php.lang.security.backticks-use.backticks-use

semgrep

Author

4,201

Download Count*

LGPL Commons Clause

License

Backticks use may lead to command injection vulnerabilities.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: backticks-use
    pattern: "`...`;"
    message: Backticks use may lead to command injection vulnerabilities.
    metadata:
      cwe:
        - "CWE-94: Improper Control of Generation of Code ('Code Injection')"
      references:
        - https://www.php.net/manual/en/language.operators.execution.php
        - https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/BackticksSniff.php
      category: security
      technology:
        - php
      owasp:
        - A03:2021 - Injection
      cwe2022-top25: true
      subcategory:
        - audit
      likelihood: LOW
      impact: HIGH
      confidence: LOW
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Code Injection
    languages:
      - php
    severity: ERROR

Examples

backticks-use.php

<?php

// ruleid: backticks-use
echo `ping -n 3 {$user_input}`;

Short Link: https://sg.run/4xj9