Back to Codebase

Vulnerability Analysis Report

Drupal Core v11.2.14

Scan ID: SCAN-DRUPAL-CORE-OafeLT • Hash: 4d61996c

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.004s

Vulnerability Details

L142

Dynamic Code Execution in RootComposer.php

CWE-94
File Location: composer/Plugin/RecipeUnpack/RootComposer.php:142
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(self::checkRootPackage($composer_content, $this->composer->getPackage()), 'Composer root package and composer.json match');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L65

Dynamic Code Execution in AccessResult.php

CWE-94
File Location: core/lib/Drupal/Core/Access/AccessResult.php:65
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($reason) || is_null($reason));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:53
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($cache_tags), 'Cache tags must be valid strings');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L30

Dynamic Code Execution in CacheTagsInvalidator.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheTagsInvalidator.php:30
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L89

Dynamic Code Execution in VariationCache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/VariationCache.php:89
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($last_item->data instanceof CacheRedirect);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L90

Dynamic Code Execution in CreateForEachBundle.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/CreateForEachBundle.php:90
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_object($bundle));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L118

Dynamic Code Execution in CreateForEachBundle.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/CreateForEachBundle.php:118
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_key_exists(static::BUNDLE_PLACEHOLDER, $replacements));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L39

Dynamic Code Execution in PermissionsPerBundle.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/PermissionsPerBundle.php:39
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($plugin_definition));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L58

Dynamic Code Execution in PermissionsPerBundle.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/PermissionsPerBundle.php:58
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($value) || is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L46

Dynamic Code Execution in SetProperties.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/SetProperties.php:46
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof ConfigEntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in SetProperties.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/SetProperties.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!array_is_list($values));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L46

Dynamic Code Execution in ConfigExistsConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/ConfigExistsConstraintValidator.php:46
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof ConfigExistsConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in Element.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/Element.php:53
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($typed_data_manager instanceof TypedConfigManagerInterface, '$typed_data_manager should be an instance of \Drupal\Core\Config\TypedConfigManagerInterface.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L162

Dynamic Code Execution in Mapping.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/Mapping.php:162
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($possible_types));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L434

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:434
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!isset($options['return']), 'Passing "return" option to prepareStatement() has no effect. See https://www.drupal.org/node/3185520');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L653

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:653
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($query), 'The \'$query\' argument to ' . __METHOD__ . '() must be a string');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L186

Dynamic Code Execution in StatementBase.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Statement/StatementBase.php:186
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mode instanceof FetchAs);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L299

Dynamic Code Execution in StatementBase.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Statement/StatementBase.php:299
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mode === NULL || $mode instanceof FetchAs);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L94

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:94
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($entity_type_id));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L95

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:95
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($path));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in BackwardsCompatibilityClassLoaderPass.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/Compiler/BackwardsCompatibilityClassLoaderPass.php:25
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(is_array($module_moved));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L26

Dynamic Code Execution in BackwardsCompatibilityClassLoaderPass.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/Compiler/BackwardsCompatibilityClassLoaderPass.php:26
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(count($module_moved) === count(array_column($module_moved, 'class')), 'Missing class key for moved classes in ' . $module);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L16

Dynamic Code Execution in Container.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/Container.php:16
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L79

Dynamic Code Execution in ContainerBuilder.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/ContainerBuilder.php:79
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in BundleEntityFormBase.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/BundleEntityFormBase.php:25
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($form[$id_key]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L547

Dynamic Code Execution in ModuleHandler.php

CWE-94
File Location: core/lib/Drupal/Core/Extension/ModuleHandler.php:547
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!array_diff($identifiers, array_keys($modules_by_identifier)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L288

Dynamic Code Execution in HookCollectorPass.php

CWE-94
File Location: core/lib/Drupal/Core/Hook/HookCollectorPass.php:288
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_is_list($identifiers));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L28

Dynamic Code Execution in MenuLinkDepthConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Menu/Plugin/Validation/Constraint/MenuLinkDepthConstraintValidator.php:28
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof MenuLinkDepthConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L119

Dynamic Code Execution in ContextDefinition.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/Context/ContextDefinition.php:119
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!str_starts_with($data_type, 'entity:') || $this instanceof EntityContextDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L21

Dynamic Code Execution in PluginExistsConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/Plugin/Validation/Constraint/PluginExistsConstraintValidator.php:21
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof PluginExistsConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L43

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:43
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($this->placeholderStrategies), 'At least one placeholder strategy must be present; by default the fallback strategy \Drupal\Core\Render\Placeholder\SingleFlushStrategy is always present.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L417

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:417
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($new_elements), "#lazy_builder callbacks must return a valid renderable array, got " . gettype($new_elements) . " from " . Variable::callableToString($elements['#lazy_builder'][0]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L215

