70 lines
2.0 KiB
YAML
70 lines
2.0 KiB
YAML
rules:
|
|
- id: openssl-decrypt-validate
|
|
patterns:
|
|
- pattern: openssl_decrypt(...);
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
if($DECRYPTED_STRING === false){
|
|
...
|
|
}
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
if($DECRYPTED_STRING == false){
|
|
...
|
|
}
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
if(false === $DECRYPTED_STRING){
|
|
...
|
|
}
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
if(false == $DECRYPTED_STRING){
|
|
...
|
|
}
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
assertTrue(false !== $DECRYPTED_STRING,...);
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
assertTrue($DECRYPTED_STRING !== false,...);
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
$REFERENCE::assertTrue(false !== $DECRYPTED_STRING,...);
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
$REFERENCE::assertTrue($DECRYPTED_STRING !== false,...);
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
assert(false !== $DECRYPTED_STRING,...);
|
|
- pattern-not-inside: |
|
|
$DECRYPTED_STRING = openssl_decrypt(...);
|
|
...
|
|
assert($DECRYPTED_STRING !== false,...);
|
|
message: The function `openssl_decrypt` returns either a string of the decrypted
|
|
data on success or `false` on failure. If the failure case is not handled, this
|
|
could lead to undefined behavior in your application. Please handle the case where
|
|
`openssl_decrypt` returns `false`.
|
|
languages:
|
|
- php
|
|
severity: WARNING
|
|
metadata:
|
|
references:
|
|
- https://www.php.net/manual/en/function.openssl-decrypt.php
|
|
cwe: 'CWE-252: Unchecked Return Value'
|
|
owasp:
|
|
- A02:2021 - Cryptographic Failures
|
|
technology:
|
|
- php
|
|
- openssl
|
|
category: security
|