Back to Codebase

Vulnerability Analysis Report

Drupal Core v10.5.11

Scan ID: SCAN-DRUPAL-CORE-QCQBOY • Hash: b5e3253e

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.124s

Vulnerability Details

L224

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:224
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($y < $this->seq[$k]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L412

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:412
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L416

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:416
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j >= 0 && !$other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L90

Dynamic Code Execution in FrontMatter.php

CWE-94
File Location: core/lib/Drupal/Component/FrontMatter/FrontMatter.php:90
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_subclass_of($serializer, SerializationInterface::class), sprintf('The $serializer parameter must reference a class that implements %s.', SerializationInterface::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L473

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:473
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset(parse_url($scheme_and_host)["host"]), '$base_url is absolute and hence has a host.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L65

Dynamic Code Execution in AccessResult.php

CWE-94
File Location: core/lib/Drupal/Core/Access/AccessResult.php:65
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($reason) || is_null($reason));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L112

Dynamic Code Execution in AjaxResponseAttachmentsProcessor.php

CWE-94
File Location: core/lib/Drupal/Core/Ajax/AjaxResponseAttachmentsProcessor.php:112
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($response instanceof AjaxResponse, '\Drupal\Core\Ajax\AjaxResponse instance expected.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L178

Dynamic Code Execution in ApcuBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/ApcuBackend.php:178
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L108

Dynamic Code Execution in CacheContextsManager.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Context/CacheContextsManager.php:108
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->assertValidTokens($context_tokens));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L265

Dynamic Code Execution in DatabaseBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/DatabaseBackend.php:265
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($item['tags']), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L51

Dynamic Code Execution in MemoryCache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/MemoryCache/MemoryCache.php:51
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in EntityClone.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/EntityClone.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($value['id']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L39

Dynamic Code Execution in PermissionsPerBundle.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Action/Plugin/ConfigAction/PermissionsPerBundle.php:39
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($plugin_definition));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L46

Dynamic Code Execution in ConfigExistsConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/ConfigExistsConstraintValidator.php:46
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof ConfigExistsConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L20

Dynamic Code Execution in LangcodeRequiredIfTranslatableValuesConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/LangcodeRequiredIfTranslatableValuesConstraintValidator.php:20
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($constraint instanceof LangcodeRequiredIfTranslatableValuesConstraint);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L33

Dynamic Code Execution in LangcodeRequiredIfTranslatableValuesConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Plugin/Validation/Constraint/LangcodeRequiredIfTranslatableValuesConstraintValidator.php:33
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array('langcode', $mapping->getValidKeys(), TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in Element.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/Element.php:53
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($typed_data_manager instanceof TypedConfigManagerInterface, '$typed_data_manager should be an instance of \Drupal\Core\Config\TypedConfigManagerInterface.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L186

Dynamic Code Execution in Mapping.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/Mapping.php:186
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($valid_keys_everywhere) <= 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L229

Dynamic Code Execution in TypedConfigManager.php

CWE-94
File Location: core/lib/Drupal/Core/Config/TypedConfigManager.php:229
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(($static_type_root !== NULL && $static_type_root !== $root) || ($static_type_root === NULL && $object->getParent() === NULL));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L449

Dynamic Code Execution in Connection.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Connection.php:449
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($prefix), 'The \'$prefix\' argument to ' . __METHOD__ . '() must be a string');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L331

Dynamic Code Execution in Database.php

CWE-94
File Location: core/lib/Drupal/Core/Database/Database.php:331
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($info['dependencies']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L80

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:80
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($entity_type_id));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L81

Dynamic Code Execution in Importer.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/Importer.php:81
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($path));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L20

Dynamic Code Execution in InvalidEntityException.php

CWE-94
File Location: core/lib/Drupal/Core/DefaultContent/InvalidEntityException.php:20
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($violation instanceof ConstraintViolationInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L88

Dynamic Code Execution in ContainerBuilder.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/ContainerBuilder.php:88
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L230

Dynamic Code Execution in RevisionDeleteForm.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/Form/RevisionDeleteForm.php:230
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L141

Dynamic Code Execution in StringFormatter.php

CWE-94
File Location: core/lib/Drupal/Core/Field/Plugin/Field/FieldFormatter/StringFormatter.php:141
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($url));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in InstallConfigurator.php

CWE-94
File Location: core/lib/Drupal/Core/Recipe/InstallConfigurator.php:47
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($extensions), 'Extension names must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L369

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:369
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($elements['#lazy_builder'][1]), 'The #lazy_builder argument for callback must have an array as a value.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in ValidKeysConstraint.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraint.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mapping instanceof Mapping);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L193

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:193
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_key_exists('mapping', $definition));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L223

Dynamic Code Execution in ValidKeysConstraintValidator.php

CWE-94
File Location: core/lib/Drupal/Core/Validation/Plugin/Validation/Constraint/ValidKeysConstraintValidator.php:223
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($config instanceof Mapping);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L398

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:398
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($no_js_placeholders[$placeholder]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in PlaceBlock.php

CWE-94
File Location: core/modules/block/src/Plugin/ConfigAction/PlaceBlock.php:55
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in PlaceBlock.php

CWE-94
File Location: core/modules/block/src/Plugin/ConfigAction/PlaceBlock.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($value['region']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L775

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:775
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($other->elements[$tag]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L804

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:804
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($this->elements[$tag][$attr]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1024

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1024
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($t) { return self::isWildcardTag($t); }, array_keys($wildcard_op_result->elements)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L151

