rules: - id: tainted-filename severity: WARNING message: >- File name based on user input risks server-side request forgery. metadata: technology: - php category: security cwe: "CWE-918: Server-Side Request Forgery (SSRF)" owasp: - A01:2017 - Injection - A10:2021 - Server-Side Request Forgery languages: [php] mode: taint pattern-sources: - patterns: - pattern-either: - pattern: $_GET - pattern: $_POST - pattern: $_COOKIE - pattern: $_REQUEST - pattern: $_SERVER pattern-sanitizers: - patterns: - pattern-either: - pattern-inside: basename($PATH, ...) - pattern-inside: linkinfo($PATH, ...) - pattern-inside: readlink($PATH, ...) - pattern-inside: realpath($PATH, ...) pattern-sinks: - patterns: - pattern-either: - pattern-inside: opcache_compile_file($FILENAME, ...) - pattern-inside: opcache_invalidate($FILENAME, ...) - pattern-inside: opcache_is_script_cached($FILENAME, ...) - pattern-inside: runkit7_import($FILENAME, ...) - pattern-inside: readline_read_history($FILENAME, ...) - pattern-inside: readline_write_history($FILENAME, ...) - pattern-inside: rar_open($FILENAME, ...) - pattern-inside: zip_open($FILENAME, ...) - pattern-inside: gzfile($FILENAME, ...) - pattern-inside: gzopen($FILENAME, ...) - pattern-inside: readgzfile($FILENAME, ...) - pattern-inside: hash_file($ALGO, $FILENAME, ...) - pattern-inside: hash_update_file($CONTEXT, $FILENAME, ...) - pattern-inside: pg_trace($FILENAME, ...) - pattern-inside: dio_open($FILENAME, ...) - pattern-inside: finfo_file($FINFO, $FILENAME, ...) - pattern-inside: mime_content_type($FILENAME, ...) - pattern-inside: chgrp($FILENAME, ...) - pattern-inside: chmod($FILENAME, ...) - pattern-inside: chown($FILENAME, ...) - pattern-inside: clearstatcache($CLEAR_REALPATH_CACHE, $FILENAME, ...) - pattern-inside: file_exists($FILENAME, ...) - pattern-inside: file_get_contents($FILENAME, ...) - pattern-inside: file_put_contents($FILENAME, ...) - pattern-inside: file($FILENAME, ...) - pattern-inside: fileatime($FILENAME, ...) - pattern-inside: filectime($FILENAME, ...) - pattern-inside: filegroup($FILENAME, ...) - pattern-inside: fileinode($FILENAME, ...) - pattern-inside: filemtime($FILENAME, ...) - pattern-inside: fileowner($FILENAME, ...) - pattern-inside: fileperms($FILENAME, ...) - pattern-inside: filesize($FILENAME, ...) - pattern-inside: filetype($FILENAME, ...) - pattern-inside: fnmatch($PATTERN, $FILENAME, ...) - pattern-inside: fopen($FILENAME, ...) - pattern-inside: is_dir($FILENAME, ...) - pattern-inside: is_executable($FILENAME, ...) - pattern-inside: is_file($FILENAME, ...) - pattern-inside: is_link($FILENAME, ...) - pattern-inside: is_readable($FILENAME, ...) - pattern-inside: is_uploaded_file($FILENAME, ...) - pattern-inside: is_writable($FILENAME, ...) - pattern-inside: lchgrp($FILENAME, ...) - pattern-inside: lchown($FILENAME, ...) - pattern-inside: lstat($FILENAME, ...) - pattern-inside: parse_ini_file($FILENAME, ...) - pattern-inside: readfile($FILENAME, ...) - pattern-inside: stat($FILENAME, ...) - pattern-inside: touch($FILENAME, ...) - pattern-inside: unlink($FILENAME, ...) - pattern-inside: xattr_get($FILENAME, ...) - pattern-inside: xattr_list($FILENAME, ...) - pattern-inside: xattr_remove($FILENAME, ...) - pattern-inside: xattr_set($FILENAME, ...) - pattern-inside: xattr_supported($FILENAME, ...) - pattern-inside: enchant_broker_request_pwl_dict($BROKER, $FILENAME, ...) - pattern-inside: pspell_config_personal($CONFIG, $FILENAME, ...) - pattern-inside: pspell_config_repl($CONFIG, $FILENAME, ...) - pattern-inside: pspell_new_personal($FILENAME, ...) - pattern-inside: exif_imagetype($FILENAME, ...) - pattern-inside: getimagesize($FILENAME, ...) - pattern-inside: image2wbmp($IMAGE, $FILENAME, ...) - pattern-inside: imagecreatefromavif($FILENAME, ...) - pattern-inside: imagecreatefrombmp($FILENAME, ...) - pattern-inside: imagecreatefromgd2($FILENAME, ...) - pattern-inside: imagecreatefromgd2part($FILENAME, ...) - pattern-inside: imagecreatefromgd($FILENAME, ...) - pattern-inside: imagecreatefromgif($FILENAME, ...) - pattern-inside: imagecreatefromjpeg($FILENAME, ...) - pattern-inside: imagecreatefrompng($FILENAME, ...) - pattern-inside: imagecreatefromtga($FILENAME, ...) - pattern-inside: imagecreatefromwbmp($FILENAME, ...) - pattern-inside: imagecreatefromwebp($FILENAME, ...) - pattern-inside: imagecreatefromxbm($FILENAME, ...) - pattern-inside: imagecreatefromxpm($FILENAME, ...) - pattern-inside: imageloadfont($FILENAME, ...) - pattern-inside: imagexbm($IMAGE, $FILENAME, ...) - pattern-inside: iptcembed($IPTC_DATA, $FILENAME, ...) - pattern-inside: mailparse_msg_extract_part_file($MIMEMAIL, $FILENAME, ...) - pattern-inside: mailparse_msg_extract_whole_part_file($MIMEMAIL, $FILENAME, ...) - pattern-inside: mailparse_msg_parse_file($FILENAME, ...) - pattern-inside: fdf_add_template($FDF_DOCUMENT, $NEWPAGE, $FILENAME, ...) - pattern-inside: fdf_get_ap($FDF_DOCUMENT, $FIELD, $FACE, $FILENAME, ...) - pattern-inside: fdf_open($FILENAME, ...) - pattern-inside: fdf_save($FDF_DOCUMENT, $FILENAME, ...) - pattern-inside: fdf_set_ap($FDF_DOCUMENT, $FIELD_NAME, $FACE, $FILENAME, ...) - pattern-inside: ps_add_launchlink($PSDOC, $LLX, $LLY, $URX, $URY, $FILENAME, ...) - pattern-inside: ps_add_pdflink($PSDOC, $LLX, $LLY, $URX, $URY, $FILENAME, ...) - pattern-inside: ps_open_file($PSDOC, $FILENAME, ...) - pattern-inside: ps_open_image_file($PSDOC, $TYPE, $FILENAME, ...) - pattern-inside: posix_access($FILENAME, ...) - pattern-inside: posix_mkfifo($FILENAME, ...) - pattern-inside: posix_mknod($FILENAME, ...) - pattern-inside: ftok($FILENAME, ...) - pattern-inside: fann_cascadetrain_on_file($ANN, $FILENAME, ...) - pattern-inside: fann_read_train_from_file($FILENAME, ...) - pattern-inside: fann_train_on_file($ANN, $FILENAME, ...) - pattern-inside: highlight_file($FILENAME, ...) - pattern-inside: php_strip_whitespace($FILENAME, ...) - pattern-inside: stream_resolve_include_path($FILENAME, ...) - pattern-inside: swoole_async_read($FILENAME, ...) - pattern-inside: swoole_async_readfile($FILENAME, ...) - pattern-inside: swoole_async_write($FILENAME, ...) - pattern-inside: swoole_async_writefile($FILENAME, ...) - pattern-inside: swoole_load_module($FILENAME, ...) - pattern-inside: tidy_parse_file($FILENAME, ...) - pattern-inside: tidy_repair_file($FILENAME, ...) - pattern-inside: get_meta_tags($FILENAME, ...) - pattern-inside: yaml_emit_file($FILENAME, ...) - pattern-inside: yaml_parse_file($FILENAME, ...) - pattern-inside: curl_file_create($FILENAME, ...) - pattern-inside: ftp_chmod($FTP, $PERMISSIONS, $FILENAME, ...) - pattern-inside: ftp_delete($FTP, $FILENAME, ...) - pattern-inside: ftp_mdtm($FTP, $FILENAME, ...) - pattern-inside: ftp_size($FTP, $FILENAME, ...) - pattern-inside: rrd_create($FILENAME, ...) - pattern-inside: rrd_fetch($FILENAME, ...) - pattern-inside: rrd_graph($FILENAME, ...) - pattern-inside: rrd_info($FILENAME, ...) - pattern-inside: rrd_last($FILENAME, ...) - pattern-inside: rrd_lastupdate($FILENAME, ...) - pattern-inside: rrd_tune($FILENAME, ...) - pattern-inside: rrd_update($FILENAME, ...) - pattern-inside: snmp_read_mib($FILENAME, ...) - pattern-inside: ssh2_sftp_chmod($SFTP, $FILENAME, ...) - pattern-inside: ssh2_sftp_realpath($SFTP, $FILENAME, ...) - pattern-inside: ssh2_sftp_unlink($SFTP, $FILENAME, ...) - pattern-inside: apache_lookup_uri($FILENAME, ...) - pattern-inside: md5_file($FILENAME, ...) - pattern-inside: sha1_file($FILENAME, ...) - pattern-inside: simplexml_load_file($FILENAME, ...) - pattern: $FILENAME