Vulny-Code-Static-Analysis/vulns/tainted-filename.php

<?php

$tainted = $_GET["tainted"];
// ruleid: tainted-filename
hash_file('sha1', $tainted);

// ruleid: tainted-filename
file($tainted);

// ok: tainted-filename
hash_file($tainted, 'file.txt');

// ruleid: tainted-filename
file(dirname($tainted));

// Sanitized
// ok: tainted-filename
file(basename($tainted));
Semgrep rules to replace this script 2022-04-30 13:00:48 +00:00			`<?php`

			`$tainted = $_GET["tainted"];`
			`// ruleid: tainted-filename`
			`hash_file('sha1', $tainted);`

			`// ruleid: tainted-filename`
			`file($tainted);`

			`// ok: tainted-filename`
			`hash_file($tainted, 'file.txt');`

			`// ruleid: tainted-filename`
			`file(dirname($tainted));`

			`// Sanitized`
			`// ok: tainted-filename`
			`file(basename($tainted));`