Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.3.0

Scan ID: SCAN-DRUPAL-CORE-9aCMB2 • Hash: 3c393443

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.507s

Vulnerability Details

L99

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:99
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($yi < $n_to || $this->xchanged[$xi]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L263

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:263
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($ypos != $this->seq[$end]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in MappedDiff.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/MappedDiff.php:36
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(sizeof($to_lines) == sizeof($mapped_to_lines));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L452

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:452
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('empty(array_diff(array_keys(parse_url($scheme_and_host)), ["scheme", "host", "port"]))', '$scheme_and_host contains scheme, host and port at most.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L454

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:454
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset(parse_url($scheme_and_host)["host"])', '$base_url is absolute and hence has a host.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L164

Dynamic Code Execution in ApcuBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/ApcuBackend.php:164
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($tags)', 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L114

Dynamic Code Execution in CacheCollector.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheCollector.php:114
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($tags)', 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in CacheContextsManager.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Context/CacheContextsManager.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$this->assertValidTokens($context_tokens)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in Container.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/Container.php:29
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:47
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('array_intersect_key($processed_placeholders, $placeholders) === $processed_placeholders', 'Processed placeholders must be a subset of all placeholders.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L68

Dynamic Code Execution in AggregatorTestBase.php

CWE-94
File Location: core/modules/aggregator/tests/src/Functional/AggregatorTestBase.php:68
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a feed');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L654

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:654
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$request_type === \Symfony\Component\HttpKernel\HttpKernelInterface::MASTER_REQUEST || $request_type === \Symfony\Component\HttpKernel\HttpKernelInterface::SUB_REQUEST');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L68

Dynamic Code Execution in ConfigExportUITest.php

CWE-94
File Location: core/modules/config/src/Tests/ConfigExportUITest.php:68
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($archive_contents), 'Downloaded archive file is not empty.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in ConfigInstallProfileUnmetDependenciesTest.php

CWE-94
File Location: core/modules/config/src/Tests/ConfigInstallProfileUnmetDependenciesTest.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert('debug', $message, 'Debug', $caller);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L146

Dynamic Code Execution in ContactSitewideTest.php

CWE-94
File Location: core/modules/contact/tests/src/Functional/ContactSitewideTest.php:146
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a contact form.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in FieldUIRouteTest.php

CWE-94
File Location: core/modules/field_ui/tests/src/Functional/FieldUIRouteTest.php:72
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(count($this->xpath('//ul/li[1]/a[contains(text(), :text)]', [':text' => 'Default'])) == 1, 'Default secondary tab is in first position.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L402

Dynamic Code Execution in NodeTranslationUITest.php

CWE-94
File Location: core/modules/node/src/Tests/NodeTranslationUITest.php:402
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($links[0]), format_string('The %langcode node translation has the correct alternate hreflang link for %alternate_langcode: %link.', ['%langcode' => $langcode, '%alternate_langcode' => $alternate_langcode, '%link' => $url->toString()]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in NodeCreationTest.php

CWE-94
File Location: core/modules/node/tests/src/Functional/NodeCreationTest.php:55
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in NodeTypeInitialLanguageTest.php

CWE-94
File Location: core/modules/node/tests/src/Functional/NodeTypeInitialLanguageTest.php:76
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($language_display), 'Language field is visible on manage display tab.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L459

Dynamic Code Execution in ShortcutLinksTest.php

CWE-94
File Location: core/modules/shortcut/src/Tests/ShortcutLinksTest.php:459
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[$index]), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L305

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:305
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[$index]), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L332

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:332
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(empty($links), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L359

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:359
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[$index]), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L702

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:702
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($be_unique == ($second_occurrence === FALSE), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L460

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:460
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert((bool) $value, $message ? $message : SafeMarkup::format('Value @value is TRUE.', ['@value' => var_export($value, TRUE)]), $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L531

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:531
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($value), $message ? $message : SafeMarkup::format('Value @value is not NULL.', ['@value' => var_export($value, TRUE)]), $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L566

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:566
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($is_equal, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L601

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:601
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($not_equal, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L915

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:915
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(FALSE, 'No test methods found.', 'Requirements', ['function' => __METHOD__ . '()', 'file' => __FILE__, 'line' => __LINE__]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L169

