23 lines
664 B
YAML
23 lines
664 B
YAML
rules:
|
|
- id: md5-loose-equality
|
|
patterns:
|
|
- pattern-either:
|
|
- pattern: $X == $FUNC(...)
|
|
- pattern: $FUNC(...) == $X
|
|
- pattern: $FUNC(...) == $FUNC(...)
|
|
- metavariable-regex:
|
|
metavariable: $FUNC
|
|
regex: md5|md5_file
|
|
message: >-
|
|
Make sure comparisons involving md5 values are strict (use `===` not `==`) to
|
|
avoid type juggling issues
|
|
metadata:
|
|
references:
|
|
- https://www.php.net/manual/en/types.comparisons.php
|
|
- https://www.whitehatsec.com/blog/magic-hashes/
|
|
category: security
|
|
technology:
|
|
- php
|
|
languages: [php]
|
|
severity: ERROR
|