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:215
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->urlGenerator instanceof UrlGeneratorInterface, "The URL generator hasn't been set up. Any configuration YAML file with a service directive dealing with the Twig configuration can cause this, most likely found in a recently installed or changed module.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L238

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:238
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->urlGenerator instanceof UrlGeneratorInterface, "The URL generator hasn't been set up. Any configuration YAML file with a service directive dealing with the Twig configuration can cause this, most likely found in a recently installed or changed module.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L41

Dynamic Code Execution in EntityBundleExistsConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/EntityBundleExistsConstraintValidator.php:41
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof EntityBundleExistsConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L226

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:226
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(str_starts_with($mapping->getPropertyPath(), $config->getName() . '.'));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L233

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:233
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($result === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L666

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:666
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($embedded_response instanceof HtmlResponse || $embedded_response instanceof AjaxResponse);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in BlockDragTest.php

CWE-94
File Location: core/modules/block/tests/src/FunctionalJavascript/BlockDragTest.php:82
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertSession()->assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L58

Dynamic Code Execution in BlockContentAccessControlHandler.php

CWE-94
File Location: core/modules/block_content/src/BlockContentAccessControlHandler.php:58
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof BlockContentInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L656

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:656
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L808

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:808
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($tag === '*');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L813

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:813
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($other->elements[$tag][$attr]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1050

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1050
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($attribute_name !== '*');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1310

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1310
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($value === TRUE || Inspector::assertAllStrings($value) || ($tag === '*' && $value === FALSE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in GlobalAttribute.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5Plugin/GlobalAttribute.php:29
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($editor->getFilterFormat()->filters()->has('filter_html'));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L151

Dynamic Code Execution in Heading.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5Plugin/Heading.php:151
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_key_exists('title', $heading_option));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L477

Dynamic Code Execution in CKEditor5PluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginManager.php:477
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin->getPluginDefinition()->hasConditions());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L62

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:62
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($item_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L211

Dynamic Code Execution in FundamentalCompatibilityConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/FundamentalCompatibilityConstraintValidator.php:211
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($matching_plugins) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L117

Dynamic Code Execution in SourceEditingPreventSelfXssConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingPreventSelfXssConstraintValidator.php:117
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(self::isWildcardAttributeName($wildcard_attribute_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L92

Dynamic Code Execution in SourceEditingRedundantTagsConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingRedundantTagsConstraintValidator.php:92
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($overlap->getAllowedElements(FALSE)) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in SourceEditingRedundantTagsConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingRedundantTagsConstraintValidator.php:168
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($all_elements[$tag_name]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L83

Dynamic Code Execution in StyleSensibleElementConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/StyleSensibleElementConstraintValidator.php:83
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($style_element->getAllowedElements()) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L23

Dynamic Code Execution in Ckeditor5DrupalElementStyleTestHooks.php

CWE-94
File Location: core/modules/ckeditor5/tests/modules/ckeditor5_drupalelementstyle_test/src/Hook/Ckeditor5DrupalElementStyleTestHooks.php:23
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin_definitions['media_mediaAlign'] instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L115

Dynamic Code Execution in AdminUiTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/FunctionalJavascript/AdminUiTest.php:115
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(str_contains($e->getMessage(), 'Unnecessary'));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L162

Dynamic Code Execution in CKEditor5TestBase.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/FunctionalJavascript/CKEditor5TestBase.php:162
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert_session->assert((bool) preg_match($regex, $actual), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1667

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:1667
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2022

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:2022
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_id === 'ckeditor5_derived_plugin_foo');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in ConfigExportUITest.php

CWE-94
File Location: core/modules/config/tests/src/Functional/ConfigExportUITest.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_system instanceof FileSystemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in AddToAllBundles.php

CWE-94
File Location: core/modules/field/src/Plugin/ConfigAction/AddToAllBundles.php:53
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L56

Dynamic Code Execution in AddToAllBundles.php

CWE-94
File Location: core/modules/field/src/Plugin/ConfigAction/AddToAllBundles.php:56
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_storage instanceof FieldStorageConfigInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L93

Dynamic Code Execution in FieldUiJSTestTrait.php

CWE-94
File Location: core/modules/field_ui/tests/src/Traits/FieldUiJSTestTrait.php:93
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert_session->assert($assert_session->waitForText("Saved $label configuration."), 'text not found');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L137

Dynamic Code Execution in FieldUiJSTestTrait.php

CWE-94
File Location: core/modules/field_ui/tests/src/Traits/FieldUiJSTestTrait.php:137
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertSession()->assert($this->assertSession()->waitForText("Saved $label configuration."), 'text not found');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in UrlPlainFormatter.php

CWE-94
File Location: core/modules/file/src/Plugin/Field/FieldFormatter/UrlPlainFormatter.php:29
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file instanceof FileInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L123

