Back to Codebase

Vulnerability Analysis Report

Drupal Core v10.6.11

Scan ID: SCAN-DRUPAL-CORE-IAQEHx • Hash: 1876af03

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.405s

Vulnerability Details

L217

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:217
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L224

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:224
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($y < $this->seq[$k]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L273

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:273
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($ypos != $this->seq[$end]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L376

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:376
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j < $other_len && ! $other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L416

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:416
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j >= 0 && !$other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L439

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:439
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j < $other_len && ! $other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L90

Dynamic Code Execution in FrontMatter.php

CWE-94
File Location: core/lib/Drupal/Component/FrontMatter/FrontMatter.php:90
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_subclass_of($serializer, SerializationInterface::class), sprintf('The $serializer parameter must reference a class that implements %s.', SerializationInterface::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L115

Dynamic Code Execution in CacheCollector.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheCollector.php:115
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L119

Dynamic Code Execution in MemoryBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/MemoryBackend.php:119
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L101

Dynamic Code Execution in ConfigActionManager.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/ConfigActionManager.php:101
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($namespaces instanceof \ArrayAccess, '$namespaces can be accessed like an array');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L52

Dynamic Code Execution in EntityClone.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/EntityClone.php:52
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_bool($value['fail_if_exists']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L445

Dynamic Code Execution in CheckpointStorage.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Checkpoint/CheckpointStorage.php:445
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($collections));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L46

Dynamic Code Execution in ConfigExistsConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/ConfigExistsConstraintValidator.php:46
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof ConfigExistsConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L20

Dynamic Code Execution in LangcodeRequiredIfTranslatableValuesConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/LangcodeRequiredIfTranslatableValuesConstraintValidator.php:20
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof LangcodeRequiredIfTranslatableValuesConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L23

Dynamic Code Execution in LangcodeRequiredIfTranslatableValuesConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/LangcodeRequiredIfTranslatableValuesConstraintValidator.php:23
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mapping instanceof Mapping);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L144

Dynamic Code Execution in SchemaCheckTrait.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/SchemaCheckTrait.php:144
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($config_entity_type instanceof ConfigEntityType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L356

Dynamic Code Execution in TypedConfigManager.php

CWE-94
File Location: core/lib/Drupal/Core/Config/TypedConfigManager.php:356
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fallback === NULL || str_ends_with($fallback, '.*'));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L79

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:79
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($uuid));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in BundleEntityFormBase.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/BundleEntityFormBase.php:25
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($form[$id_key]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L261

Dynamic Code Execution in EntityStorageBase.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/EntityStorageBase.php:261
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!is_null($id), sprintf('Cannot load the "%s" entity with NULL ID.', $this->entityTypeId));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L195

Dynamic Code Execution in FieldTypePluginManager.php

CWE-94
File Location: core/lib/Drupal/Core/Field/FieldTypePluginManager.php:195
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, "\"$group\" must be defined in MODULE_NAME.field_type_categories.yml");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L141

Dynamic Code Execution in StringFormatter.php

CWE-94
File Location: core/lib/Drupal/Core/Field/Plugin/Field/FieldFormatter/StringFormatter.php:141
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($url));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L61

Dynamic Code Execution in LazyContextRepository.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/Context/LazyContextRepository.php:61
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($id[0] === '@' && str_contains($id, ':'), 'You must provide the context IDs in the @{service_id}:{unqualified_context_id} format.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L190

Dynamic Code Execution in DefaultPluginManager.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/DefaultPluginManager.php:190
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($cache_tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in InstallConfigurator.php

CWE-94
File Location: core/lib/Drupal/Core/Recipe/InstallConfigurator.php:47
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($extensions), 'Extension names must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L386

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:386
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(empty(array_diff(array_keys($elements), $supported_keys)), sprintf('When a #lazy_builder callback is specified, no properties can exist; all properties must be generated by the #lazy_builder callback. You specified the following properties: %s.', implode(', ', array_diff(array_keys($elements), $supported_keys))));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L257

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:257
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($url) || $url instanceof Url, '$url must be a string or object of type \Drupal\Core\Url');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L258

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:258
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($attributes) || $attributes instanceof Attribute, '$attributes, if set, must be an array or object of type \Drupal\Core\Template\Attribute');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L244

Dynamic Code Execution in ComponentPluginManager.php

CWE-94
File Location: core/lib/Drupal/Core/Theme/ComponentPluginManager.php:244
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L274

Dynamic Code Execution in DataDefinition.php

CWE-94
File Location: core/lib/Drupal/Core/TypedData/DataDefinition.php:274
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_key_exists('NotNull', $constraints));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in ValidKeysConstraint.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraint.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mapping instanceof Mapping);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L24

