Back to Codebase

Vulnerability Analysis Report

Drupal Core v10.5.10

Scan ID: SCAN-DRUPAL-CORE-72GOEE • Hash: 0bd81786

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.498s

Vulnerability Details

L376

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:376
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j < $other_len && ! $other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L412

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:412
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in AttributeClassDiscovery.php

CWE-94
File Location: core/lib/Drupal/Component/Plugin/Discovery/AttributeClassDiscovery.php:70
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fileinfo instanceof \SplFileInfo);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L472

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:472
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset(parse_url($scheme_and_host)["scheme"]), '$scheme_and_host is absolute and hence has a scheme.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L201

Dynamic Code Execution in LibraryDiscoveryParser.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDiscoveryParser.php:201
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::validateCssLibrary($library[$type]) < 2, 'CSS files should be specified as key/value pairs, where the values are configuration options. See https://www.drupal.org/node/2274843.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L178

Dynamic Code Execution in ApcuBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/ApcuBackend.php:178
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:31
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\Drupal::service('cache_contexts_manager')->assertValidTokens($cache_contexts), sprintf('Failed to assert that "%s" are valid cache contexts.', implode(', ', $cache_contexts)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L54

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:54
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($cache_tags), 'Cache tags must be valid strings');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L108

Dynamic Code Execution in CacheContextsManager.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Context/CacheContextsManager.php:108
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->assertValidTokens($context_tokens));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L119

Dynamic Code Execution in MemoryBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/MemoryBackend.php:119
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L51

Dynamic Code Execution in MemoryCache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/MemoryCache/MemoryCache.php:51
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L101

Dynamic Code Execution in ConfigActionManager.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/ConfigActionManager.php:101
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($namespaces instanceof \ArrayAccess, '$namespaces can be accessed like an array');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L90

Dynamic Code Execution in CreateForEachBundle.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/CreateForEachBundle.php:90
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_object($bundle));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L118

Dynamic Code Execution in CreateForEachBundle.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/CreateForEachBundle.php:118
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_key_exists(static::BUNDLE_PLACEHOLDER, $replacements));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L44

Dynamic Code Execution in EntityCreate.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/EntityCreate.php:44
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($plugin_definition) && is_array($plugin_definition['constructor_args']), '$plugin_definition contains the expected settings');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L58

Dynamic Code Execution in PermissionsPerBundle.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/PermissionsPerBundle.php:58
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($value) || is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L46

Dynamic Code Execution in ConfigExistsConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/ConfigExistsConstraintValidator.php:46
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof ConfigExistsConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L33

Dynamic Code Execution in LangcodeRequiredIfTranslatableValuesConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/LangcodeRequiredIfTranslatableValuesConstraintValidator.php:33
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array('langcode', $mapping->getValidKeys(), TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L142

Dynamic Code Execution in SchemaCheckTrait.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/SchemaCheckTrait.php:142
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($config_entity instanceof ConfigEntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L257

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:257
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($this->identifierQuotes) === 2 && Inspector::assertAllStrings($this->identifierQuotes), '\Drupal\Core\Database\Connection::$identifierQuotes must contain 2 string values');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L331

Dynamic Code Execution in Database.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Database.php:331
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($info['dependencies']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L80

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:80
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($entity_type_id));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L81

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:81
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($path));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L148

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:148
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($source_hash));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L194

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:194
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($entity_type));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L200

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:200
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($entity_type));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L331

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:331
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof ContentEntityInterface || $entity === NULL);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L20

Dynamic Code Execution in InvalidEntityException.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/InvalidEntityException.php:20
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($violation instanceof ConstraintViolationInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L16

Dynamic Code Execution in Container.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/Container.php:16
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L211

Dynamic Code Execution in VersionHistoryController.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/Controller/VersionHistoryController.php:211
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entityStorage instanceof RevisionableStorageInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L230

Dynamic Code Execution in RevisionDeleteForm.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/Form/RevisionDeleteForm.php:230
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L74

Dynamic Code Execution in StaticMenuLinkOverrides.php

CWE-94
File Location: core/lib/Drupal/Core/Menu/StaticMenuLinkOverrides.php:74
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($id), 'Menu link plugin ID should be a string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L119

Dynamic Code Execution in ContextDefinition.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/Context/ContextDefinition.php:119
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!str_starts_with($data_type, 'entity:') || $this instanceof EntityContextDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L190

Dynamic Code Execution in DefaultPluginManager.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/DefaultPluginManager.php:190
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($cache_tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:38
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($this->placeholderStrategies), 'At least one placeholder strategy must be present; by default the fallback strategy \Drupal\Core\Render\Placeholder\SingleFlushStrategy is always present.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L368

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:368
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($elements['#lazy_builder']) === 2, 'The #lazy_builder property must have an array as a value, containing two values: the callback, and the arguments for the callback.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L370

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:370
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($elements['#lazy_builder'][1]) === count(array_filter($elements['#lazy_builder'][1], function ($v) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L373

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:373
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!Element::children($elements), sprintf('When a #lazy_builder callback is specified, no children can exist; all children must be generated by the #lazy_builder callback. You specified the following children: %s.', implode(', ', Element::children($elements))));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L208

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:208
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->urlGenerator instanceof UrlGeneratorInterface, "The URL generator hasn't been set up. Any configuration YAML file with a service directive dealing with the Twig configuration can cause this, most likely found in a recently installed or changed module.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L373

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:373
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($library), 'Argument must be a string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L274

Dynamic Code Execution in DataDefinition.php

CWE-94
File Location: core/lib/Drupal/Core/TypedData/DataDefinition.php:274
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_key_exists('NotNull', $constraints));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in ValidKeysConstraint.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraint.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mapping instanceof Mapping);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L58

Dynamic Code Execution in BlockContentAccessControlHandler.php

CWE-94
File Location: core/modules/block_content/src/BlockContentAccessControlHandler.php:58
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof BlockContentInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L264

Dynamic Code Execution in ckeditor5.api.php

CWE-94
File Location: core/modules/ckeditor5/ckeditor5.api.php:264
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin_definitions['ckeditor5_imageUpload'] instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L648

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:648
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1024

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1024
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($t) { return self::isWildcardTag($t); }, array_keys($wildcard_op_result->elements)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1056

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1056
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(self::isWildcardAttributeName($wildcard_attribute_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L77

Dynamic Code Execution in CKEditor4To5UpgradePluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor4To5UpgradePluginManager.php:77
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($definition['cke4_buttons']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L152

Dynamic Code Execution in Heading.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5Plugin/Heading.php:152
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_key_exists('model', $heading_option));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L185

Dynamic Code Execution in CKEditor5PluginDefinition.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginDefinition.php:185
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($definition['drupal']['elements'] === []);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L448

Dynamic Code Execution in CKEditor5PluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginManager.php:448
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(method_exists(CKEditor5PluginDefinition::class, $get_method));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:53
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L56

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:56
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($item_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L876

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:876
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($shifted === 'settings');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L211

Dynamic Code Execution in FundamentalCompatibilityConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/FundamentalCompatibilityConstraintValidator.php:211
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($matching_plugins) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in SourceEditingRedundantTagsConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingRedundantTagsConstraintValidator.php:168
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($all_elements[$tag_name]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L201

Dynamic Code Execution in StyleSensibleElementConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/StyleSensibleElementConstraintValidator.php:201
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in TextEditorObjectDependentValidatorTrait.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/TextEditorObjectDependentValidatorTrait.php:40
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L703

Dynamic Code Execution in SmartDefaultSettings.php

CWE-94
File Location: core/modules/ckeditor5/src/SmartDefaultSettings.php:703
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($already_supported_tags));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L980

Dynamic Code Execution in SmartDefaultSettings.php

CWE-94
File Location: core/modules/ckeditor5/src/SmartDefaultSettings.php:980
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($settings['plugins'][$plugin_name]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L220

Dynamic Code Execution in ImageTestBase.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/FunctionalJavascript/ImageTestBase.php:220
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($image_type === 'inline' || $image_type === 'block');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1919

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:1919
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L33

Dynamic Code Execution in AddModeration.php

CWE-94
File Location: core/modules/content_moderation/src/Plugin/ConfigAction/AddModeration.php:33
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($plugin_definition));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L91

Dynamic Code Execution in FileRepositoryTest.php

CWE-94
File Location: core/modules/file/tests/src/Kernel/FileRepositoryTest.php:91
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($stream_wrapper_manager instanceof StreamWrapperManagerInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L37

Dynamic Code Execution in forum.post_update.php

CWE-94
File Location: core/modules/forum/forum.post_update.php:37
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof NodeInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L123

Dynamic Code Execution in HelpTwigExtension.php

CWE-94
File Location: core/modules/help/src/HelpTwigExtension.php:123
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->pluginManager instanceof HelpTopicPluginManagerInterface, "The plugin manager hasn't been set up. Any configuration YAML file with a service directive dealing with the Twig configuration can cause this, most likely found in a recently installed or changed module.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L163

