ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4828/php/rule.adoc

39 lines
634 B
Plaintext
Raw Normal View History

Add rules 4000-4999
2020-06-30 12:49:37 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
Modify S4828: Clarify recommendations (#1269)
2022-09-28 10:23:01 +02:00
[source,php]
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
----
Modify S4828: Clarify recommendations (#1269)
2022-09-28 10:23:01 +02:00
$targetPid = (int)$_GET["pid"];
posix_kill($targetPid, 9); // Sensitive
----
== Compliant Solution
[source,php]
----
$targetPid = (int)$_GET["pid"];
// Validate the untrusted PID,
// With a pre-approved list or authorization checks
if (isValidPid($targetPid)) {
posix_kill($targetPid, 9);
}
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
----
include::../see.adoc[]
Make sure that includes are always surrounded by empty lines (#2270) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
2023-06-22 10:38:01 +02:00
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346)
2021-09-20 15:38:42 +02:00
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue Copy Permalink