include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

Builtin functions

----
function sendHttpRequest($url) {
    // The following are sensitive when used with a hard coded http or https url. The limitation is to avoid False positives.
    file_get_contents('https://example.com'); // Sensitive
    fopen('http://example.com', 'r');  // Sensitive
    readfile('http://example.com'); // Sensitive
    copy('http://example.com', 'test.txt'); // Sensitive
    file('http://example.com'); // Sensitive

    // Some of these function also accept a context. When this context is an 'http' context. See above.
    file_get_contents('http://example.com', false, $context); // Sensitive
    fopen('http://example.com', 'r', false, $context); // Sensitive
    file('http://example.com', 0, $context); // Sensitive
    readfile('http://example.com', False, $context); // Sensitive

    get_headers('http://example.com'); // Sensitive
    get_meta_tags('http://example.com'); // Sensitive, when used with a hard coded http or https url. The limitation is to avoid False positives.   
}
----

Curl functions

----
$url = 'http://example.com';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
//Execute the request.
$data = curl_exec($ch); // Sensitive
curl_close($ch);
----

Guzzle

----
new GuzzleHttp\Client(); // Sensitive
----

PECL HTTP

----
new http\Client\Request('GET', 'http://example.com'); // Sensitive
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]
'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]