Page MenuHomePhabricator
Files F43053652

horusec.txt
mmartorana (manfredi martorana)
Actions

Authored By
mmartorana
Mar 22 2024, 3:22 PM
Size
3 KB
Referenced Files
None
Subscribers
None

horusec.txt
View Options

Language: JavaScript
Severity: INFO
Line: 68
Column: 13
SecurityTool: HorusecEngine
Confidence: LOW
File: /Users/manfredi/Reviews/CommunityConfiguration/resources/ext.communityConfiguration.Editor/init.js
Code: ( err ) => console.error( err )
RuleID: HS-JAVASCRIPT-1
Type: Vulnerability
ReferenceHash: 11120efa0236bad374e2d6748b427cc109c1eaf56e5d2b0e4758d206ef3211b7
Details: (1/1) * Possible vulnerability detected: No Log Sensitive Information in console
The App logs information. Sensitive information should never be logged. For more information checkout the CWE-532 (https://cwe.mitre.org/data/definitions/532.html) advisory.
==================================================================================
Language: PHP
Severity: INFO
Line: 70
Column: 3
SecurityTool: PhpCS
Confidence: LOW
File: /Users/manfredi/Reviews/CommunityConfiguration/src/Store/WikiPage/Writer.php
Code: uasort( $configSorted, static function ( $a, $b ): int {
RuleID: e98577ac
Type: Vulnerability
ReferenceHash: 7e0df89d5477aefeee6db6068104ea7cfc25331dffed4492906f105654f0c04b
Details: (1/1) * Possible vulnerability detected: Function uasort() that supports callback detected
PHPCS_SecurityAudit.BadFunctions.CallbackFunctions.WarnCallbackFunctions
==================================================================================
Language: PHP
Severity: INFO
Line: 3
Column: 16
SecurityTool: PhpCS
Confidence: LOW
File: /Users/manfredi/Reviews/CommunityConfiguration/.phan/config.php
Code: return require __DIR__ . '/../vendor/mediawiki/mediawiki-phan-config/src/config.php';
RuleID: 44c935ff
Type: Vulnerability
ReferenceHash: 4cdcdab907c8ecae2b8ef6cd8b5222622e3da52be54fd55db27541e749f7ff72
Details: (1/1) * Possible vulnerability detected: Possible RFI detected with __DIR__ on require
PHPCS_SecurityAudit.BadFunctions.EasyRFI.WarnEasyRFI
==================================================================================
Language: PHP
Severity: INFO
Line: 61
Column: 20
SecurityTool: PhpCS
Confidence: LOW
File: /Users/manfredi/Reviews/CommunityConfiguration/src/Specials/SpecialCommunityConfigurationDashboard.php
Code: 'guidelines' => array_map( function ( array $guideline ): array {
RuleID: 467a82bd
Type: Vulnerability
ReferenceHash: fd7e1b028e4834b9a377e697cda424e435c61d092db7d3d591ff4d7be95de389
Details: (1/1) * Possible vulnerability detected: Function array_map() that supports callback detected
PHPCS_SecurityAudit.BadFunctions.CallbackFunctions.WarnCallbackFunctions
==================================================================================
Language: PHP
Severity: INFO
Line: 58
Column: 17
SecurityTool: PhpCS
Confidence: LOW
File: /Users/manfredi/Reviews/CommunityConfiguration/src/Store/WikiPage/Loader.php
Code: $this->cache->delete( $cacheKey );
RuleID: 488aac0f
Type: Vulnerability
ReferenceHash: c96886b5386a5f26ef26f12374d3c5eb065d0eb0d09d3e1125c0804a9cc6cf73
Details: (1/1) * Possible vulnerability detected: Filesystem function delete() detected with dynamic parameter
PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem
==================================================================================
Language: PHP
Severity: INFO
Line: 59
Column: 26
SecurityTool: PhpCS
Confidence: LOW
File: /Users/manfredi/Reviews/CommunityConfiguration/src/Store/WikiPage/Loader.php
Code: $this->inProcessCache->delete( $cacheKey );
RuleID: 488aac0f
Type: Vulnerability
ReferenceHash: 207f8da4303ba72e93b92f6970b08bab1a31b744eab0b245641972de77790b5a
Details: (1/1) * Possible vulnerability detected: Filesystem function delete() detected with dynamic parameter
PHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem
==================================================================================

File Metadata

Mime Type
text/plain
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15022781
Default Alt Text
horusec.txt (3 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits