{"id":334123,"date":"2023-03-21T04:49:47","date_gmt":"2023-03-21T03:49:47","guid":{"rendered":"https:\/\/blog.jetbrains.com\/?post_type=qodana&#038;p=334123"},"modified":"2023-09-04T16:18:13","modified_gmt":"2023-09-04T15:18:13","slug":"secure-your-php-code-with-taint-analysis-by-qodana","status":"publish","type":"qodana","link":"https:\/\/blog.jetbrains.com\/ko\/qodana\/2023\/03\/secure-your-php-code-with-taint-analysis-by-qodana\/","title":{"rendered":"Qodana\uc758 \ud14c\uc778\ud2b8 \ubd84\uc11d\uc73c\ub85c PHP \ucf54\ub4dc\ub97c \ubcf4\ud638\ud558\uc138\uc694"},"content":{"rendered":"<p><em>\uc774 \ube14\ub85c\uadf8 \uac8c\uc2dc\ubb3c\uc740 JetBrains \ucf54\ub4dc \ud488\uc9c8 \ud50c\ub7ab\ud3fc\uc778 Qodana\uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \uac8c\uc2dc\ubb3c\uc785\ub2c8\ub2e4.<\/em> \uc774 \ud50c\ub7ab\ud3fc\uc740 \uc11c\ubc84 \uce21 \uc815\uc801 \ubd84\uc11d \uae30\ub2a5\uc744, \uc6d0\ud558\ub294 CI \ub3c4\uad6c\ub85c \uac00\uc838\uc62c \uc218 \uc788\ub3c4\ub85d \uc124\uacc4\ub418\uc5c8\uc2b5\ub2c8\ub2e4. Qodana\ub294 PhpStorm \ubc0f \uae30\ud0c0 JetBrains IDE\uc640 \ub3d9\uc77c\ud55c \ucf54\ub4dc \uac80\uc0ac \ubc0f \ud504\ub85c\ud30c\uc77c\uc744 \uc0ac\uc6a9\ud558\ubbc0\ub85c IDE\ub294 \ubb3c\ub860 CI \ud658\uacbd\uc5d0\uc11c \uc77c\uad00\ub41c \ucf54\ub4dc \ud488\uc9c8 \uac80\uc0ac\ub97c \ubcf4\uc7a5\ud569\ub2c8\ub2e4.<\/p>\n<p>\ud504\ub85c\uc81d\ud2b8 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\uace0 \uc2dc\uc2a4\ud15c \ubcf4\uc548\uc744 \uce68\ud574\ud558\ub294 \uc77c\uc740 \ub2e8 \ud55c \uba85\uc758 \uc0ac\uc6a9\uc790\ub77c\ub3c4 \ucda9\ubd84\ud788 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uac1c\ubc1c \ud300\uc740 \uc678\ubd80 \uc0ac\uc6a9\uc790\uc758 \uc545\uc131 \uc785\ub825(&#8216;\ud14c\uc778\ud2b8&#8217;)\uc5d0\uc11c \ud504\ub85c\uadf8\ub7a8\uc744 \ubcf4\ud638\ud558\uae30 \uc704\ud574 \uc815\uc801 \ubd84\uc11d \ub8e8\ud2f4\uc5d0 \ud14c\uc778\ud2b8 \uac80\uc0ac\ub97c \ucd94\uac00\ud569\ub2c8\ub2e4.<\/p>\n<p>Qodana \ud300\uc740 \uc62c\ud574 \uccab \ub9b4\ub9ac\uc2a4\ub97c \ud1b5\ud574 EAP\uc5d0\uc11c PHP \ud14c\uc778\ud2b8 \ubd84\uc11d \uae30\ub2a5\uc744 \uc120\ubcf4\uc778 \ubc14 \uc788\uc2b5\ub2c8\ub2e4. \uc774 \uae30\ub2a5\uc740 PHP\uc6a9 Qodana 2023.1 \ubc84\uc804\uc5d0\uc11c\ub9cc \uc9c0\uc6d0\ub429\ub2c8\ub2e4(jetbrains\/qodana-php:2023.1-eap). PHP\uc6a9 Qodana\ub294 JetBrains\uc5d0\uc11c \ucd5c\ucd08\ub85c \ucd9c\uc2dc\ud55c \ub9b0\ud130\uc785\ub2c8\ub2e4. \ub530\ub77c\uc11c \uc0c8\ub85c\uc6b4 \ubcf4\uc548 \uae30\ub2a5\ub3c4 PHP \uac1c\ubc1c\uc790\uac00 \uac00\uc7a5 \uba3c\uc800 \ud14c\uc2a4\ud2b8\ud558\ub3c4\ub85d \uc81c\uacf5\ud558\uace0\uc790 \ud569\ub2c8\ub2e4. \ucda9\ubd84\ud55c \ud53c\ub4dc\ubc31\uc774 \uc218\uc9d1\ub418\uba74 \uc55e\uc73c\ub85c \ub2e4\ub978 \uc5b8\uc5b4\ub3c4 \ucd94\uac00\ud560 \uacc4\ud68d\uc785\ub2c8\ub2e4.