程式碼掃描

來源：程式碼掃描

摘要結論

• 自訂外掛發現 20 個程式缺陷（Bug），可能導致非預期行為

共 1 項 / 1 中

程式缺陷

• 問題：自訂外掛發現 20 個程式缺陷（Bug），可能導致非預期行為
• 原因：程式碼邏輯錯誤或未處理的邊界條件
• 建議：依 SonarQube 報告修復 bugs
• 影響：此項影響等級：中
• 驗收：Bugs = 0

掃描摘要

指標	數量	處理優先
安全漏洞 (Vulnerability)	0	立即
程式缺陷 (Bug)	20	短期
安全熱點 (Security Hotspot)	0	審查
程式碼異味 (Code Smell)	137	長期

問題明細

newebpay（14 個問題）

嚴重度	規則	訊息	檔案
MAJOR	Web:S5256	Add "<th>" headers to this "<table>".	wp-content/plugins/newebpay/class-newebpay.php:213
MINOR	php:S1784	Explicitly mention the visibility of this method "init_form_fields".	wp-content/plugins/newebpay/class-newebpay.php:98
MINOR	php:S1784	Explicitly mention the visibility of this method "get_newebpay_args".	wp-content/plugins/newebpay/class-newebpay.php:312
MINOR	php:S1784	Explicitly mention the visibility of this method "thankyou_page".	wp-content/plugins/newebpay/class-newebpay.php:327
MINOR	php:S1784	Explicitly mention the visibility of this method "curl_work".	wp-content/plugins/newebpay/class-newebpay.php:792
MINOR	php:S1784	Explicitly mention the visibility of this method "electronic_invoice".	wp-content/plugins/newebpay/class-newebpay.php:821
MINOR	php:S1784	Explicitly mention the visibility of this method "receive_response".	wp-content/plugins/newebpay/class-newebpay.php:1127
MINOR	php:S1784	Explicitly mention the visibility of this method "generate_newebpay_form".	wp-content/plugins/newebpay/class-newebpay.php:1246
MINOR	php:S1784	Explicitly mention the visibility of this method "receipt_page".	wp-content/plugins/newebpay/class-newebpay.php:1267
MINOR	php:S1784	Explicitly mention the visibility of this method "process_payment".	wp-content/plugins/newebpay/class-newebpay.php:1279
MINOR	php:S1784	Explicitly mention the visibility of this method "payment_fields".	wp-content/plugins/newebpay/class-newebpay.php:1298
MINOR	php:S1784	Explicitly mention the visibility of this method "check_newebpay_response".	wp-content/plugins/newebpay/class-newebpay.php:1303
MINOR	php:S1784	Explicitly mention the visibility of this method "electronic_invoice_fields".	wp-content/plugins/newebpay/class-newebpay.php:1312
MINOR	php:S1784	Explicitly mention the visibility of this method "electronic_invoice_fields_update_order_meta".	wp-content/plugins/newebpay/class-newebpay.php:1547

ctkpro-invoice（6 個問題）

嚴重度	規則	訊息	檔案
MAJOR	Web:S5256	Add "<th>" headers to this "<table>".	wp-content/plugins/ctkpro-invoice/app/Controllers/InvoiceController.php:38
MAJOR	php:S836	Review the data-flow - use of uninitialized value.	wp-content/plugins/ctkpro-invoice/app/Models/BankPro.php:53
MAJOR	php:S1145	Remove this "if" statement.	wp-content/plugins/ctkpro-invoice/app/Services/InvoiceService.php:73
MAJOR	Web:PageWithoutTitleCheck	Add a <title> tag to this page.	wp-content/plugins/ctkpro-invoice/public/admin/ctk-invoice-plugin-page.php:9
MINOR	php:S1784	Explicitly mention the visibility of this method "add_admin_capabilities".	wp-content/plugins/ctkpro-invoice/app/Controllers/PermissionController.php:13
MINOR	php:S2003	Replace "require" with "require_once".	wp-content/plugins/ctkpro-invoice/ctkpro-invoice.php:19

操作方式

步驟	動作	負責
1	依上表逐檔修復 CRITICAL/BLOCKER	開發
2	修復 MAJOR Bug	開發
3	審查 Security Hotspot 確認是否為實際漏洞	開發
4	重跑 SonarQube 驗證	維運

驗收

重跑 SonarQube 掃描，Vulnerabilities = 0，Bugs 持續下降。