Using PHP Spike Security Audit Tool on large
source trees / Fixing issues with PHP Spike Security Audit (Fatal
Error: Allowed memory size exhausted)
Whilst Running the PHP Spike Security Audit Tool to audit a php
source files directory containing large number of PHP files,like
let's say 700+ php files produces the following error:
Fatal error: Allowed memory size of 67108864 bytes
exhausted (tried to allocate 71 bytes) in
/usr/local/spike_phpSecAudit_0.27/util/TokenUtils.php on line
85
It's obvious that php spike is written in a way that all audited
php files are stored in memory before being processed.
Therefore the larger amount of php source code targeted to be
audited by the Spike Security PHP Audit tool the highter the amount
of necessery memory by the spike security audit php script.
For that reason it's necessery to increase the allowed amount of
memory that the
php CLI (Command Line Interface)
can consume.
The default value for memory limit on the PHP5 precompiled binary
on Debian Lenny is 16 MB. This value is really low and needs to be
increased in order to be able to run the spike PHP Sec Audit on
directories with many php scripts.
There are basicly two ways to achieve that:
1. Edit /etc/php5/apache2/php.ini on Debian Linux
And Increase the value:
memory_limit = 200M
Increasing the memory_limit from the php.ini configuration is not
really wise since that will lessen your security. So use this only
if you know what you're doing.
2. Or the other possibility to get around the error message is
increase the memory_limit value via the PHP Spike Source Security
Audit script
That is by the way, the better choise IMHO. If you go that way edit
your
run.php script bunled with the
spike_phpSecAudit archive and there make sure you insert on the
second line:
ini_set('memory_limit', '200M');