<\/p>\n<p>\uc774 \uac8c\uc2dc\ubb3c\uc744 \uc77d\uace0 \ud14c\uc778\ud2b8 \ubd84\uc11d\uc758 \uc815\uc758 \ubc0f Qodana\uc758 \ud14c\uc778\ud2b8 \ubd84\uc11d \ubc29\uc2dd\uc5d0 \ub300\ud574 \uc790\uc138\ud788 \uc54c\uc544\ubcf4\uc138\uc694.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-329272\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/Blog_Featured_image_1280x600_ko_taint.png\" alt=\"\" width=\"2560\" height=\"1200\"><\/figure>\n<p align=\"center\"><a class=\"jb-download-button\" title=\"\ubb34\ub8cc\ub85c Qodana \uc0ac\uc6a9\ud574\ubcf4\uae30\" href=\"https:\/\/www.jetbrains.com\/ko-kr\/qodana\" target=\"_blank\" rel=\"noopener noreferrer\"><i class=\"download-icon\"><\/i>QODANA \uc2dc\uc791\ud558\uae30<\/a><\/p>\n<h2>\ud14c\uc778\ud2b8 \ubd84\uc11d\uc774\ub780?<\/h2>\n<p>\ud14c\uc778\ud2b8\ub780 \uc678\ubd80 \uc0ac\uc6a9\uc790\uac00 \uc218\uc815\ud558\uc5ec \ubcf4\uc548 \uc704\ud5d8\uc744 \ucd08\ub798\ud560 \uc218 \uc788\ub294 \ubaa8\ub4e0 \uac12\uc744 \uc758\ubbf8\ud569\ub2c8\ub2e4. \ucf54\ub4dc\uc5d0 \ud14c\uc778\ud2b8\uac00 \uc788\uc73c\uba70, \uac80\uc99d\ub418\uc9c0 \uc54a\uc740 \uc678\ubd80 \ub370\uc774\ud130\uac00 \ud504\ub85c\uadf8\ub7a8 \uc804\uccb4\uc5d0 \ubc30\ud3ec\ub420 \uc218 \uc788\ub294 \uacbd\uc6b0 \ud574\ucee4\ub294 \ud14c\uc778\ud2b8 \ucf54\ub4dc \uc870\uac01\uc744 \uc2e4\ud589\ud558\uc5ec SQL \uc0bd\uc785, \uc0b0\uc220 \uc624\ubc84\ud50c\ub85c, \ud06c\ub85c\uc2a4 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305, \uacbd\ub85c \uc870\uc791 \ub4f1\uc758 \uacf5\uaca9\uc744 \uc2dc\ub3c4\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc77c\ubc18\uc801\uc73c\ub85c \ud574\ucee4\ub294 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\uc5ec \uc2dc\uc2a4\ud15c\uc744 \ud30c\uad34\ud558\uace0, \uc790\uaca9 \uc99d\uba85 \ubc0f \uae30\ud0c0 \ub370\uc774\ud130\ub97c \ud0c8\ucde8\ud558\uba70 \uc2dc\uc2a4\ud15c \ub3d9\uc791\uc744 \uc870\uc791\ud569\ub2c8\ub2e4.<\/p>\n<p><!--more--><\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-330043\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-34.png\" alt=\"\" width=\"1530\" height=\"590\"><figcaption>\ud14c\uc778\ud2b8 \uc608\uc2dc. \ud654\uba74\uc5d0 GET \ub9e4\uac1c\ubcc0\uc218\uc758 \uc784\uc758 \ub370\uc774\ud130\uac00 \ud45c\uc2dc\ub429\ub2c8\ub2e4. \uc608\ub97c \ub4e4\uc5b4, \uc545\uc131 \uc0ac\uc6a9\uc790\ub294 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\uc5ec \ud504\ub85c\uadf8\ub7a8\uc758 \ub808\uc774\uc544\uc6c3\uc744 \ubcc0\uacbd\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/figcaption><\/figure>\n<p>\uac1c\ubc1c \ud300\uc740 \uc545\uc131 \uc785\ub825\uc5d0 \ub300\ud55c \ucd94\uac00 \ubc29\uc5b4\ub97c \uad6c\ucd95\ud558\uae30 \uc704\ud574 \ud504\ub85c\uadf8\ub7a8\uc758 \uacf5\uaca9 \ub178\ucd9c\uba74\uc5d0\uc11c \ubcf4\uc548 \uac10\uc0ac\ub97c \uc2e4\ud589\ud560 \ub54c \ud14c\uc778\ud2b8 \ubd84\uc11d\uc744 \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n<p><strong>\ud14c\uc778\ud2b8 \ubd84\uc11d\uc740 \ud568\uc218 \ub610\ub294 \uba54\uc11c\ub4dc \ubcf8\ubb38 \uc804\uccb4\uc5d0\uc11c \uc2e0\ub8b0\ud560 \uc218 \uc5c6\ub294 \uc0ac\uc6a9\uc790 \uc785\ub825\uc758 \ud750\ub984\uc744 \ud3c9\uac00\ud558\ub294 \ud504\ub85c\uc138\uc2a4\uc785\ub2c8\ub2e4. \uc774 \ubd84\uc11d\uc758 \ud575\uc2ec \ubaa9\ud45c\ub294 \uc608\uae30\uce58 \uc54a\uc740 \uc785\ub825\uc774 \ud504\ub85c\uadf8\ub7a8 \uc2e4\ud589\uc5d0 \ubd80\uc815\uc801 \uc601\ud5a5\uc744 \ubbf8\uce60 \uc218 \uc788\ub294\uc9c0 \ud310\ub2e8\ud558\ub294 \uac83\uc785\ub2c8\ub2e4.<\/strong><\/p>\n<p><strong>\ud14c\uc778\ud2b8 \uc18c\uc2a4<\/strong>\ub780 \uc7a0\uc7ac\uc801 \uc624\uc5fc \uac00\ub2a5\uc131\uc774 \uc788\ub294 \ub370\uc774\ud130\uc5d0 \ud504\ub85c\uadf8\ub7a8\uc774 \uc561\uc138\uc2a4\ud558\ub294 \uc704\uce58\uc785\ub2c8\ub2e4. \ub610\ud55c \uc624\uc5fc\ub41c \uc785\ub825\uc744 \ud5c8\uc6a9\ud558\uae30 \uc26c\uc6b4 \ud504\ub85c\uadf8\ub7a8\uc758 \ud575\uc2ec \ubd80\ubd84\uc744 <strong>\ud14c\uc778\ud2b8 \uc2f1\ud06c<\/strong>\ub77c\uace0 \ud569\ub2c8\ub2e4. \uc774 \ub370\uc774\ud130\ub294 \ud568\uc218 \ud638\ucd9c \ub610\ub294 \ub300\uc785\uc744 \ud1b5\ud574 \uc2f1\ud06c\ub85c \uc804\ub2ec\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc218\ub3d9\uc73c\ub85c \ud14c\uc778\ud2b8 \ubd84\uc11d\uc744 \uc2e4\ud589\ud560 \uacbd\uc6b0 \uc678\ubd80 \uc0ac\uc6a9\uc790\ub85c\ubd80\ud130 \ub370\uc774\ud130\ub97c \ubc1b\ub294 \ubaa8\ub4e0 \uc704\uce58\ub97c \ud30c\uc545\ud558\uace0 \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uac01 \ub370\uc774\ud130 \uc870\uac01\uc758 \ud750\ub984\uc744 \ucd94\uc801\ud574\uc57c \ud569\ub2c8\ub2e4. \uc624\uc5fc\ub41c \ub370\uc774\ud130\uac00 \uc218\uc2ed \uac1c\uc758 \ub178\ub4dc\uc5d0\uc11c \uc0ac\uc6a9\ub420 \uc218 \uc788\uae30 \ub54c\ubb38\uc785\ub2c8\ub2e4. \ub2e4\uc74c\uc73c\ub85c, \ud14c\uc778\ud2b8 \uc804\ub2ec\uc744 \ubc29\uc9c0\ud558\ub824\uba74 \uc544\ub798\uc758 \ub450 \uac00\uc9c0 \uc811\uadfc \ubc29\uc2dd \uc911 \ud558\ub098\ub97c \ucde8\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n<ol>\n<li><strong>\ub370\uc774\ud130 \uc548\uc804\uc131 \uac80\uc0ac<\/strong>. \uc989, \ub370\uc774\ud130\ub97c \uc548\uc804\ud55c \uc0c1\ud0dc\ub85c \ubcc0\ud658\ud569\ub2c8\ub2e4. \uc544\ub798 \uc608\uc2dc\uc758 \uacbd\uc6b0 \ud14c\uc778\ud2b8\ub97c \ud574\uacb0\ud558\uae30 \uc704\ud574 \ud0dc\uadf8\ub97c \uc81c\uac70\ud588\uc2b5\ub2c8\ub2e4.&nbsp;<\/li>\n<\/ol>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-329878\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-24.png\" alt=\"\" width=\"1600\" height=\"249\"><\/figure>\n<ol start=\"2\">\n<li><strong>\ub370\uc774\ud130 \uc720\ud6a8\uc131 \uac80\uc0ac<\/strong>. \uc989, \ucd94\uac00\ub41c \ub370\uc774\ud130\uc758 \ud544\uc218 \ud328\ud134 \uc900\uc218 \uc5ec\ubd80\ub97c \ud655\uc778\ud569\ub2c8\ub2e4. \uc544\ub798 \uc608\uc2dc\uc758 \uacbd\uc6b0 <code>$<\/code><code>email<\/code> \ubcc0\uc218\uc5d0 \ub300\ud55c \uc720\ud6a8\uc131 \uac80\uc0ac\ub97c \ud65c\uc131\ud654\ud588\uc2b5\ub2c8\ub2e4.&nbsp;<\/li>\n<\/ol>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-329926\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-25.png\" alt=\"\" width=\"1600\" height=\"365\"><\/figure>\n<p>\uc989, \ud14c\uc778\ud2b8 \ubd84\uc11d \uac80\uc0ac\uac00 \ud65c\uc131\ud654\ub418\uba74 \uc18c\uc2a4\uc5d0\uc11c \uc2f1\ud06c\uae4c\uc9c0 \uc0ac\uc6a9\uc790\uc758 \ud14c\uc778\ud2b8 \ub370\uc774\ud130\ub97c \ucd94\uc801\ud558\uace0, \ub370\uc774\ud130 \uc548\uc815\uc131 \ub610\ub294 \uc720\ud6a8\uc131 \uac80\uc0ac \uc2e4\ud589 \uc5c6\uc774 \ub370\uc774\ud130\ub97c \uc0ac\uc6a9\ud560 \ub54c \uacbd\uace0\ub97c \ud45c\uc2dc\ud569\ub2c8\ub2e4.<\/p>\n<h2>Qodana \ud14c\uc778\ud2b8 \ubd84\uc11d \uc791\ub3d9 \ubc29\uc2dd<\/h2>\n<p>PHP\uc6a9 Qodana\uc758 2023.1 EAP \ubc84\uc804\ubd80\ud130 \ud14c\uc778\ud2b8 \ubd84\uc11d\uc774 \uc2e4\ud589\ub429\ub2c8\ub2e4. \ucf54\ub4dc\ub97c \uc2a4\uce94\ud558\uace0 \uc624\uc5fc \ubc0f \uc7a0\uc7ac\uc801 \ucde8\uc57d\uc131\uc744 \uac15\uc870 \ud45c\uc2dc\ud558\ub294 \uac80\uc0ac, PhpStorm\uc5d0\uc11c \ubb38\uc81c\ub97c \uc5f4\uc5b4 \uc989\uc2dc \ud574\uacb0\ud558\ub294 \uae30\ub2a5, \ud14c\uc778\ud2b8 \ud750\ub984\uc744 \uc2dc\uac01\ud654\ud558\ub294 \ub370\uc774\ud130 \ud750\ub984 \uadf8\ub798\ud504\uac00 \ubd84\uc11d \uae30\ub2a5\uc5d0 \ud3ec\ud568\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h3>\uc608\uc2dc 1. SQL \uc0bd\uc785<\/h3>\n<p>SQL \uc0bd\uc785\uc758 \uc608\uc2dc\uc640 Qodana\uc5d0\uc11c \uc774\ub97c \ud0d0\uc9c0\ud558\ub294 \ubc29\uc2dd\uc744 \uc0b4\ud3b4\ubcf4\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-329937\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-26.png\" alt=\"\" width=\"1600\" height=\"825\"><\/figure>\n<p>Qodana\ub294 <code>system_admin()<\/code> \ud568\uc218\uc5d0\uc11c \ub2e4\uc74c\uacfc \uac19\uc740 \ud14c\uc778\ud2b8\ub97c \ud45c\uc2dc\ud569\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 1~2: <code>$<\/code><code>_POST<\/code> \uc804\uc5ed \ubc30\uc5f4\uc5d0\uc11c \uac00\uc838\uc628 \uc0ac\uc6a9\uc790 \uc591\uc2dd\uc758 \uc785\ub825 \ub370\uc774\ud130\uac00 \uc548\uc804\uc131 \ub610\ub294 \uc720\ud6a8\uc131 \uac80\uc0ac\ub97c \uac70\uce58\uc9c0 \uc54a\uace0 \ubcc0\uc218 <code>$<\/code><code>edit<\/code>\uc5d0 \ub300\uc785\ub429\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uacbd\uc6b0 <strong>\ud14c\uc778\ud2b8<\/strong>\uc785\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 3: \ud14c\uc778\ud2b8\uac00 \uc788\ub294 <code>$<\/code><code>edit<\/code> \ubcc0\uc218\ub294 \uc801\uc808\ud55c \uc548\uc804\uc131 \uac80\uc0ac \uc5c6\uc774 <code>system_save_settings<\/code> \ud568\uc218\uc5d0 \uc778\uc218\ub85c \uc804\ub2ec\ub429\ub2c8\ub2e4.