Unsanitized user input in session key

• Rule ID: php_lang_session_key_using_user_input
• Languages: php
• Source: session_key_using_user_input.yml

Description

Unsanitized user input in session key poses a security risk. When user-defined data is directly used in session keys, attackers could be able to manipulate session data or perform unauthorized actions by exploiting the predictability or vulnerability of the session mechanism.

Remediations

• Do not use user-defined data as session keys. This prevents attackers from being able to guess or forge session keys to hijack user sessions.

  $userInput = $_GET["untrusted"];
  call($_SESSION[$userInput]); // unsafe

• Do sanitize user input before incorporating it into session keys. Ensure that any data derived from user input is properly validated and sanitized to prevent injection attacks.

References

• OWASP Session Management Cheat Sheet

Associated CWE

• CWE-1018:

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_session_key_using_user_input

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_session_key_using_user_input