swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Vulny-Code-Static-Analysis/semgrep/backticks-use.yaml

15 lines
470 B
YAML
Raw Blame History

rules:
- id: backticks-use
pattern: "`...`;"
message: >-
Backticks use may lead to command injection vulnerabilities.
metadata:
references:
- https://www.php.net/manual/en/language.operators.execution.php
- https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/BackticksSniff.php
category: security
technology:
- php
languages: [php]
severity: ERROR
Reference in New Issue View Git Blame Copy Permalink