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-329949\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-27.png\" alt=\"\" width=\"1600\" height=\"527\"><\/figure>\n<p>\ub9c8\ucee4 4: <code>$<\/code><code>edit<\/code> \ubcc0\uc218\uc758 \ub370\uc774\ud130\uac00<code>$<\/code><code>edit<\/code> \ub9e4\uac1c\ubcc0\uc218\uc5d0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 5: <code>$<\/code><code>edit<\/code> \ubcc0\uc218\uac00 \ud0a4(<code>$<\/code><code>filename<\/code>)\uc640 \uac12(<code>$<\/code><code>status<\/code>)\uc744 \uac16\uace0 foreach\uc5d0 \uc804\ub2ec\ub429\ub2c8\ub2e4. \ub450 \ubcc0\uc218 \ubaa8\ub450 \ubb38\uc790\uc5f4\uacfc \uc5f0\uacb0\ub41c <code>$<\/code><code>edit<\/code> \ubcc0\uc218\uc758 \ud14c\uc778\ud2b8 \ub370\uc774\ud130\ub97c \ud3ec\ud568\ud569\ub2c8\ub2e4. <code>$<\/code><code>filename<\/code> \ud0a4\ub294 \ud14c\uc778\ud2b8\uac00 \uc788\ub294 SQL \ubb38\uc790\uc5f4\uacfc \uc5f0\uacb0\ub418\uace0, \ud14c\uc778\ud2b8 \ub370\uc774\ud130\ub97c db_query\uc5d0 \uc778\uc218\ub85c \uc804\ub2ec\ud569\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 6: <code>$filename<\/code> \ud0a4\uc5d0\ub294 \ubb38\uc790\uc5f4\uacfc \uc5f0\uacb0\ub41c <code>$<\/code><code>edit<\/code> \ubcc0\uc218\uc758 \ud14c\uc778\ud2b8 \ub370\uc774\ud130\uac00 \ud3ec\ud568\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 7: <code>$filename<\/code> \ud0a4\ub294 \ud14c\uc778\ud2b8\uac00 \uc788\ub294 SQL \ubb38\uc790\uc5f4\uacfc \uc5f0\uacb0\ub429\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 8: \ud14c\uc778\ud2b8\uac00 \uc788\ub294 SQL \ubb38\uc790\uc5f4\uc740 \ud14c\uc778\ud2b8 \ub370\uc774\ud130\ub97c <code>db_query<\/code>\uc5d0 \uc778\uc218\ub85c \uc804\ub2ec\ud569\ub2c8\ub2e4.<\/p>\n<p>\uc774\uc81c <code>db_query<\/code>\ub97c \uc0b4\ud3b4\ubcf4\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-329960\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-28.png\" alt=\"\" width=\"1600\" height=\"571\"><\/figure>\n<p>\ub9c8\ucee4 9: \ud14c\uc778\ud2b8\uac00 \uc788\ub294 \ubb38\uc790\uc5f4\uc774 <code>$query<\/code> \ub9e4\uac1c\ubcc0\uc218\uc5d0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 10: \uc774 \ub9e4\uac1c\ubcc0\uc218\ub294 <code>_db_query<\/code> \ud568\uc218\uc758 \uc778\uc218\uac00 \ub429\ub2c8\ub2e4.<\/p>\n<p>\uc774\uc81c <code>_db_query<\/code> \ud568\uc218\ub97c \uc0b4\ud3b4\ubcf4\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-330032\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-33.png\" alt=\"\" width=\"1600\" height=\"680\"><\/figure>\n<p>\ub9c8\ucee4 11: \ud14c\uc778\ud2b8 \ub370\uc774\ud130\uac00 <code>_db_query<\/code> \ud568\uc218\uc758 \uccab \ubc88\uc9f8 \ub9e4\uac1c\ubcc0\uc218 <code>$query<\/code>\uc5d0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 12: \ub9e4\uac1c\ubcc0\uc218\uc758 \ub370\uc774\ud130\uac00 \uc2f1\ud06c\uc778 <code>mysql_query<\/code> \ud568\uc218\ub85c \uc804\ub2ec\ub429\ub2c8\ub2e4.