Back to Codebase

Vulnerability Analysis Report

Drupal Core v11.2.12

Scan ID: SCAN-DRUPAL-CORE-83fsS0 • Hash: 91fd7b30

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.925s

Vulnerability Details

L142

Dynamic Code Execution in RootComposer.php

CWE-94
File Location: composer/Plugin/RecipeUnpack/RootComposer.php:142
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(self::checkRootPackage($composer_content, $this->composer->getPackage()), 'Composer root package and composer.json match');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in LibraryDependencyResolver.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDependencyResolver.php:82
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($libraries) === count(array_unique($libraries)), '$libraries can\'t contain duplicate items.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L201

Dynamic Code Execution in LibraryDiscoveryParser.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDiscoveryParser.php:201
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(defined($category_weight), 'Invalid CSS category: ' . $category . '. See https://www.drupal.org/node/2274843.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L114

Dynamic Code Execution in CacheCollector.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheCollector.php:114
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L30

Dynamic Code Execution in CacheTagsInvalidator.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheTagsInvalidator.php:30
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L108

Dynamic Code Execution in CacheContextsManager.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Context/CacheContextsManager.php:108
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->assertValidTokens($context_tokens));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L89

Dynamic Code Execution in VariationCache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/VariationCache.php:89
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($last_item->data instanceof CacheRedirect);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L87

Dynamic Code Execution in CreateForEachBundle.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/CreateForEachBundle.php:87
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in EntityClone.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/EntityClone.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($value['id']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L68

Dynamic Code Execution in EntityClone.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/EntityClone.php:68
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($original_id_parts) === count($clone_id_parts));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in SetProperties.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/SetProperties.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!array_is_list($values));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L52

Dynamic Code Execution in RequiredConfigDependenciesConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/RequiredConfigDependenciesConstraintValidator.php:52
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof RequiredConfigDependenciesConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L187

Dynamic Code Execution in Mapping.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/Mapping.php:187
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($valid_keys_everywhere) <= 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L144

Dynamic Code Execution in SchemaCheckTrait.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/SchemaCheckTrait.php:144
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($config_entity instanceof ConfigEntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L229

Dynamic Code Execution in TypedConfigManager.php

CWE-94
File Location: core/lib/Drupal/Core/Config/TypedConfigManager.php:229
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(($static_type_root !== NULL && $static_type_root !== $root) || ($static_type_root === NULL && $object->getParent() === NULL));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L653

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:653
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($query), 'The \'$query\' argument to ' . __METHOD__ . '() must be a string');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L655

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:655
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!isset($options['target']), 'Passing "target" option to query() has no effect. See https://www.drupal.org/node/2993033');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1505

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:1505
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(class_exists($eventName), "Event class {$eventName} does not exist");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1521

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:1521
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(class_exists($eventName), "Event class {$eventName} does not exist");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L289

Dynamic Code Execution in Database.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Database.php:289
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($info['dependencies']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L330

Dynamic Code Execution in Merge.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Query/Merge.php:330
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($field));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L186

Dynamic Code Execution in StatementBase.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Statement/StatementBase.php:186
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mode instanceof FetchAs);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L299

Dynamic Code Execution in StatementBase.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Statement/StatementBase.php:299
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mode === NULL || $mode instanceof FetchAs);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L95

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:95
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($path));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L361

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:361
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof ContentEntityInterface || $entity === NULL);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in BackwardsCompatibilityClassLoaderPass.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/Compiler/BackwardsCompatibilityClassLoaderPass.php:25
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(is_array($module_moved));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L44

Dynamic Code Execution in ImmutablePropertiesConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/Plugin/Validation/Constraint/ImmutablePropertiesConstraintValidator.php:44
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof ImmutablePropertiesConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L302

Dynamic Code Execution in SqlContentEntityStorageSchema.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorageSchema.php:302
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!$storage_definition->hasCustomStorage());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L545

Dynamic Code Execution in ModuleHandler.php

CWE-94
File Location: core/lib/Drupal/Core/Extension/ModuleHandler.php:545
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($identifiers === array_unique($identifiers));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L183

Dynamic Code Execution in FieldTypePluginManager.php

CWE-94
File Location: core/lib/Drupal/Core/Field/FieldTypePluginManager.php:183
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, "\"$group\" must be defined in MODULE_NAME.field_type_categories.yml");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L402

Dynamic Code Execution in HookCollectorPass.php

CWE-94
File Location: core/lib/Drupal/Core/Hook/HookCollectorPass.php:402
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fileinfo instanceof \SplFileInfo);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L28

Dynamic Code Execution in MenuLinkDepthConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Menu/Plugin/Validation/Constraint/MenuLinkDepthConstraintValidator.php:28
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof MenuLinkDepthConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L119

Dynamic Code Execution in ContextDefinition.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/Context/ContextDefinition.php:119
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!str_starts_with($data_type, 'entity:') || $this instanceof EntityContextDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L61

Dynamic Code Execution in LazyContextRepository.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/Context/LazyContextRepository.php:61
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($id[0] === '@' && str_contains($id, ':'), 'You must provide the context IDs in the @{service_id}:{unqualified_context_id} format.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L21

Dynamic Code Execution in PluginExistsConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/Plugin/Validation/Constraint/PluginExistsConstraintValidator.php:21
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof PluginExistsConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L30

Dynamic Code Execution in RecipeMissingExtensionsException.php

CWE-94
File Location: core/lib/Drupal/Core/Recipe/RecipeMissingExtensionsException.php:30
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($extensions), 'Extension names must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L80

Dynamic Code Execution in HtmlResponseAttachmentsProcessor.php

CWE-94
File Location: core/lib/Drupal/Core/Render/HtmlResponseAttachmentsProcessor.php:80
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($response instanceof HtmlResponse);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:59
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_intersect_key($processed_placeholders, $placeholders) === $processed_placeholders, 'Processed placeholders must be a subset of all placeholders.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L67

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:67
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(empty($placeholders), 'It was not possible to replace all placeholders in ChainedPlaceholderStrategy::processPlaceholders()');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L376

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:376
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($elements['#lazy_builder'][1]) === count(array_filter($elements['#lazy_builder'][1], function ($v) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L417

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:417
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($new_elements), "#lazy_builder callbacks must return a valid renderable array, got " . gettype($new_elements) . " from " . Variable::callableToString($elements['#lazy_builder'][0]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L106

Dynamic Code Execution in ComponentsTwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/ComponentsTwigExtension.php:106
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->doValidateProps($context, $component_id));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L380

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:380
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($library), 'Argument must be a string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L192

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:192
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($definition instanceof MapDataDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L194

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:194
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_key_exists('mapping', $definition));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L215

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:215
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!strpos($resolved_type, ']'));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L245

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:245
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!in_array('%type', $instructions, TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in BlockDragTest.php

CWE-94
File Location: core/modules/block/tests/src/FunctionalJavascript/BlockDragTest.php:76
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertSession()->assert($noBlockMessage === 'No blocks in this region', 'Region primary menu should be empty.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L232

Dynamic Code Execution in ckeditor5.api.php

CWE-94
File Location: core/modules/ckeditor5/ckeditor5.api.php:232
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin_definitions['ckeditor5_link'] instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L248

Dynamic Code Execution in ckeditor5.api.php

CWE-94
File Location: core/modules/ckeditor5/ckeditor5.api.php:248
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin_definitions['ckeditor5_imageUpload'] instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L671

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:671
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($other->elements[$tag]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L782

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:782
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($this->elements[$tag]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L783

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:783
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($other->elements[$tag]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L813

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:813
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($other->elements[$tag][$attr]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1228

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1228
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($tag === '*');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1247

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1247
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($readable));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L187

Dynamic Code Execution in CKEditor5PluginDefinition.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginDefinition.php:187
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($definition['drupal']['elements'] === []);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:50
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($editor instanceof EditorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:59
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L857

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:857
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(NestedArray::keyExists($subform, $parts));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in SourceEditingPreventSelfXssConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingPreventSelfXssConstraintValidator.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($allowed_elements) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in SourceEditingPreventSelfXssConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingPreventSelfXssConstraintValidator.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($attribute_name !== '*');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L92

Dynamic Code Execution in SourceEditingRedundantTagsConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingRedundantTagsConstraintValidator.php:92
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($overlap->getAllowedElements(FALSE)) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in TextEditorObjectDependentValidatorTrait.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/TextEditorObjectDependentValidatorTrait.php:40
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L766

Dynamic Code Execution in SmartDefaultSettings.php

CWE-94
File Location: core/modules/ckeditor5/src/SmartDefaultSettings.php:766
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L137

Dynamic Code Execution in ImageTestBaselineTrait.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/FunctionalJavascript/ImageTestBaselineTrait.php:137
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($image_type === 'inline' || $image_type === 'block');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1938

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:1938
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2022

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:2022
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_id === 'ckeditor5_derived_plugin_foo');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L677

Dynamic Code Execution in ValidatorsTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/ValidatorsTest.php:677
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_editor instanceof EditorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in CKEditor5Test.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Unit/CKEditor5Test.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->expectExceptionMessage('assert($shifted === \'settings\')');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in CommentTypeListBuilder.php

CWE-94
File Location: core/modules/comment/src/CommentTypeListBuilder.php:71
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof CommentTypeInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L37

Dynamic Code Execution in AddModeration.php

CWE-94
File Location: core/modules/content_moderation/src/Plugin/ConfigAction/AddModeration.php:37
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($plugin_definition));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L27

Dynamic Code Execution in ComputedFileUrl.php

CWE-94
File Location: core/modules/file/src/ComputedFileUrl.php:27
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->getParent()->getEntity() instanceof FileInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L63

Dynamic Code Execution in FileRepositoryTest.php

CWE-94
File Location: core/modules/file/tests/src/Kernel/FileRepositoryTest.php:63
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($stream_wrapper_manager instanceof StreamWrapperManagerInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L91

Dynamic Code Execution in FileRepositoryTest.php

CWE-94
File Location: core/modules/file/tests/src/Kernel/FileRepositoryTest.php:91
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($stream_wrapper_manager instanceof StreamWrapperManagerInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in FilterImageLazyLoad.php

CWE-94
File Location: core/modules/filter/src/Plugin/Filter/FilterImageLazyLoad.php:55
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($element instanceof \DOMElement);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L228

Dynamic Code Execution in ImageItemTest.php

CWE-94
File Location: core/modules/image/tests/src/Kernel/ImageItemTest.php:228
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($form_object instanceof ContentEntityForm);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L89

Dynamic Code Execution in TemporaryQueryGuard.php

CWE-94
File Location: core/modules/jsonapi/src/Access/TemporaryQueryGuard.php:89
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::$fieldManager !== NULL);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L616

Dynamic Code Execution in FieldResolver.php

CWE-94
File Location: core/modules/jsonapi/src/Context/FieldResolver.php:616
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($target_definition instanceof EntityDataDefinitionInterface, 'Entity reference fields should only be able to reference entities.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L862

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:862
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($request->isMethod('POST') || $request->isMethod('PATCH') || $request->isMethod('DELETE'));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1225

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:1225
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($storage instanceof RevisionableStorageInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L238

Dynamic Code Execution in FileUpload.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/FileUpload.php:238
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($entity) ||
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in ErrorCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ErrorCollection.php:38
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($error) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in Link.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Link.php:76
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings(array_keys($target_attributes)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L77

Dynamic Code Execution in Link.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Link.php:77
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($target_attribute_value) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in Link.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Link.php:168
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::compare($a, $b) === 0, 'Only equivalent links can be merged.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L85

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:85
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::validKey($key));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L132

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:132
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!is_null($this->context), 'A LinkCollection is invalid unless a context has been established.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L28

Dynamic Code Execution in OmittedData.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/OmittedData.php:28
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, EntityAccessDeniedHttpException::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in RelationshipData.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/RelationshipData.php:29
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, ResourceIdentifier::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L418

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:418
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($value === NULL);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L422

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:422
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($host_entity instanceof EntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L424

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:424
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($resource_type instanceof ResourceType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L92

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:92
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($revision_id) || $resource_type->isVersionable());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L318

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:318
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof UserInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in EntityReferenceFieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/EntityReferenceFieldNormalizer.php:31
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field instanceof EntityReferenceFieldItemListInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in EntityReferenceFieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/EntityReferenceFieldNormalizer.php:38
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($context['resource_object'] instanceof ResourceObject);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L63

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:63
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof FieldItemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L234

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:234
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field instanceof FieldItemListInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L236

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:236
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_item instanceof FieldItemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.