Dynamic Code Execution in SimpleTestTest.php

CWE-94
File Location: core/modules/simpletest/src/Tests/SimpleTestTest.php:169
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L176

Dynamic Code Execution in SimpleTestTest.php

CWE-94
File Location: core/modules/simpletest/src/Tests/SimpleTestTest.php:176
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'Lorem Ipsum');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L132

Dynamic Code Execution in DialogTest.php

CWE-94
File Location: core/modules/system/src/Tests/Ajax/DialogTest.php:132
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(strpos($ajax_result[3]['selector'], $no_target_expected_response['selector']) === 0, 'Selector starts with right string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L140

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:140
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test1.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L150

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:150
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test2.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L241

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:241
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($backend->get('test2')), "Backend returned an object for cache id %cid.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L246

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:246
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($backend->get('test2')), "Backend still has an object for cache id test2.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L318

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:318
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test7']), "Existing cache id test7 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L93

Dynamic Code Execution in EntityTranslationFormTest.php

CWE-94
File Location: core/modules/system/src/Tests/Entity/EntityTranslationFormTest.php:93
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L184

Dynamic Code Execution in StorageTest.php

CWE-94
File Location: core/modules/system/src/Tests/Form/StorageTest.php:184
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($original['form']['#poisoned']), 'Original form structure was preserved');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L90

Dynamic Code Execution in DependencyTest.php

CWE-94
File Location: core/modules/system/src/Tests/Module/DependencyTest.php:90
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(count($checkbox) == 1, 'Checkbox for the module is disabled.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L373

Dynamic Code Execution in PluginBase.php

CWE-94
File Location: core/modules/views/src/Plugin/views/PluginBase.php:373
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('preg_match(\'/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/\', $top) === 1', 'Tokens need to be valid Twig variables.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L165

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:165
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test4.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L175

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:175
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test5.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L277

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:277
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($object), sprintf("Backend returned an object for cache id %s.", $cid));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:360
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test21', $cids), "Nonexistent cache id test21 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L208

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:208
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($expected_title === $actual_title, 'Title found');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L252

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:252
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($links), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L208

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:208
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L215

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:215
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($y < $this->seq[$k]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L224

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:224
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L367

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:367
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j < $other_len && ! $other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L430

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:430
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j < $other_len && ! $other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L448

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:448
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j > 0');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in Element.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/Element.php:53
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($typed_data_manager instanceof TypedConfigManagerInterface, '$typed_data_manager should be an instance of \Drupal\Core\Config\TypedConfigManagerInterface.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L128

Dynamic Code Execution in ContainerBuilder.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/ContainerBuilder.php:128
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in BundleEntityFormBase.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/BundleEntityFormBase.php:25
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset($form[$id_key])');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in AggregatorRenderingTest.php

CWE-94
File Location: core/modules/aggregator/src/Tests/AggregatorRenderingTest.php:60
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($links[0]), 'Item link found.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L65

Dynamic Code Execution in AggregatorRenderingTest.php

CWE-94
File Location: core/modules/aggregator/src/Tests/AggregatorRenderingTest.php:65
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($links[0]), format_string('Link to href %href found.', ['%href' => $href]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in UpdateFeedItemTest.php

CWE-94
File Location: core/modules/aggregator/src/Tests/UpdateFeedItemTest.php:42
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a feed');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in UpdateFeedTest.php

CWE-94
File Location: core/modules/aggregator/src/Tests/UpdateFeedTest.php:31
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a feed');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L423

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:423
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset($no_js_placeholders[$placeholder])');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in BigPipeResponseAttachmentsProcessor.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipeResponseAttachmentsProcessor.php:60
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$response instanceof \Drupal\Core\Render\HtmlResponse');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L183

Dynamic Code Execution in BigPipeStrategy.php

CWE-94
File Location: core/modules/big_pipe/src/Render/Placeholder/BigPipeStrategy.php:183
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('is_string($placeholder)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L680

Dynamic Code Execution in EntityDisplayTest.php

CWE-94
File Location: core/modules/field_ui/tests/src/Kernel/EntityDisplayTest.php:680
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($value, $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L126