<\/p>\n<p>\uc704\uc758 \uc804\uccb4 \ub370\uc774\ud130 \ud750\ub984\uc740 \ub370\uc774\ud130\uac00 \uc548\uc815\uc131 \ub610\ub294 \uc720\ud6a8\uc131 \uac80\uc0ac\ub97c \uac70\uce58\uc9c0 \uc54a\uace0 <code>$<\/code><code>_POST[\u201cedit\u201d]<\/code>\uc5d0\uc11c <code>mysql_query($query)<\/code>\ub85c \uc804\ub2ec\ub418\ub294 \ubc29\uc2dd\uc744 \ubcf4\uc5ec\uc90d\ub2c8\ub2e4. \uc774\ub54c \uacf5\uaca9\uc790\ub294 <code>$<\/code><code>_POST[\u201cedit\u201d]<\/code> \ud0a4\uc640 \uc5f0\uacb0\ub41c SQL \ucffc\ub9ac\ub97c \uc870\uc791\ud558\uace0 <strong>SQL \uc0bd\uc785<\/strong>\uc744 \ud2b8\ub9ac\uac70\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.&nbsp;<\/p>\n<p>Qodana\ub294 \ucf54\ub4dc\ubca0\uc774\uc2a4 \ubc0f \ud14c\uc778\ud2b8 \ub370\uc774\ud130\uac00 \uc0ac\uc6a9\ub418\ub294 \ubaa8\ub4e0 \ub178\ub4dc\uc5d0\uc11c \uc774\ub7ec\ud55c \uc704\ud5d8\uc744 \ud0d0\uc9c0\ud558\uace0, \uc801\uc2dc\uc5d0 \ubaa8\ub4e0 \ud14c\uc778\ud2b8 \ub370\uc774\ud130\uc758 \uc548\uc815\uc131\uc744 \uac80\uc0ac\ud569\ub2c8\ub2e4.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/resources.jetbrains.com\/storage\/products\/blog\/wp-content\/uploads\/Qodana\/taint-open.gif\" alt=\"\"><p><\/p>\n<figcaption>PhpStorm\uc5d0\uc11c \uc774\uc288 \uc5f4\uae30<\/figcaption>\n<\/figure>\n<h3>\uc608\uc2dc 2. XSS \ubb38\uc81c<\/h3>\n<p>Qodana UI\uc5d0\uc11c \uc804\uccb4 \ud14c\uc778\ud2b8 \ud750\ub984\uc744 \uc2dc\uac01\ud654\ud558\ub294 \uadf8\ub798\ud504\ub97c \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. Qodana\uac00 \ub9c8\ucee4 5\uc5d0 \ubcd1\ud569\ub420 2\uac1c\uc758 \uc18c\uc2a4\ub97c \ud3ec\ud568\ud558\ub294 XSS \ucde8\uc57d\uc131\uc744 \uc2dc\uac01\ud654\ud558\ub294 \ubc29\uc2dd\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-329971\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-29.png\" alt=\"\" width=\"1310\" height=\"750\"><\/figure>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-329982\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-30.png\" alt=\"\" width=\"1170\" height=\"714\"><\/figure>\n<p><strong>\uc18c\uc2a4 1<\/strong><\/p>\n<p>\ub9c8\ucee4 1~2: searchUpdate.pos \ud30c\uc77c\uc758 \ub370\uc774\ud130\ub97c \uc77d\uace0 \ud14c\uc778\ud2b8 \ub370\uc774\ud130\ub97c <code>$<\/code><code>start<\/code> \ubcc0\uc218\uc5d0 \ub300\uc785\ud569\ub2c8\ub2e4.<\/p>\n<p><strong>\uc18c\uc2a4 2<\/strong><\/p>\n<p>\ub9c8\ucee4 3-4: \uacbd\ub85c\uac00 <code>$<\/code><code>posFile<\/code>\uc5d0 \uc788\ub294 \ud30c\uc77c\uc758 \ub370\uc774\ud130\ub97c \uc77d\uace0 \ud14c\uc778\ud2b8 \ub370\uc774\ud130\ub97c <code>$<\/code><code>start<\/code> \ubcc0\uc218\uc5d0 \ub300\uc785\ud569\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 5: <code>$<\/code><code>start<\/code> \ubcc0\uc218\uc758 \ubaa8\ub4e0 \uc870\uac74 \ube0c\ub79c\uce58\uc5d0\uc11c \ubcd1\ud569\ub41c \ud14c\uc778\ud2b8 \uc0c1\ud0dc\uac00 doUpdateSearchIndex \uba54\uc11c\ub4dc\uc5d0 \uc778\uc218\ub85c \uc804\ub2ec\ub429\ub2c8\ub2e4.