Annotations (PHP)

RIPS Annotations enable to fine-tune RIPS code analysis from within your source code. The following annotations are automatically recognized and parsed by RIPS.


The Ignore Annotation introduced in RIPS 3.1 allows any statement or expression to be ignored.
At this time this annotation is only usable for PHP applications and it can be used to avoid false positives during development in conjunction with the RIPS Static Code Analysis Engine.
The element following the annotation is not included in the Control and Data Flow Graph (CFG/DFG) and is therefore excluded from the analysis.
Using of the ignore annotation can significantly alter the analysis results and should be used with caution.

Usage Examples
// @RIPS\Annotation\Ignore
$hash = md5($something) // ignore warning about weak hash algorithm

$foo = 'static string';
/** @RIPS\Annotation\Ignore */
$foo .= $_GET['userinput'];
print($foo); // ignore XSS warning for userinput