Unsanitized user input in code generation

• Rule ID: php_lang_reflection_using_user_input
• Languages: php
• Source: reflection_using_user_input.yml

Description

Unsanitized user input in code generation can lead to code injection vulnerabilities. This occurs when an application dynamically generates or manipulates code using data provided by the user without proper sanitization.

Remediations

• Do not use user-supplied input directly in code generation or reflection mechanisms. This practice can introduce severe security vulnerabilities.

  $class = new ReflectionClass($_GET["class"]) // unsafe

• Do validate and sanitize all user input used in code generation to ensure it does not contain malicious code. Use a whitelist approach, allowing only known safe values.
• Do employ security mechanisms such as input validation libraries or frameworks that specifically address code injection risks.

References

• OWASP Code injection explained

Associated CWE

• CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

OWASP Top 10

• A03:2021 - Injection

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_reflection_using_user_input

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_reflection_using_user_input