<\/p>\n<p><code>doUpdateSearchIndex<\/code> \uba54\uc11c\ub4dc\ub97c \uc0b4\ud3b4\ubcf4\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-329994\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-31.png\" alt=\"\" width=\"1170\" height=\"522\"><\/figure>\n<p>\ub9c8\ucee4 6~8: <code>$start<\/code> \ub9e4\uac1c\ubcc0\uc218\ub294 \uc774 \ub370\uc774\ud130 \ud750\ub984 \uc870\uac01\uc758 \ud14c\uc778\ud2b8 \ub370\uc774\ud130\ub97c \ud3ec\ud568\ud569\ub2c8\ub2e4. \uc774\ud6c4 \uc5f0\uacb0\ub41c \ubb38\uc790\uc5f4 \ub0b4\uc5d0\uc11c &#8216;output&#8217; \uba54\uc11c\ub4dc\uc758 \uc778\uc218\ub85c \uc804\ub2ec\ub429\ub2c8\ub2e4.<\/p>\n<p><code>output<\/code> \uba54\uc11c\ub4dc\ub97c \uc0b4\ud3b4\ubcf4\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" class=\"wp-image-330005\" src=\"https:\/\/blog.jetbrains.com\/wp-content\/uploads\/2023\/03\/image-32.png\" alt=\"\" width=\"1170\" height=\"764\"><\/figure>\n<p>\ub9c8\ucee4 9: \uc804\uc1a1\ub41c \ubb38\uc790\uc5f4\uc5d0 \ud3ec\ud568\ub41c \ud14c\uc778\ud2b8 \ub370\uc774\ud130\uac00 <code>$<\/code><code>out<\/code> \ub9e4\uac1c\ubcc0\uc218\uc5d0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ub9c8\ucee4 10: <code>$<\/code><code>out<\/code> \ub9e4\uac1c\ubcc0\uc218\uc758 \ub370\uc774\ud130\ub294 \uc548\uc815\uc131 \uac80\uc0ac\ub97c \uac70\uce58\uc9c0 \uc54a\uace0 <code>print<\/code> \ud568\uc218\ub85c \uc804\ub2ec\ub429\ub2c8\ub2e4. \uc774 \ud568\uc218\uac00 \uc2f1\ud06c\uc774\uba70, \uc545\uc6a9\ub420 \uc218 \uc788\ub294 XSS \ucde8\uc57d\uc810\uc744 \ucd08\ub798\ud569\ub2c8\ub2e4.<\/p>\n<p>\uc774 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\ub294 \uacf5\uaca9\uc790\ub294 \ub9c8\ucee4 1\uacfc 2\uc5d0 \uc608\uc0c1\ub418\ub294 \ud30c\uc77c \ub300\uc2e0 \uc178 \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc5c5\ub85c\ub4dc\ud558\ub294 \uacf5\uaca9\uc744 \ud560 \uc218 \uc788\uc73c\uba70, <code>print<\/code> \ud568\uc218\uc5d0 \ub300\ud55c \uc548\uc815\uc131 \uac80\uc0ac\uac00 \uc2dc\ud589\ub418\uc9c0 \uc54a\uc558\uc73c\ubbc0\ub85c \uc6f9 \ud398\uc774\uc9c0\uc5d0 \ubaa8\ub4e0 \uc815\ubcf4\ub97c \uc785\ub825\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>Qodana\ub294 \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc5d0 \ub300\ud55c \uacbd\uace0\ub97c \ud45c\uc2dc\ud558\uace0, \ub192\uc740 \uc6b0\uc120\uc21c\uc704\ub97c \ubd80\uc5ec\ud558\uc5ec \uc870\uc18d\ud788 \ubb38\uc81c\ub97c \ud574\uacb0\ud558\uace0 \ud574\ud0b9\uc744 \ubc29\uc9c0\ud558\ub3c4\ub85d \uc9c0\uc6d0\ud569\ub2c8\ub2e4.