Dynamic Code Execution in LocaleContentTest.php

CWE-94
File Location: core/modules/locale/tests/src/Functional/LocaleContentTest.php:126
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains the link to the edited node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L384

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:384
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(empty($links), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L409

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:409
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(empty($links), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L465

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:465
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(strpos($this->getRawContent(), (string) $raw) === FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L522

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:522
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(strpos($this->getRawContent(), Html::escape($raw)) === FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L698

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:698
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L777

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:777
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert((bool) preg_match($pattern, $this->getTextContent()), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L304

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:304
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- protected function assert($status, $message = '', $group = 'Other', array $caller = NULL) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L631

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:631
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($is_identical, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L787

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:787
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L816

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:816
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert('exception', $message, $group, $caller);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L347

Dynamic Code Execution in WebTestBase.php

CWE-94
File Location: core/modules/simpletest/src/WebTestBase.php:347
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $pass = $this->assert($this->drupalUserIsLoggedIn($account), format_string('User %name successfully logged in.', ['%name' => $account->getUsername()]), 'User login');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L94

Dynamic Code Execution in NodeStatisticsDatabaseStorage.php

CWE-94
File Location: core/modules/statistics/src/NodeStatisticsDatabaseStorage.php:94
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($order, ['totalcount', 'daycount', 'timestamp']), "Invalid order argument.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L152

Dynamic Code Execution in CommandsTest.php

CWE-94
File Location: core/modules/system/src/Tests/Ajax/CommandsTest.php:152
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert('Settings command exists when JS aggregation is disabled.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L155

Dynamic Code Execution in CommandsTest.php

CWE-94
File Location: core/modules/system/src/Tests/Ajax/CommandsTest.php:155
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert('Settings command exists when JS aggregation is enabled.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:168
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test4.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L317

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:317
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test6']), "Existing cache id test6 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L332

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:332
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test19', $cids), "Nonexistent cache id test19 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L351

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:351
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test19']), "Added cache id test19 is set");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L362

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:362
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test6', $cids), "Deleted cache id test6 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L178

Dynamic Code Execution in StorageTest.php

CWE-94
File Location: core/modules/system/src/Tests/Form/StorageTest.php:178
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($status, 'A watchdog message was logged by \Drupal::formBuilder()->setCache');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L43

Dynamic Code Execution in VocabularyPermissionsTest.php

CWE-94
File Location: core/modules/taxonomy/tests/src/Functional/VocabularyPermissionsTest.php:43
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a term');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L367

Dynamic Code Execution in PluginBase.php

CWE-94
File Location: core/modules/views/src/Plugin/views/PluginBase.php:367
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('preg_match(\'/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/\', $token) === 1', 'Tokens need to be valid Twig variables.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L130

Dynamic Code Execution in DefaultViewsTest.php

CWE-94
File Location: core/modules/views/src/Tests/DefaultViewsTest.php:130
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(TRUE, format_string('View @view will be executed.', ['@view' => $view->storage->id()]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L239

Dynamic Code Execution in HandlerTest.php

CWE-94
File Location: core/modules/views/src/Tests/Handler/HandlerTest.php:239
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($expected == $handler->value, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L22

Dynamic Code Execution in AssertLegacyTrait.php

CWE-94
File Location: core/tests/Drupal/KernelTests/AssertLegacyTrait.php:22
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- protected function assert($actual, $message = '') {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L147

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:147
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test2.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L329

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:329
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test19', $cids), "Nonexistent cache id test19 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L346

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:346
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test2']), "Existing cache id test2 is set");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L275

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:275
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($links[$index]), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L459

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:459
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($node === NULL, "A hidden field '$field' exists on this page, but it should not.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L100

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:100
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($xi < $n_from || $this->ychanged[$yi]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L452

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:452
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j >= 0 && !$other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L453

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:453
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset(parse_url($scheme_and_host)["scheme"])', '$scheme_and_host is absolute and hence has a scheme.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in AccessResult.php

CWE-94
File Location: core/lib/Drupal/Core/Access/AccessResult.php:42
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('is_string($reason) || is_null($reason)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L67

Dynamic Code Execution in AccessResult.php

CWE-94
File Location: core/lib/Drupal/Core/Access/AccessResult.php:67
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('is_string($reason) || is_null($reason)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.