Line of code

Raymond
2014-12-15
2014-12-19
  • Raymond

    Raymond - 2014-12-15

    Would love an option for the "Banned/Insecure Functions" to display the line of code similar to how the "complex" scans do. Example "Complex" scan result =
    HIGH: Potentially Unsafe Code - User Controlled Variable Used on System Command Line
    Line: 15 - C:\Users\user\Documents\PHP\Sample3.php
    The application appears to allow the use of an unvalidated user-controlled variable when executing a command.
    exec("cat /var/log/apache2/access.log | grep " . $cmd); <= see the line of code

    "Banned/Insecure Function" example =
    STANDARD: Potentially Unsafe Code - exec
    Line: 15 - C:\Users\rgabler\Documents\PHP\Sample3.php
    This function allows execution of commands. It is dangerous when used with user controlled parameters and may facilitate direct attacks against the web server. Conduct a manual review of this section to ensure safe usage.
    <= notice the code isn't shown... I am happy that you made it trivial to fo to the file/line # but it would make it a lot quicker if I could see the offending line in results. I would love to see this as an option as I am sure I wouldn't want it on all the checks.

    Raymond

    P.S. Love the upgrades in 2.0 - keep up the good work.

     
  • N1ckDunn

    N1ckDunn - 2014-12-19

    Hi Raymond

    That should be fairly simple so I'll add it in to the next release.

    Thanks
    Nick

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks