openssl-decrypt-validate
openssl-decrypt-validate
The function
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-252: Unchecked Return Value
OWASP:
- A02:2021 - Cryptographic Failures
openssl_decrypt returns either a string of the decrypted data on success or false on failure. If the failure case is not handled, this could lead to undefined behavior in your application. Please handle the case where openssl_decrypt returns false.Likelihood: LOW
Confidence: LOW
CWE:
- CWE-252: Unchecked Return Value
OWASP:
- A02:2021 - Cryptographic Failures
assert-use-audit
assert-use-audit
Calling assert with user input is equivalent to eval’ing.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection