51 lines
1015 B
Plaintext
51 lines
1015 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
// Any reference to STDIN is Sensitive
|
|
$varstdin = STDIN; // Sensitive
|
|
stream_get_line(STDIN, 40); // Sensitive
|
|
stream_copy_to_stream(STDIN, STDOUT); // Sensitive
|
|
// ...
|
|
|
|
|
|
// Except those references as they can't create an injection vulnerability.
|
|
ftruncate(STDIN, 5); // OK
|
|
ftell(STDIN); // OK
|
|
feof(STDIN); // OK
|
|
fseek(STDIN, 5); // OK
|
|
fclose(STDIN); // OK
|
|
|
|
|
|
// STDIN can also be referenced like this
|
|
$mystdin = 'php://stdin'; // Sensitive
|
|
|
|
file_get_contents('php://stdin'); // Sensitive
|
|
readfile('php://stdin'); // Sensitive
|
|
|
|
$input = fopen('php://stdin', 'r'); // Sensitive
|
|
fclose($input); // OK
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|