22 lines
1.0 KiB
YAML
22 lines
1.0 KiB
YAML
rules:
|
|
- id: file-inclusion
|
|
patterns:
|
|
- pattern: $FUNC(...);
|
|
- pattern-not: $FUNC("...");
|
|
- pattern-not: $FUNC(__DIR__ . "...");
|
|
- metavariable-regex:
|
|
metavariable: $FUNC
|
|
regex: \b(include|include_once|require|require_once|virtual)\b
|
|
message: >-
|
|
Detected non-constant file inclusion. This can lead to local file inclusion (LFI) or remote file inclusion (RFI) if user input reaches this statement. LFI and RFI could lead to sensitive files being obtained by attackers. Instead, explicitly specify what to include. If that is not a viable solution, validate user input thoroughly.
|
|
metadata:
|
|
references:
|
|
- https://www.php.net/manual/en/function.include.php
|
|
- https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/EasyRFISniff.php
|
|
- https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Types_of_Inclusion
|
|
category: security
|
|
technology:
|
|
- php
|
|
languages: [php]
|
|
severity: ERROR
|