Unsanitized user input in 'echo' function (XSS)

• Rule ID: php_lang_raw_output_using_user_input
• Languages: php
• Source: raw_output_using_user_input.yml

Description

Including unsanitized user input in responses can lead to cross-site scripting (XSS) attacks. This vulnerability exposes your application to malicious scripts injected by attackers, compromising user data and browser security.

Remediations

• Do not include user input directly in the response. This practice can make your application vulnerable to XSS attacks.

  echo "<h1>" . $_GET["title"] . "</h1>" // unsafe

• Do sanitize user input before including it in a response. This step helps prevent malicious code from being executed.

  echo "<h1>" . filter_var($_GET["title"], FILTER_SANITIZE_STRING). "</h1>"

References

• OWASP Cross-Site Scripting (XSS) Cheatsheet

Associated CWE

• CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OWASP Top 10

• A03:2021 - Injection

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_raw_output_using_user_input

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_raw_output_using_user_input