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:24
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof ValidKeysConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L232

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:232
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($result === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L243

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:243
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!in_array('%type', $instructions, TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L398

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:398
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($no_js_placeholders[$placeholder]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L633

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:633
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($embedded_response instanceof HtmlResponse || $embedded_response instanceof AjaxResponse);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L187

Dynamic Code Execution in BigPipeStrategy.php

CWE-94
File Location: core/modules/big_pipe/src/Render/Placeholder/BigPipeStrategy.php:187
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($placeholder));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L75

Dynamic Code Execution in BlockDragTest.php

CWE-94
File Location: core/modules/block/tests/src/FunctionalJavascript/BlockDragTest.php:75
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertSession()->assert($noBlockMessage === 'No blocks in this region', 'Region primary menu should be empty.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L58

Dynamic Code Execution in BlockContentAccessControlHandler.php

CWE-94
File Location: core/modules/block_content/src/BlockContentAccessControlHandler.php:58
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof BlockContentInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L264

Dynamic Code Execution in ckeditor5.api.php

CWE-94
File Location: core/modules/ckeditor5/ckeditor5.api.php:264
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin_definitions['ckeditor5_imageUpload'] instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L648

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:648
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1025

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1025
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($t) { return !self::isWildcardTag($t); }, array_keys($concrete_op_result->elements)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1219

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1219
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($tag === '*');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1280

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1280
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($attributes === FALSE || is_array($attributes));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in Heading.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5Plugin/Heading.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($cke5_plugin_manager instanceof CKEditor5PluginManagerInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L477

Dynamic Code Execution in CKEditor5PluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginManager.php:477
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin->getPluginDefinition()->hasConditions());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L492

Dynamic Code Execution in CKEditor5PluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginManager.php:492
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($filters instanceof FilterPluginCollection);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L44

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:44
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($editor instanceof EditorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:53
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L56

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:56
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($item_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L274

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:274
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($editor->getSettings() === $this->getDefaultSettings());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L425

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:425
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($definition->isConfigurable());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L876

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:876
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($shifted === 'settings');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L886

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:886
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(NestedArray::keyExists($subform, $parts));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L263

Dynamic Code Execution in FundamentalCompatibilityConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/FundamentalCompatibilityConstraintValidator.php:263
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($filter_type, [
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L28

Dynamic Code Execution in PrecedingConstraintAwareValidatorTrait.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/PrecedingConstraintAwareValidatorTrait.php:28
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->context instanceof ExecutionContext);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in SourceEditingPreventSelfXssConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingPreventSelfXssConstraintValidator.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($allowed_elements) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L117

Dynamic Code Execution in SourceEditingPreventSelfXssConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingPreventSelfXssConstraintValidator.php:117
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(self::isWildcardAttributeName($wildcard_attribute_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L83

Dynamic Code Execution in StyleSensibleElementConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/StyleSensibleElementConstraintValidator.php:83
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($style_element->getAllowedElements()) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L201

Dynamic Code Execution in StyleSensibleElementConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/StyleSensibleElementConstraintValidator.php:201
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L32

Dynamic Code Execution in TextEditorObjectDependentValidatorTrait.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/TextEditorObjectDependentValidatorTrait.php:32
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($this->context->getRoot()->getDataDefinition()->getDataType(), ['editor.editor.*', 'entity:editor'], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L703

Dynamic Code Execution in SmartDefaultSettings.php

CWE-94
File Location: core/modules/ckeditor5/src/SmartDefaultSettings.php:703
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($already_supported_tags));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L115

Dynamic Code Execution in AdminUiTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/FunctionalJavascript/AdminUiTest.php:115
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(str_contains($e->getMessage(), 'Unnecessary'));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L162

Dynamic Code Execution in CKEditor5TestBase.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/FunctionalJavascript/CKEditor5TestBase.php:162
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert_session->assert((bool) preg_match($regex, $actual), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1919

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:1919
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L682

Dynamic Code Execution in ValidatorsTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/ValidatorsTest.php:682
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in ContactFormValidationTest.php

CWE-94
File Location: core/modules/contact/tests/src/Kernel/ContactFormValidationTest.php:40
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->entity instanceof ContactFormInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L56

Dynamic Code Execution in AddModeration.php

CWE-94
File Location: core/modules/content_moderation/src/Plugin/ConfigAction/AddModeration.php:56
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($value === '*' || is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L266

Dynamic Code Execution in FieldUiTestTrait.php

CWE-94
File Location: core/modules/field_ui/tests/src/Traits/FieldUiTestTrait.php:266
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertSession()->assert($element === NULL, sprintf('A field "%s" appears on this page, but it should not.', $label));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L27

Dynamic Code Execution in ComputedFileUrl.php

CWE-94
File Location: core/modules/file/src/ComputedFileUrl.php:27
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->getParent()->getEntity() instanceof FileInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L26

Dynamic Code Execution in FileUploadLocationTrait.php

CWE-94
File Location: core/modules/file/src/Upload/FileUploadLocationTrait.php:26
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_a($fieldDefinition->getClass(), FileFieldItemList::class, TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in FilterImageLazyLoad.php

CWE-94
File Location: core/modules/filter/src/Plugin/Filter/FilterImageLazyLoad.php:55
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($element instanceof \DOMElement);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L73

Dynamic Code Execution in HelpTwigExtension.php

CWE-94
File Location: core/modules/help/src/HelpTwigExtension.php:73
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->accessManager instanceof AccessManagerInterface, "The access manager hasn't been set up. Any configuration YAML file with a service directive dealing with the Twig configuration can cause this, most likely found in a recently installed or changed module.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L90

Dynamic Code Execution in TemporaryQueryGuard.php

CWE-94
File Location: core/modules/jsonapi/src/Access/TemporaryQueryGuard.php:90
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::$moduleHandler !== NULL);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L172

Dynamic Code Execution in TemporaryQueryGuard.php

CWE-94
File Location: core/modules/jsonapi/src/Access/TemporaryQueryGuard.php:172
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_numeric($property_name), 'The specifier is not a property name, it must be a delta.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L859

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:859
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($class === JsonApiDocumentTopLevel::class || $class === ResourceIdentifier::class && !empty($relationship_field_name) && is_string($relationship_field_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1156

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:1156
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($data instanceof ResourceObject || $data instanceof ResourceObjectData);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1225

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:1225
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($storage instanceof RevisionableStorageInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L119

Dynamic Code Execution in ResourceObjectNormalizationCacher.php

CWE-94
File Location: core/modules/jsonapi/src/EventSubscriber/ResourceObjectNormalizationCacher.php:119
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($normalizer_values));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L124

Dynamic Code Execution in ResourceResponseSubscriber.php

CWE-94
File Location: core/modules/jsonapi/src/EventSubscriber/ResourceResponseSubscriber.php:124
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($jsonapi_doc_object instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L62

Dynamic Code Execution in EntityAccessDeniedHttpException.php

CWE-94
File Location: core/modules/jsonapi/src/Exception/EntityAccessDeniedHttpException.php:62
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($entity) || $entity instanceof EntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in ErrorCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ErrorCollection.php:38
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($error) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L28

Dynamic Code Execution in IncludedData.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/IncludedData.php:28
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, ResourceObject::class, EntityAccessDeniedHttpException::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in JsonApiDocumentTopLevel.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/JsonApiDocumentTopLevel.php:70
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($data instanceof TopLevelDataInterface || $data instanceof ErrorCollection);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in JsonApiDocumentTopLevel.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/JsonApiDocumentTopLevel.php:71
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!$data instanceof ErrorCollection || $includes instanceof NullIncludedData);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:82
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!isset($meta[static::ARITY_KEY]) || is_int($meta[static::ARITY_KEY]) && $meta[static::ARITY_KEY] >= 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L288

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:288
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($target instanceof EntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L419

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:419
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field instanceof EntityReferenceFieldItemListInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L425

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:425
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($relatable_resource_types));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L241

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:241
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof ContentEntityInterface || $entity instanceof ConfigEntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L19

Dynamic Code Execution in DataNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/DataNormalizer.php:19
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof Data);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L232

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:232
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_item instanceof FieldItemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in FieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldNormalizer.php:29
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($context['resource_object'] instanceof ResourceObject);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in FieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldNormalizer.php:42
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($resource_type instanceof ResourceType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L171

Dynamic Code Execution in JsonApiDocumentTopLevelNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/JsonApiDocumentTopLevelNormalizer.php:171
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof JsonApiDocumentTopLevel);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in ResourceObjectNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/ResourceObjectNormalizer.php:53
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof ResourceObject);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L183

Dynamic Code Execution in ResourceObjectNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/ResourceObjectNormalizer.php:183
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($normalized_field instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L228

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:228
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($field_names));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L376

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:376
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($bundle) && !empty($bundle), 'A bundle ID is required. Bundleless entity types should pass the entity type ID again.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L108

Dynamic Code Execution in ResourceVersionRouteEnhancer.php

CWE-94
File Location: core/modules/jsonapi/src/Revisions/ResourceVersionRouteEnhancer.php:108
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($defaults['entity'] instanceof EntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.