parse icon indicating copy to clipboard operation
parse copied to clipboard
verified publisher icon psecio

False positive for "ExitOrDie" rule

Open aik099 opened this issue 9 years ago • 5 comments

I'm getting error:

2) core/units/related_searches/related_searches_config.php on line 15
Avoid the use of `exit` or `die` with strings as it could lead to injection issues (direct output)
> defined('FULL_PATH') or die('restricted access!');
For more information execute 'psecio-parse rules ExitOrDie'

when code like this is encountered:

defined('FULL_PATH') or die('restricted access!');

In above code argument to die statement is constant string and can't be used to inject anything.

Proposing not to report issue in that case.

aik099 avatar Aug 07 '16 17:08 aik099

I changed this up in https://github.com/psecio/parse/commit/63f10291182662b7a6e159e94d935a2f80f6d3a2 and it will be included in a future release.

enygma avatar Jun 11 '18 18:06 enygma

Thanks. I'm not seeing any test added to cover changed behavior though.

aik099 avatar Jun 11 '18 19:06 aik099

The test changes were in https://github.com/psecio/parse/commit/1b8ff59f43e020f32d51e11dbe33add64b169751

enygma avatar Jun 11 '18 20:06 enygma

@aik099 Are you okay with me closing this one out? I want to be sure you got your answer...

enygma avatar Jun 20 '18 16:06 enygma

If this rule no longer reports original code I've posted as error, then I'm OK.

aik099 avatar Jun 20 '18 16:06 aik099