Dynamic Code Execution in EntityAccessChecker.php

CWE-94
File Location: core/modules/jsonapi/src/Access/EntityAccessChecker.php:163
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($operation === 'view', 'JSON:API does not yet support mutable operations on revisions.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L194

Dynamic Code Execution in EntityAccessChecker.php

CWE-94
File Location: core/modules/jsonapi/src/Access/EntityAccessChecker.php:194
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1053

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:1053
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects([$includes], IncludedData::class, NullIncludedData::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1197

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:1197
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($storage instanceof RevisionableStorageInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L150

Dynamic Code Execution in ResourceObjectNormalizationCacher.php

CWE-94
File Location: core/modules/jsonapi/src/EventSubscriber/ResourceObjectNormalizationCacher.php:150
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L124

Dynamic Code Execution in ResourceResponseSubscriber.php

CWE-94
File Location: core/modules/jsonapi/src/EventSubscriber/ResourceResponseSubscriber.php:124
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($jsonapi_doc_object instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in Data.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Data.php:59
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, ResourceIdentifierInterface::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L77

Dynamic Code Execution in Link.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Link.php:77
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($target_attribute_value) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L67

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:67
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!is_null($this->context), 'A LinkCollection is invalid unless a context has been established.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L86

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:86
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::validKey($key));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L28

Dynamic Code Execution in OmittedData.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/OmittedData.php:28
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, EntityAccessDeniedHttpException::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:82
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!isset($meta[static::ARITY_KEY]) || is_int($meta[static::ARITY_KEY]) && $meta[static::ARITY_KEY] >= 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L417

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:417
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($value === NULL);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L425

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:425
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($relatable_resource_types));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L92

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:92
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($revision_id) || $resource_type->isVersionable());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L317

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:317
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof UserInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L232

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:232
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_item instanceof FieldItemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in FieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldNormalizer.php:42
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($resource_type instanceof ResourceType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in ResourceObjectNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/ResourceObjectNormalizer.php:53
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof ResourceObject);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L389

Dynamic Code Execution in ResourceType.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceType.php:389
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field instanceof ResourceTypeRelationship);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:360
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($bundle) && !empty($bundle), 'A bundle ID is required. Bundleless entity types should pass the entity type ID again.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L185

Dynamic Code Execution in ResourceResponseTestTrait.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceResponseTestTrait.php:185
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1434

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:1434
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($violations->count() === 0, (string) $violations);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in GetDocumentFromResponseTrait.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Traits/GetDocumentFromResponseTrait.php:31
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this instanceof TestCase);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in LayoutBuilderController.php

CWE-94
File Location: core/modules/layout_builder/src/Controller/LayoutBuilderController.php:29
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertStringable($section_storage->label()), 'Section storage label is expected to be a string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in media.post_update.php

CWE-94
File Location: core/modules/media/media.post_update.php:31
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($media_config_updater instanceof MediaConfigUpdater);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in MigrateEntityContentValidationTest.php

CWE-94
File Location: core/modules/migrate/tests/src/Kernel/MigrateEntityContentValidationTest.php:168
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($filter_test_format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L131

Dynamic Code Execution in NodeAccessControlHandler.php

CWE-94
File Location: core/modules/node/src/NodeAccessControlHandler.php:131
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof NodeInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L121

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/modules/pgsql/src/Driver/Database/pgsql/Connection.php:121
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($prefix), 'The \'$prefix\' argument to ' . __METHOD__ . '() must be a string');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L437

Dynamic Code Execution in ResponsiveImageFieldDisplayTest.php

CWE-94
File Location: core/modules/responsive_image/tests/src/Functional/ResponsiveImageFieldDisplayTest.php:437
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($medium_style instanceof ImageStyleInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L132

Dynamic Code Execution in RequestHandler.php

CWE-94
File Location: core/modules/rest/src/RequestHandler.php:132
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($route_match->getRouteObject()->getMethods()) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L112

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/rest/tests/src/Functional/ResourceTestBase.php:112
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert([] === $user_role->getPermissions(), 'The anonymous user role has no permissions at all.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L121

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/rest/tests/src/Functional/ResourceTestBase.php:121
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert([] === $user_role->getPermissions(), 'The authenticated user role has no permissions at all.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L136

Dynamic Code Execution in ConfigDependenciesTest.php

CWE-94
File Location: core/modules/rest/tests/src/Kernel/Entity/ConfigDependenciesTest.php:136
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($module));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.