Insecure Use of Language/Framework API
This category covers the following PHP APIs:
Why is this important?
PHP, like any other programming language, has dangerous APIs. If these APIs are not used properly, it can have a catastrophic impact on your app. There are several APIs that can allow attackers to cause unintended behavior for your application.
Read below to find out how to fix this issues in your code.
Fixing Insecure Use of Function handling Functions
The following methods are dangerous if used incorrectly:
Option A: Avoid User Input in Function handling Functions
- Go through the issues that GuardRails identified in the PR.
- An example of an insecure usage of
create_function()is shown below.
// Note: create_function is also deprecated as of PHP 7.2.0 create_function($_GET['func']);
- Remove the user input from this.
- Create a normal function that handles user input as arguments.
- Ship it 🚢 and relax 🌴