CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
        • Doctrine
        • Lang
          • Security
          • Security
            • Audit
            • Injection
            • Search-active-debug
            • Search-cookie-secure-false-ini-config
            • Taint-cookie-http-false
            • Taint-cookie-secure-false
            • Taint-unsafe-echo-tag
            • Tainted-code-execution
            • Tainted-command-injection
            • Tainted-curl-injection
            • Tainted-path-traversal
            • Tainted-url-to-connection
            • Tainted-url-to-guzzle-client
            • Tainted-url-to-httpful
            • Tainted-user-input-in-php-script
            • Tainted-user-input-in-script
            • Xml-external-entities-unsafe-entity-loader
            • Xml-external-entities-unsafe-parser-flags
        • Laravel
        • Secrets
        • Symfony
        • Wordpress-plugins
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Security

    Audit

    The function openssl_decrypt returns either a string of the decrypted data on success or false on failure. If the failure case is not handled, this could lead to undefined behavior in your application. Please handle the case where openssl_decrypt returns false.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-252: Unchecked Return Value
    OWASP:
    - A02:2021 - Cryptographic Failures

    Calling assert with user input is equivalent to eval’ing.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
    OWASP:
    - A03:2021 - Injection

    SecurityInjection
    twitterlinkedin
    Powered by Mintlify