20 lines
634 B
YAML
20 lines
634 B
YAML
rules:
|
|
- id: mcrypt-use
|
|
patterns:
|
|
- pattern: $FUNC(...);
|
|
- metavariable-regex:
|
|
metavariable: $FUNC
|
|
regex: (mcrypt_|mdecrypt_).+
|
|
message: >-
|
|
Mcrypt functionality has been deprecated and/or removed in recent PHP
|
|
versions. Consider using Sodium or OpenSSL.
|
|
metadata:
|
|
references:
|
|
- https://www.php.net/manual/en/intro.mcrypt.php
|
|
- https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/CryptoFunctionsSniff.php
|
|
category: security
|
|
technology:
|
|
- php
|
|
languages: [php]
|
|
severity: ERROR
|