<\/p>\n<h2>\uacb0\ub860<\/h2>\n<p>\ud14c\uc778\ud2b8 \ubd84\uc11d\uc740 \uc545\uc6a9 \uac00\ub2a5\ud55c \uacf5\uaca9 \ub178\ucd9c\uba74\uc744 \uc81c\uac70\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub418\ubbc0\ub85c \uc18c\ud504\ud2b8\uc6e8\uc5b4\uc758 \ubcf4\uc548 \uc704\ud5d8\uc744 \uc904\uc774\ub294 \ud6a8\uacfc\uc801\uc778 \ubc29\ubc95\uc785\ub2c8\ub2e4. \ud14c\uc778\ud2b8 \ubd84\uc11d \ubc0f Qodana\uc5d0 \ub300\ud574 \uc790\uc138\ud788 \uc54c\uc544\ubcf4\ub824\uba74 <a title=\"https:\/\/www.jetbrains.com\/help\/qodana\/getting-started.html\" href=\"https:\/\/www.jetbrains.com\/help\/qodana\/2023.1\/taint-analysis.html\" target=\"_blank\" rel=\"noreferrer noopener\">Qodana \ubb38\uc11c<\/a>\ub97c \ucc38\uc870\ud558\uc138\uc694.<\/p>\n<p align=\"center\"><a class=\"jb-download-button\" title=\"Qodana \uc2dc\uc791\ud558\uae30\" href=\"https:\/\/www.jetbrains.com\/ko-kr\/qodana\" target=\"_blank\" rel=\"noopener noreferrer\"><i class=\"download-icon\"><\/i>Qodana \uc2dc\uc791\ud558\uae30<\/a><\/p>\n<p>\ucf54\ub4dc\ub97c \uc548\uc804\ud558\uac8c \uc720\uc9c0\ud558\uba74\uc11c, \uc990\uac81\uac8c \uac1c\ubc1c\ud558\uc138\uc694!<\/p>\n<p><em>\uac8c\uc2dc\ubb3c \uc6d0\ubb38 \uc791\uc131\uc790<\/em><\/p>\n\n    <div class=\"about-author \">\n        <div class=\"about-author__box\">\n            <div class=\"row\">\n                <div class=\"about-author__box-img\">\n                    <img decoding=\"async\" src=\"https:\/\/secure.gravatar.com\/avatar\/?s=200&#038;r=g\" width=\"200\" height=\"200\" alt=\"\" loading=\"lazy\"  class=\"avatar avatar-200 wp-user-avatar wp-user-avatar-200 photo avatar-default\">\n                <\/div>\n                <div class=\"about-author__box-text\">\n                                                        <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n","protected":false},"author":964,"featured_media":334516,"comment_status":"closed","ping_status":"closed","template":"","categories":[4089,947,89,907,6366],"tags":[991,76,190,45,477],"cross-post-tag":[6637],"acf":[],"_links":{"self":[{"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/qodana\/334123"}],"collection":[{"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/qodana"}],"about":[{"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/types\/qodana"}],"author":[{"embeddable":true,"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/users\/964"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/comments?post=334123"}],"version-history":[{"count":10,"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/qodana\/334123\/revisions"}],"predecessor-version":[{"id":334547,"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/qodana\/334123\/revisions\/334547"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/media\/334516"}],"wp:attachment":[{"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/media?parent=334123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/categories?post=334123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/tags?post=334123"},{"taxonomy":"cross-post-tag","embeddable":true,"href":"https:\/\/blog.jetbrains.com\/ko\/wp-json\/wp\/v2\/cross-post-tag?post=334123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}