CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
      • Doctrine
      • Lang
        • Security
        • Security
          • Audit
          • Injection
          • Search-active-debug
          • Search-cookie-secure-false-ini-config
          • Taint-cookie-http-false
          • Taint-cookie-secure-false
          • Taint-unsafe-echo-tag
          • Tainted-code-execution
          • Tainted-command-injection
          • Tainted-curl-injection
          • Tainted-path-traversal
          • Tainted-url-to-connection
          • Tainted-url-to-guzzle-client
          • Tainted-url-to-httpful
          • Tainted-user-input-in-php-script
          • Tainted-user-input-in-script
          • Xml-external-entities-unsafe-entity-loader
          • Xml-external-entities-unsafe-parser-flags
      • Laravel
      • Secrets
      • Symfony
      • Wordpress-plugins
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Audit

openssl-decrypt-validate

The function openssl_decrypt returns either a string of the decrypted data on success or false on failure. If the failure case is not handled, this could lead to undefined behavior in your application. Please handle the case where openssl_decrypt returns false.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-252: Unchecked Return Value
OWASP:
- A02:2021 - Cryptographic Failures

assert-use-audit

Calling assert with user input is equivalent to eval’ing.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection
SecurityInjection
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.