29 lines
824 B
YAML
29 lines
824 B
YAML
rules:
|
|
- id: extract-user-data
|
|
mode: taint
|
|
pattern-sources:
|
|
- pattern-either:
|
|
- pattern: $_GET[...]
|
|
- pattern: $_FILES[...]
|
|
- pattern: $_POST[...]
|
|
pattern-sinks:
|
|
- pattern: extract(...)
|
|
pattern-sanitizers:
|
|
- pattern: extract($VAR, EXTR_SKIP,...)
|
|
message: Do not call 'extract()' on user-controllable data. If you must, then you
|
|
must also provide the EXTR_SKIP flag to prevent overwriting existing variables.
|
|
languages:
|
|
- php
|
|
metadata:
|
|
license: MIT
|
|
category: security
|
|
cwe: 'CWE-502: Deserialization of Untrusted Data'
|
|
owasp:
|
|
- A08:2021 - Software and Data Integrity Failures
|
|
- A08:2017 - Insecure Deserialization
|
|
technology:
|
|
- php
|
|
references:
|
|
- https://www.php.net/manual/en/function.extract.php#refsect1-function.extract-notes
|
|
severity: ERROR
|