19 lines
618 B
YAML
19 lines
618 B
YAML
rules:
|
|
- id: exec-use
|
|
patterns:
|
|
- pattern: $FUNC(...);
|
|
- pattern-not: $FUNC('...', ...);
|
|
- metavariable-regex:
|
|
metavariable: $FUNC
|
|
regex: exec|passthru|proc_open|popen|shell_exec|system|pcntl_exec|expect_popen
|
|
message: >-
|
|
Executing non-constant commands. This can lead to command injection.
|
|
metadata:
|
|
references:
|
|
- https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/SystemExecFunctionsSniff.php
|
|
category: security
|
|
technology:
|
|
- php
|
|
languages: [php]
|
|
severity: ERROR
|