Verifed by r2c
Community Favorite
profile photo of r2cr2c
Download Count*

Selected rules from phpcs-security-audit, a security checker for PHP, rewritten in Semgrep.

Run Locally

Rules (10)

profile photo of returntocorpreturntocorp

Detected non-constant file inclusion. This can lead to local file inclusion (LFI) or remote file inclusion (RFI) if user input reaches this statement. LFI and RFI could lead to sensitive files being obtained by attackers. Instead, explicitly specify what to include. If that is not a viable solution, validate user input thoroughly.