swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Vulny-Code-Static-Analysis/semgrep/ftp-use.yaml

19 lines
577 B
YAML
Raw Blame History

rules:
- id: ftp-use
patterns:
- pattern: $FUNC(...);
- metavariable-regex:
metavariable: $FUNC
regex: ftp_.+
message: >-
FTP allows for unencrypted file transfers. Consider using an encrypted alternative.
metadata:
references:
- https://www.php.net/manual/en/intro.ftp.php
- https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/FringeFunctionsSniff.php
category: security
technology:
- php
languages: [php]
severity: ERROR
Reference in New Issue View Git Blame Copy Permalink