php.lang.security.md5-loose-equality.md5-loose-equality

profile photo of semgrepsemgrep
Author
166
Download Count*
LGPL Commons Clause
License

Make sure comparisons involving md5 values are strict (use === not ==) to avoid type juggling issues

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: md5-loose-equality
    patterns:
      - pattern-either:
          - pattern: $X == $FUNC(...)
          - pattern: $FUNC(...) == $X
          - pattern: $FUNC(...) == $FUNC(...)
      - metavariable-regex:
          metavariable: $FUNC
          regex: md5|md5_file
    message: Make sure comparisons involving md5 values are strict (use `===` not
      `==`) to avoid type juggling issues
    metadata:
      cwe:
        - "CWE-697: Incorrect Comparison"
      references:
        - https://www.php.net/manual/en/types.comparisons.php
        - https://www.whitehatsec.com/blog/magic-hashes/
      category: security
      technology:
        - php
      subcategory:
        - audit
      likelihood: LOW
      impact: LOW
      confidence: LOW
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Other
    languages:
      - php
    severity: ERROR

Examples

md5-loose-equality.php

<?php

// ruleid: md5-loose-equality
md5("240610708") == "0";

// ruleid: md5-loose-equality
0 == md5("240610708");

// ruleid: md5-loose-equality
0 == md5_file("file.txt");

// ruleid: md5-loose-equality
md5("240610708") == md5_file("file.txt");

// ok: md5-loose-equality
md5("240610708") === "0";