Back to Codebase

Vulnerability Analysis Report

Drupal Core v9.5.2

Scan ID: SCAN-DRUPAL-CORE-4Bf4Dd • Hash: 5474547f

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.662s

Vulnerability Details

L208

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:208
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L215

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:215
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($y < $this->seq[$k]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L37

Dynamic Code Execution in MappedDiff.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/MappedDiff.php:37
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(sizeof($to_lines) == sizeof($mapped_to_lines));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L90

Dynamic Code Execution in FrontMatter.php

CWE-94
File Location: core/lib/Drupal/Component/FrontMatter/FrontMatter.php:90
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_subclass_of($serializer, SerializationInterface::class), sprintf('The $serializer parameter must reference a class that implements %s.', SerializationInterface::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L463

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:463
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(empty(array_diff(array_keys(parse_url($scheme_and_host)), ["scheme", "host", "port"])), '$scheme_and_host contains scheme, host and port at most.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L465

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:465
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset(parse_url($scheme_and_host)["host"]), '$base_url is absolute and hence has a host.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L174

Dynamic Code Execution in LibraryDiscoveryParser.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDiscoveryParser.php:174
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(defined($category_weight), 'Invalid CSS category: ' . $category . '. See https://www.drupal.org/node/2274843.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in MemoryBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/MemoryBackend.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L152

Dynamic Code Execution in PhpBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/PhpBackend.php:152
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L924

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:924
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!isset($options['target']), 'Passing "target" option to query() has no effect. See https://www.drupal.org/node/2993033');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L74

Dynamic Code Execution in StaticMenuLinkOverrides.php

CWE-94
File Location: core/lib/Drupal/Core/Menu/StaticMenuLinkOverrides.php:74
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($id), 'Menu link plugin ID should be a string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L318

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:318
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($elements['#lazy_builder']), 'The #lazy_builder property must have an array as a value.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L420

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:420
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($no_js_placeholders[$placeholder]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L649

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:649
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($request_type === HttpKernelInterface::MASTER_REQUEST || $request_type === HttpKernelInterface::SUB_REQUEST);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L183

Dynamic Code Execution in BigPipeStrategy.php

CWE-94
File Location: core/modules/big_pipe/src/Render/Placeholder/BigPipeStrategy.php:183
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($placeholder));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1024

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1024
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($t) { return !self::isWildcardTag($t); }, array_keys($concrete_op_result->elements)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1055

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1055
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(self::isWildcardAttributeName($wildcard_attribute_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1279

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1279
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($attributes === FALSE || is_array($attributes));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L77

Dynamic Code Execution in CKEditor4To5UpgradePluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor4To5UpgradePluginManager.php:77
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($definition['cke4_buttons']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L89

Dynamic Code Execution in CKEditor4To5UpgradePluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor4To5UpgradePluginManager.php:89
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($definition['cke4_plugin_settings']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L415

Dynamic Code Execution in CKEditor5PluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginManager.php:415
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($defined_elements));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L443

Dynamic Code Execution in CKEditor5PluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginManager.php:443
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(method_exists(CKEditor5PluginDefinition::class, $has_method));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L242

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:242
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($violation instanceof ConstraintViolation);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L729

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:729
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(TRUE === $this->checkConfigSchema(\Drupal::getContainer()->get('config.typed'), 'editor.editor.id_does_not_matter', $submitted_editor->toArray()), 'Schema errors: ' . print_r($this->checkConfigSchema(\Drupal::getContainer()->get('config.typed'), 'editor.editor.id_does_not_matter', $submitted_editor->toArray()), TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in PrecedingConstraintAwareValidatorTrait.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/PrecedingConstraintAwareValidatorTrait.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->context instanceof ExecutionContext);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L35

Dynamic Code Execution in TextEditorObjectDependentValidatorTrait.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/TextEditorObjectDependentValidatorTrait.php:35
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in TextEditorObjectDependentValidatorTrait.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/TextEditorObjectDependentValidatorTrait.php:50
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_editor instanceof EditorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1587

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:1587
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1788

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:1788
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L589

Dynamic Code Execution in ValidatorsTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/ValidatorsTest.php:589
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_editor instanceof EditorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L598

Dynamic Code Execution in ValidatorsTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/ValidatorsTest.php:598
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in CommentStorageSchema.php

CWE-94
File Location: core/modules/comment/src/CommentStorageSchema.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($storage_definition instanceof RequiredFieldStorageDefinitionInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in FileEntityNormalizer.php

CWE-94
File Location: core/modules/hal/src/Normalizer/FileEntityNormalizer.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof FileInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L206

Dynamic Code Execution in ConfigDependenciesTest.php

CWE-94
File Location: core/modules/hal/tests/src/Kernel/rest/Entity/ConfigDependenciesTest.php:206
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($module));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in RelationshipFieldAccess.php

CWE-94
File Location: core/modules/jsonapi/src/Access/RelationshipFieldAccess.php:71
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($access_result instanceof AccessResultReasonInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L625

Dynamic Code Execution in FieldResolver.php

CWE-94
File Location: core/modules/jsonapi/src/Context/FieldResolver.php:625
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($target_definition instanceof EntityDataDefinitionInterface, 'Entity reference fields should only be able to reference entities.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L834

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:834
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($request->isMethod('POST') || $request->isMethod('PATCH') || $request->isMethod('DELETE'));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L94

Dynamic Code Execution in ResourceObjectNormalizationCacher.php

CWE-94
File Location: core/modules/jsonapi/src/EventSubscriber/ResourceObjectNormalizationCacher.php:94
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L117

Dynamic Code Execution in ResourceResponseValidator.php

CWE-94
File Location: core/modules/jsonapi/src/EventSubscriber/ResourceResponseValidator.php:117
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->validateResponse($response, $request), 'A JSON:API response failed validation (see the logs for details). Please report this in the issue queue on drupal.org');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in Data.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Data.php:59
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, ResourceIdentifierInterface::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in Data.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Data.php:60
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($cardinality >= -1 && $cardinality !== 0, 'Cardinality must be -1 for unlimited cardinality or a positive integer.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in JsonApiDocumentTopLevel.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/JsonApiDocumentTopLevel.php:71
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!$data instanceof ErrorCollection || $includes instanceof NullIncludedData);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L79

Dynamic Code Execution in Link.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Link.php:79
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings(array_keys($target_attributes)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L171

Dynamic Code Execution in Link.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Link.php:171
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::compare($a, $b) === 0, 'Only equivalent links can be merged.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L48

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:48
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($key) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L133

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:133
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!is_null($this->context), 'A LinkCollection is invalid unless a context has been established.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L28

Dynamic Code Execution in OmittedData.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/OmittedData.php:28
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, EntityAccessDeniedHttpException::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L288

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:288
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($target instanceof EntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L425

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:425
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($relatable_resource_types));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L241

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:241
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof ContentEntityInterface || $entity instanceof ConfigEntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L24

Dynamic Code Execution in DataNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/DataNormalizer.php:24
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof Data);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L45

Dynamic Code Execution in EntityReferenceFieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/EntityReferenceFieldNormalizer.php:45
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($resource_relationship instanceof ResourceTypeRelationship);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L176

Dynamic Code Execution in JsonApiDocumentTopLevelNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/JsonApiDocumentTopLevelNormalizer.php:176
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof JsonApiDocumentTopLevel);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L52

Dynamic Code Execution in ResourceIdentifierNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/ResourceIdentifierNormalizer.php:52
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof ResourceIdentifier);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L184

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:184
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($bundle) && !empty($bundle), 'A bundle ID is required. Bundleless entity types should pass the entity type ID again.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L112

Dynamic Code Execution in ExternalNormalizersTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ExternalNormalizersTest.php:112
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($expected_value_jsonapi_normalization, [static::VALUE_ORIGINAL, static::VALUE_OVERRIDDEN], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L45

Dynamic Code Execution in ResourceResponseTestTrait.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceResponseTestTrait.php:45
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($responses) > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L381

Dynamic Code Execution in ResourceResponseTestTrait.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceResponseTestTrait.php:381
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::isResourceIdentifier($resource_identifier));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1733

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:1733
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2082

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:2082
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($created_entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2653

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:2653
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->getExpectedCacheTags($field_set) === $this->getExpectedCacheTags());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L122

Dynamic Code Execution in LinkCollectionNormalizerTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Kernel/Normalizer/LinkCollectionNormalizerTest.php:122
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($current_user));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L256

Dynamic Code Execution in RelationshipNormalizerTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Kernel/Normalizer/RelationshipNormalizerTest.php:256
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($actual instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L33

Dynamic Code Execution in CommonCollectionFilterAccessTestPatternsTrait.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php:33
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this instanceof ResourceTestBase);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L625

Dynamic Code Execution in InlineBlockTest.php

CWE-94
File Location: core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockTest.php:625
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert($permissions, TRUE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L203

Dynamic Code Execution in OEmbedIframeController.php

CWE-94
File Location: core/modules/media/src/Controller/OEmbedIframeController.php:203
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($bubbleable_metadata instanceof BubbleableMetadata);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in Endpoint.php

CWE-94
File Location: core/modules/media/src/OEmbed/Endpoint.php:76
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_diff($formats, ['json', 'xml']) == []);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in EntityValidationException.php

CWE-94
File Location: core/modules/migrate/src/Exception/EntityValidationException.php:70
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($violation instanceof ConstraintViolationInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L175

Dynamic Code Execution in EntityContentBase.php

CWE-94
File Location: core/modules/migrate/src/Plugin/migrate/destination/EntityContentBase.php:175
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof ContentEntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L135