Dynamic Code Execution in FileRepositoryTest.php

CWE-94
File Location: core/modules/file/tests/src/Kernel/FileRepositoryTest.php:123
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($stream_wrapper_manager instanceof StreamWrapperManagerInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L231

Dynamic Code Execution in ImageItemTest.php

CWE-94
File Location: core/modules/image/tests/src/Kernel/ImageItemTest.php:231
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($form_display instanceof EntityFormDisplay);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L163

Dynamic Code Execution in EntityAccessChecker.php

CWE-94
File Location: core/modules/jsonapi/src/Access/EntityAccessChecker.php:163
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($operation === 'view', 'JSON:API does not yet support mutable operations on revisions.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L65

Dynamic Code Execution in RelationshipRouteAccessCheck.php

CWE-94
File Location: core/modules/jsonapi/src/Access/RelationshipRouteAccessCheck.php:65
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($field_operation, ['view', 'edit'], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L89

Dynamic Code Execution in TemporaryQueryGuard.php

CWE-94
File Location: core/modules/jsonapi/src/Access/TemporaryQueryGuard.php:89
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::$fieldManager !== NULL);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L751

Dynamic Code Execution in FieldResolver.php

CWE-94
File Location: core/modules/jsonapi/src/Context/FieldResolver.php:751
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($definitions[$internal_field_name]), 'The field name should have already been validated.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1107

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:1107
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects([$includes], IncludedData::class, NullIncludedData::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L109

Dynamic Code Execution in ResourceResponseValidator.php

CWE-94
File Location: core/modules/jsonapi/src/EventSubscriber/ResourceResponseValidator.php:109
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->validateResponse($response, $event->getRequest()), 'A JSON:API response failed validation (see the logs for details). Report this in the Drupal issue queue at https://www.drupal.org/project/issues/drupal');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in JsonApiDocumentTopLevel.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/JsonApiDocumentTopLevel.php:70
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($data instanceof TopLevelDataInterface || $data instanceof ErrorCollection);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L48

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:48
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($key) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L85

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:85
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::validKey($key));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L132

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:132
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!is_null($this->context), 'A LinkCollection is invalid unless a context has been established.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:82
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!isset($meta[static::ARITY_KEY]) || is_int($meta[static::ARITY_KEY]) && $meta[static::ARITY_KEY] >= 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L426

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:426
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($relatable_resource_types));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L242

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:242
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof ContentEntityInterface || $entity instanceof ConfigEntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in EntityReferenceFieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/EntityReferenceFieldNormalizer.php:38
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($context['resource_object'] instanceof ResourceObject);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in EntityReferenceFieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/EntityReferenceFieldNormalizer.php:40
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($resource_relationship instanceof ResourceTypeRelationship);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L234

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:234
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field instanceof FieldItemListInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L248

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:248
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof FieldItemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L265

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:265
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->serializer instanceof JsonSchemaProviderSerializerInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L45

Dynamic Code Execution in FieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldNormalizer.php:45
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_definition instanceof FieldDefinitionInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L416

Dynamic Code Execution in JsonApiDocumentTopLevelNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/JsonApiDocumentTopLevelNormalizer.php:416
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($data->count() === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in CacheableNormalization.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/Value/CacheableNormalization.php:40
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert((is_array($normalization) && static::hasNoNestedInstances($normalization)) || is_string($normalization) || is_int($normalization) || is_float($normalization) || is_bool($normalization) || is_null($normalization));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in ResourceTypeBuildEvent.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeBuildEvent.php:50
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($fields, ResourceTypeField::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L227

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:227
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($field_names));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L359

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:359
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($bundle) && !empty($bundle), 'A bundle ID is required. Bundleless entity types should pass the entity type ID again.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L108

Dynamic Code Execution in ResourceVersionRouteEnhancer.php

CWE-94
File Location: core/modules/jsonapi/src/Revisions/ResourceVersionRouteEnhancer.php:108
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($defaults['entity'] instanceof EntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L156

Dynamic Code Execution in EntityReferenceUuidItem.php

CWE-94
File Location: core/modules/jsonapi/tests/modules/jsonapi_test_field_type/src/Plugin/Field/FieldType/EntityReferenceUuidItem.php:156
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof EntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L118

Dynamic Code Execution in ExternalNormalizersTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ExternalNormalizersTest.php:118
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($expected_value_jsonapi_denormalization, [static::VALUE_ORIGINAL, static::VALUE_OVERRIDDEN], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L636

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:636
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($method === 'GET', 'Only read operations on revisions are supported.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L846

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:846
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($via_link) || $via_link instanceof Url);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1730

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:1730
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2468

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:2468
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2676

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:2676
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->getExpectedCacheTags($field_set) === $this->getExpectedCacheTags());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3575

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:3575
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert([] === $user_role->getPermissions(), 'The anonymous user role has no permissions at all.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.