Skip to main content
The function openssl_decrypt returns either a string of the decrypted data on success or false on failure. If the failure case is not handled, this could lead to undefined behavior in your application. Please handle the case where openssl_decrypt returns false.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-252: Unchecked Return Value
OWASP:
- A02:2021 - Cryptographic Failures
Calling assert with user input is equivalent to eval’ing.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection
I