Security - CodeAnt AI

openssl-cbc-static-iv

Static IV used with AES in CBC mode. Static IVs enable chosen-plaintext attacks against encrypted data.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-329: Generation of Predictable IV with CBC Mode
OWASP:
- A02:2021 - Cryptographic Failures

extract-user-data

Do not call ‘extract()’ on user-controllable data. If you must, then you must also provide the EXTR_SKIP flag to prevent overwriting existing variables.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures

file-inclusion

Detected non-constant file inclusion. This can lead to local file inclusion (LFI) or remote file inclusion (RFI) if user input reaches this statement. LFI and RFI could lead to sensitive files being obtained by attackers. Instead, explicitly specify what to include. If that is not a viable solution, validate user input thoroughly.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
OWASP:
- A03:2021 - Injection

unserialize-use

Calling unserialize() with user input in the pattern can lead to arbitrary code execution. Consider using JSON or structured data approaches (e.g. Google Protocol Buffers).
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures

ldap-bind-without-password

Detected anonymous LDAP bind. This permits anonymous users to execute LDAP statements. Consider enforcing authentication for LDAP.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-287: Improper Authentication
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures

md5-used-as-password

It looks like MD5 is used as a password hash. MD5 is not considered a secure password hash because it can be cracked by an attacker in a short amount of time. Use a suitable password hashing function such as bcrypt. You can use password_hash($PASSWORD, PASSWORD_BCRYPT, $OPTIONS);.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

unlink-use

Using user input when deleting files with unlink() is potentially dangerous. A malicious actor could use this to modify or access files they have no right to.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

base-convert-loses-precision

The function base_convert uses 64-bit numbers internally, and does not correctly convert large numbers. It is not suitable for random tokens such as those used for session tokens or CSRF tokens.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-190: Integer Overflow or Wraparound

php-permissive-cors

Access-Control-Allow-Origin response header is set to ”*”. This will disable CORS Same Origin Policy restrictions.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-346: Origin Validation Error
OWASP:
- A07:2021 - Identification and Authentication Failures

ftp-use

FTP allows for unencrypted file transfers. Consider using an encrypted alternative.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

exec-use

Executing non-constant commands. This can lead to command injection.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection

php-ssrf

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. Dangerous function

FUNCS with payload

DATA
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)

assert-use

Calling assert with user input is equivalent to eval’ing.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection

redirect-to-request-uri

Redirecting to the current request URL may redirect to another domain, if the current path starts with two slashes. E.g. in https://www.example.com//attacker.com, the value of REQUEST_URI is //attacker.com, and redirecting to it will redirect to that domain.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

eval-use

Evaluating non-constant commands. This can lead to command injection.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

weak-crypto

Detected usage of weak crypto function. Consider using stronger alternatives.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-328: Use of Weak Hash
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

mcrypt-use

Mcrypt functionality has been deprecated and/or removed in recent PHP versions. Consider using Sodium or OpenSSL.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-676: Use of Potentially Dangerous Function

phpinfo-use

The ‘phpinfo’ function may reveal sensitive information about your environment.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control

curl-ssl-verifypeer-off

SSL verification is disabled but should not be (currently CURLOPT_SSL_VERIFYPEER= $IS_VERIFIED)
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

tainted-exec

Executing non-constant commands. This can lead to command injection. You should use escapeshellarg() when using command.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection

backticks-use

Backticks use may lead to command injection vulnerabilities.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection

mb-ereg-replace-eval

Calling mb_ereg_replace with user input in the options can lead to arbitrary code execution. The eval modifier (e) evaluates the replacement argument as code.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection

md5-loose-equality

Make sure comparisons involving md5 values are strict (use === not ==) to avoid type juggling issues
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-697: Incorrect Comparison

Get Started