29 lines
852 B
YAML
29 lines
852 B
YAML
rules:
|
|
- id: tainted-object-instantiation
|
|
languages:
|
|
- php
|
|
severity: WARNING
|
|
message: <-
|
|
A new object is created where the class name is based on user input. This
|
|
could lead to remote code execution, as it allows to instantiate any class in
|
|
the application.
|
|
metadata:
|
|
cwe: "CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"
|
|
category: security
|
|
technology:
|
|
- php
|
|
mode: taint
|
|
pattern-sources:
|
|
- patterns:
|
|
- pattern-either:
|
|
- pattern: $_GET
|
|
- pattern: $_POST
|
|
- pattern: $_COOKIE
|
|
- pattern: $_REQUEST
|
|
- pattern: $_SERVER
|
|
pattern-sinks:
|
|
- patterns:
|
|
- pattern-either:
|
|
- pattern-inside: new $SINK(...)
|
|
- pattern: $SINK
|