscation MyClass is no longer the class name
$clazz = new ReflectionClass("MyClass");
$obj2 = $clazz->newInstance();
// runtime error: after obfuscation printLastName is no longer the method name
$method = $clazz->getMethod("printLastName");
$method->invoke($obj2);
?>
Autoloading classes will not work since the filename on the disk would not match the obfuscated class name. The classes that are loaded through autoloading must be added to the Exclude List.
Classes, methods and functions that are part of an application API and typically called by a 3rd party cannot be obfuscated (as the obfuscated name cannot be predicted) and must be added to the Exclude list.
|
|
|
|
|
Related
Links: |