php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

These functions can be used to delete the files if the data inside the functions are user controlled. Use these functions carefully.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: wp-file-manipulation-audit
    patterns:
      - pattern-either:
          - pattern: unlink(...)
          - pattern: wp_delete_file(...)
    message: These functions can be used to delete the files if the data inside the
      functions are user controlled. Use these functions carefully.
    paths:
      include:
        - wp-content/plugins/**/*.php
    languages:
      - php
    severity: WARNING
    metadata:
      category: security
      confidence: LOW
      likelihood: LOW
      impact: HIGH
      subcategory:
        - audit
      technology:
        - Wordpress Plugins
      references:
        - https://github.com/wpscanteam/wpscan/wiki/WordPress-Plugin-Security-Testing-Cheat-Sheet#file-manipulation
      owasp:
        - A01:2021 - Broken Access Control
        - A08:2021 - Software and Data Integrity Failures
      cwe:
        - "CWE-22: Improper Limitation of a Pathname to a Restricted Directory
          ('Path Traversal')"
        - "CWE-73: The software allows user input to control or influence paths
          of file names that are used in filesystem operations."
        - "CWE-98: Improper Control of Filename for Include/Require Statement in
          PHP Program ('PHP Remote File Inclusion')"
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Code Injection
        - Path Traversal

Examples

wp-file-manipulation-audit.php

<?php

// ruleid: wp-file-manipulation-audit
wp_delete_file( $file_path );

// ruleid: wp-file-manipulation-audit
unlink($file_path);

// ok: wp-file-manipulation-audit
some_other_function($args);


?>