Security
Audit
openssl-decrypt-validate
openssl-decrypt-validate
The function openssl_decrypt
returns either a string of the decrypted data on success or false
on failure. If the failure case is not handled, this could lead to undefined behavior in your application. Please handle the case where openssl_decrypt
returns false
.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-252: Unchecked Return Value
OWASP:
- A02:2021 - Cryptographic Failures
assert-use-audit
assert-use-audit
Calling assert with user input is equivalent to eval’ing.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection