php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit

semgrep

Author

unknown

Download Count*

LGPL Commons Clause

License

These are some of the patterns used for authorisation. Look properly if the authorisation is proper or not.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: wp-authorisation-checks-audit
    patterns:
      - pattern: $FUNCTION(...)
      - metavariable-regex:
          metavariable: $FUNCTION
          regex: current_user_can|is_admin|is_user_logged_in|is_user_admin
    message: These are some of the patterns used for authorisation. Look properly if
      the authorisation is proper or not.
    paths:
      include:
        - wp-content/plugins/**/*.php
    languages:
      - php
    severity: WARNING
    metadata:
      category: security
      confidence: LOW
      likelihood: LOW
      impact: MEDIUM
      subcategory:
        - audit
      technology:
        - Wordpress Plugins
      references:
        - https://github.com/wpscanteam/wpscan/wiki/WordPress-Plugin-Security-Testing-Cheat-Sheet#authorisation
      owasp:
        - A01:2021 - Broken Access Control
      cwe:
        - "CWE-285: Improper Authorization"
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Improper Authorization

Examples

wp-authorisation-checks-audit.php

<?php

// ruleid: wp-authorisation-checks-audit
if ( is_admin() ) {
}

// ruleid: wp-authorisation-checks-audit
return is_user_logged_in() ? get_current_user_id() : '';

// ruleid: wp-authorisation-checks-audit
if ( ! current_user_can( 'install_languages' ) ) {

}

// ok: wp-authorisation-checks-audit
get_current_user_id();



?>

Short Link: https://sg.run/DqeP