php.lang.security.audit.assert-use-audit.assert-use-audit
semgrepAuthor
unknown
Download Count*
License
Calling assert with user input is equivalent to eval'ing.
Run Locally
Run in CI
Defintion
rules:
- id: assert-use-audit
patterns:
- pattern: assert($ASSERT, ...);
- pattern-not: assert("...", ...);
- metavariable-regex:
metavariable: $ASSERT
regex: \A\$[A-Za-z\[\]\-_'"\$]+(\-\>\w+)?\Z
message: Calling assert with user input is equivalent to eval'ing.
metadata:
owasp:
- A03:2021 - Injection
cwe:
- "CWE-95: Improper Neutralization of Directives in Dynamically
Evaluated Code ('Eval Injection')"
references:
- https://www.php.net/manual/en/function.assert
- https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/AssertsSniff.php
category: security
technology:
- php
confidence: LOW
subcategory:
- audit
likelihood: LOW
impact: HIGH
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Code Injection
languages:
- php
severity: ERROR
Examples
assert-use-audit.php
<?php
// ruleid: assert-use-audit
assert($user_input);
// ruleid: assert-use-audit
assert($_GET['something']);
// ruleid: assert-use-audit
assert($_POST[$param]);
// ruleid: assert-use-audit
assert($someobj->name);
// ok: assert-use-audit
assert('2 > 1');
// ok: assert-use-audit
assert($user_input > 1);
// ok: assert-use-audit
assert($ok < 1 || $ok > 2);
// ok: assert-use-audit
assert($ok->count < 1 || $ok > 2);
// ok: assert-use-audit
assert($ok != "something");
// ok: assert-use-audit
assert($ok!="something");
// ok: assert-use-audit
assert($ok instanceof FakeClass);
// ok: assert-use-audit
assert($ok[$param] instanceof FakeClass);
// ok: assert-use-audit
assert($ok['foo'] instanceof FakeClass);
// ok: assert-use-audit
assert($ok->property instanceof FakeClass);Short Link: https://sg.run/39eb