Dynamic Code Execution in ConfigDependenciesTest.php

CWE-94
File Location: core/modules/rest/tests/src/Kernel/Entity/ConfigDependenciesTest.php:135
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($expected_configuration === FALSE || is_array($expected_configuration));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L35

Dynamic Code Execution in SearchTextProcessorTest.php

CWE-94
File Location: core/modules/search/tests/src/Kernel/SearchTextProcessorTest.php:35
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_processor instanceof SearchTextProcessorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L96

Dynamic Code Execution in NodeStatisticsDatabaseStorage.php

CWE-94
File Location: core/modules/statistics/src/NodeStatisticsDatabaseStorage.php:96
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($order, ['totalcount', 'daycount', 'timestamp']), "Invalid order argument.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in LoadLibraryController.php

CWE-94
File Location: core/modules/system/tests/modules/modernizr_deprecation_test/src/Controller/LoadLibraryController.php:42
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($available_libraries[$library]), "Library $library not available in extension $extension");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L222

Dynamic Code Execution in ModuleHandlerTest.php

CWE-94
File Location: core/modules/system/tests/src/Kernel/Extension/ModuleHandlerTest.php:222
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($profile_list instanceof ProfileExtensionList);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L387

Dynamic Code Execution in PluginBase.php

CWE-94
File Location: core/modules/views/src/Plugin/views/PluginBase.php:387
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $top) === 1, 'Tokens need to be valid Twig variables.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L98

Dynamic Code Execution in StreamWrapperTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/File/StreamWrapperTest.php:98
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_system instanceof FileSystemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L105

Dynamic Code Execution in StreamWrapperTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/File/StreamWrapperTest.php:105
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_url_generator instanceof FileUrlGeneratorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L91

Dynamic Code Execution in WeightTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Render/Element/WeightTest.php:91
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert('select', $select, [
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L114

Dynamic Code Execution in RegistryTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Theme/RegistryTest.php:114
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($extension_list instanceof ModuleExtensionList);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L64

Dynamic Code Execution in SchemaIntrospectionTestTrait.php

CWE-94
File Location: core/tests/Drupal/Tests/Core/Database/SchemaIntrospectionTestTrait.php:64
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($index_type, ['index', 'unique', 'primary'], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L172

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:172
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(NULL === $node, sprintf('A button "%s" appears on this page, but it should not.', $button));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L295

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:295
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($expected_title === $actual_title, 'Title found');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L98

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:98
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($yi < $n_to || $this->xchanged[$xi]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L347

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:347
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert(sizeof($lines) == sizeof($changed));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L367

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:367
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j < $other_len && ! $other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in AccessResult.php

CWE-94
File Location: core/lib/Drupal/Core/Access/AccessResult.php:40
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($reason) || is_null($reason));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in LibraryDependencyResolver.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDependencyResolver.php:82
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($libraries) === count(array_unique($libraries)), '$libraries can\'t contain duplicate items.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L170

Dynamic Code Execution in LibraryDiscoveryParser.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDiscoveryParser.php:170
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::validateCssLibrary($library[$type]) < 2, 'CSS files should be specified as key/value pairs, where the values are configuration options. See https://www.drupal.org/node/2274843.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L171

Dynamic Code Execution in LibraryDiscoveryParser.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDiscoveryParser.php:171
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::validateCssLibrary($library[$type]) === 0, 'CSS must be nested under a category. See https://www.drupal.org/node/2274843.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:31
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\Drupal::service('cache_contexts_manager')->assertValidTokens($cache_contexts), sprintf('Failed to assert that "%s" are valid cache contexts.', implode(', ', $cache_contexts)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L54

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:54
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($cache_tags), 'Cache tags must be valid strings');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L115

Dynamic Code Execution in CacheCollector.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheCollector.php:115
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L26

Dynamic Code Execution in CacheTagsInvalidator.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheTagsInvalidator.php:26
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L108

Dynamic Code Execution in CacheContextsManager.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Context/CacheContextsManager.php:108
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->assertValidTokens($context_tokens));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L239

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:239
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($this->identifierQuotes) === 2 && Inspector::assertAllStrings($this->identifierQuotes), '\Drupal\Core\Database\Connection::$identifierQuotes must contain 2 string values');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L16

Dynamic Code Execution in Container.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/Container.php:16
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:38
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($this->placeholderStrategies), 'At least one placeholder strategy must be present; by default the fallback strategy \Drupal\Core\Render\Placeholder\SingleFlushStrategy is always present.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:47
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_intersect_key($processed_placeholders, $placeholders) === $processed_placeholders, 'Processed placeholders must be a subset of all placeholders.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in PharExtensionInterceptor.php

CWE-94
File Location: core/lib/Drupal/Core/Security/PharExtensionInterceptor.php:40
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert(string $path, string $command): bool {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L220

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:220
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->urlGenerator instanceof UrlGeneratorInterface, "The URL generator hasn't been set up. Any configuration YAML file with a service directive dealing with the Twig configuration can cause this, most likely found in a recently installed or changed module.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.