php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit
semgrep
Author
unknown
Download Count*
License
These functions can be used to read to content of the files if the data inside is user-controlled. Don't use the input directly or validate the data properly before passing it to these functions.
Run Locally
Run in CI
Defintion
rules:
- id: wp-file-download-audit
patterns:
- pattern-either:
- pattern: file(...)
- pattern: readfile(...)
- pattern: file_get_contents(...)
message: These functions can be used to read to content of the files if the data
inside is user-controlled. Don't use the input directly or validate the
data properly before passing it to these functions.
paths:
include:
- wp-content/plugins/**/*.php
languages:
- php
severity: WARNING
metadata:
category: security
confidence: LOW
likelihood: LOW
impact: MEDIUM
subcategory:
- audit
technology:
- Wordpress Plugins
references:
- https://github.com/wpscanteam/wpscan/wiki/WordPress-Plugin-Security-Testing-Cheat-Sheet#file-download
cwe:
- "CWE-73: External Control of File Name or Path"
owasp:
- A01:2021 - Broken Access Control
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Path Traversal
Examples
wp-file-download-audit.php
<?php
// ruleid: wp-file-download-audit
$json = file_get_contents( 'php://input' );
// ruleid: wp-file-download-audit
readfile($zip_name);
// ruleid: wp-file-download-audit
$localeFunctions = file($functionNamesFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
// ok: wp-file-download-audit
some_other_function($args);
?>
Short Link: https://sg.run/4gkz