Verifed by r2c
Community Favorite
Download Count*

Selected rules from phpcs-security-audit, a security checker for PHP, rewritten in Semgrep.

Run Locally

Rules (10)

profile photo of semgrepsemgrep

Detected non-constant file inclusion. This can lead to local file inclusion (LFI) or remote file inclusion (RFI) if user input reaches this statement. LFI and RFI could lead to sensitive files being obtained by attackers. Instead, explicitly specify what to include. If that is not a viable solution, validate user input thoroughly.