程式碼掃描

自訂外掛的漏洞（Vulnerability）、程式缺陷（Bug）與安全熱點（Security Hotspot）。

摘要結論

• 自訂外掛發現 20 個程式缺陷（Bug），可能導致非預期行為

共 1 項 / 1 中

程式缺陷

• 問題：自訂外掛發現 20 個程式缺陷（Bug），可能導致非預期行為
• 原因：程式碼邏輯錯誤或未處理的邊界條件
• 建議：依 SonarQube 報告修復 bugs
• 影響：此項影響等級：中
• 驗收：Bugs = 0

掃描範圍

僅掃描自訂程式碼，排除WordPress.org 外掛、商業外掛（WPBakery/Slider Revolution 等）、父主題。

類型	名稱
外掛	ctkpro-invoice
外掛	newebpay
子主題	ctkpro-childtheme
mu-plugins	—

掃描摘要

程式碼行數	2,420
安全評級	A
可靠性評級	C
可維護性評級	A
重複行比例	1.1%

問題統計

類型	數量
漏洞 (Vulnerabilities)	0
Bugs	20
Code Smells	137
Security Hotspots	0

按來源分類

ctkpro-invoice（6）

嚴重度	規則	訊息	檔案
MAJOR	Web:S5256	Add "<th>" headers to this "<table>".	wp-content/plugins/ctkpro-invoice/app/Controllers/InvoiceController.php:38
MINOR	php:S1784	Explicitly mention the visibility of this method "add_admin_capabilities".	wp-content/plugins/ctkpro-invoice/app/Controllers/PermissionController.php:13
MAJOR	php:S836	Review the data-flow - use of uninitialized value.	wp-content/plugins/ctkpro-invoice/app/Models/BankPro.php:53
MAJOR	php:S1145	Remove this "if" statement.	wp-content/plugins/ctkpro-invoice/app/Services/InvoiceService.php:73
MINOR	php:S2003	Replace "require" with "require_once".	wp-content/plugins/ctkpro-invoice/ctkpro-invoice.php:19
MAJOR	Web:PageWithoutTitleCheck	Add a <title> tag to this page.	wp-content/plugins/ctkpro-invoice/public/admin/ctk-invoice-plugin-page.php:9

newebpay（14）

嚴重度	規則	訊息	檔案
MINOR	php:S1784	Explicitly mention the visibility of this method "init_form_fields".	wp-content/plugins/newebpay/class-newebpay.php:98
MAJOR	Web:S5256	Add "<th>" headers to this "<table>".	wp-content/plugins/newebpay/class-newebpay.php:213
MINOR	php:S1784	Explicitly mention the visibility of this method "get_newebpay_args".	wp-content/plugins/newebpay/class-newebpay.php:312
MINOR	php:S1784	Explicitly mention the visibility of this method "thankyou_page".	wp-content/plugins/newebpay/class-newebpay.php:327
MINOR	php:S1784	Explicitly mention the visibility of this method "curl_work".	wp-content/plugins/newebpay/class-newebpay.php:792
MINOR	php:S1784	Explicitly mention the visibility of this method "electronic_invoice".	wp-content/plugins/newebpay/class-newebpay.php:821
MINOR	php:S1784	Explicitly mention the visibility of this method "receive_response".	wp-content/plugins/newebpay/class-newebpay.php:1127
MINOR	php:S1784	Explicitly mention the visibility of this method "generate_newebpay_form".	wp-content/plugins/newebpay/class-newebpay.php:1246
MINOR	php:S1784	Explicitly mention the visibility of this method "receipt_page".	wp-content/plugins/newebpay/class-newebpay.php:1267
MINOR	php:S1784	Explicitly mention the visibility of this method "process_payment".	wp-content/plugins/newebpay/class-newebpay.php:1279
MINOR	php:S1784	Explicitly mention the visibility of this method "payment_fields".	wp-content/plugins/newebpay/class-newebpay.php:1298
MINOR	php:S1784	Explicitly mention the visibility of this method "check_newebpay_response".	wp-content/plugins/newebpay/class-newebpay.php:1303
MINOR	php:S1784	Explicitly mention the visibility of this method "electronic_invoice_fields".	wp-content/plugins/newebpay/class-newebpay.php:1312
MINOR	php:S1784	Explicitly mention the visibility of this method "electronic_invoice_fields_update_order_meta".	wp-content/plugins/newebpay/class-newebpay.php:1547

相關頁

安全設定 ｜ 外掛清單 ｜ 建議調整