Dynamic Code Execution in Heading.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5Plugin/Heading.php:151
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_key_exists('title', $heading_option));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L44

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:44
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($editor instanceof EditorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L64

Dynamic Code Execution in AddItemToToolbar.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/ConfigAction/AddItemToToolbar.php:64
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_bool($allow_duplicate));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L264

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:264
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($editor instanceof EditorEntity);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L272

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:272
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L274

Dynamic Code Execution in CKEditor5.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Editor/CKEditor5.php:274
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($editor->getSettings() === $this->getDefaultSettings());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L213

Dynamic Code Execution in FundamentalCompatibilityConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/FundamentalCompatibilityConstraintValidator.php:213
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in PrecedingConstraintAwareValidatorTrait.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/PrecedingConstraintAwareValidatorTrait.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->context instanceof ExecutionContext);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L201

Dynamic Code Execution in StyleSensibleElementConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/StyleSensibleElementConstraintValidator.php:201
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L32

Dynamic Code Execution in TextEditorObjectDependentValidatorTrait.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/TextEditorObjectDependentValidatorTrait.php:32
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($this->context->getRoot()->getDataDefinition()->getDataType(), ['editor.editor.*', 'entity:editor'], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L703

Dynamic Code Execution in SmartDefaultSettings.php

CWE-94
File Location: core/modules/ckeditor5/src/SmartDefaultSettings.php:703
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($already_supported_tags));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L162

Dynamic Code Execution in CKEditor5TestBase.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/FunctionalJavascript/CKEditor5TestBase.php:162
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert_session->assert((bool) preg_match($regex, $actual), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L682

Dynamic Code Execution in ValidatorsTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/ValidatorsTest.php:682
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in CommentTypeListBuilder.php

CWE-94
File Location: core/modules/comment/src/CommentTypeListBuilder.php:71
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof CommentTypeInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L32

Dynamic Code Execution in editor.post_update.php

CWE-94
File Location: core/modules/editor/editor.post_update.php:32
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($collection instanceof FilterPluginCollection);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L27

Dynamic Code Execution in ComputedFileUrl.php

CWE-94
File Location: core/modules/file/src/ComputedFileUrl.php:27
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->getParent()->getEntity() instanceof FileInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in UrlPlainFormatter.php

CWE-94
File Location: core/modules/file/src/Plugin/Field/FieldFormatter/UrlPlainFormatter.php:29
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file instanceof FileInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L224

Dynamic Code Execution in FilterFormat.php

CWE-94
File Location: core/modules/filter/src/Entity/FilterFormat.php:224
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($this->label()), 'Filter format label is expected to be a string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L123

Dynamic Code Execution in HelpTwigExtension.php

CWE-94
File Location: core/modules/help/src/HelpTwigExtension.php:123
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->pluginManager instanceof HelpTopicPluginManagerInterface, "The plugin manager hasn't been set up. Any configuration YAML file with a service directive dealing with the Twig configuration can cause this, most likely found in a recently installed or changed module.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L231

Dynamic Code Execution in ImageItemTest.php

CWE-94
File Location: core/modules/image/tests/src/Kernel/ImageItemTest.php:231
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($form_display instanceof EntityFormDisplay);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L831

Dynamic Code Execution in EntityResource.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/EntityResource.php:831
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($class === JsonApiDocumentTopLevel::class || $class === ResourceIdentifier::class && !empty($relationship_field_name) && is_string($relationship_field_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L150

Dynamic Code Execution in ResourceObjectNormalizationCacher.php

CWE-94
File Location: core/modules/jsonapi/src/EventSubscriber/ResourceObjectNormalizationCacher.php:150
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L54

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:54
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($context) || Inspector::assertAllObjects([$context], JsonApiDocumentTopLevel::class, ResourceObject::class, Relationship::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L173

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:173
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($a->getContext() === $b->getContext());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L421

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:421
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($host_entity instanceof EntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L423

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:423
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($resource_type instanceof ResourceType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L92

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:92
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($revision_id) || $resource_type->isVersionable());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in EntityReferenceFieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/EntityReferenceFieldNormalizer.php:38
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($context['resource_object'] instanceof ResourceObject);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L232

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:232
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_item instanceof FieldItemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in FieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldNormalizer.php:29
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($context['resource_object'] instanceof ResourceObject);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in FieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldNormalizer.php:40
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_definition instanceof FieldDefinitionInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L85

Dynamic Code Execution in LinkCollectionNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/LinkCollectionNormalizer.php:85
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof LinkCollection);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in ResourceTypeBuildEvent.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeBuildEvent.php:50
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($fields, ResourceTypeField::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L376

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:376
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($bundle) && !empty($bundle), 'A bundle ID is required. Bundleless entity types should pass the entity type ID again.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L85

Dynamic Code Execution in Routes.php

CWE-94
File Location: core/modules/jsonapi/src/Routing/Routes.php:85
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L117

Dynamic Code Execution in ExternalNormalizersTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ExternalNormalizersTest.php:117
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($expected_value_jsonapi_normalization, [static::VALUE_ORIGINAL, static::VALUE_OVERRIDDEN], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in ResourceResponseTestTrait.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceResponseTestTrait.php:47
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($responses) > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L330

Dynamic Code Execution in ResourceResponseTestTrait.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceResponseTestTrait.php:330
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type === 'relationship' || $type === 'related');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2089

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:2089
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($created_entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L69

Dynamic Code Execution in FieldItemNormalizerTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Kernel/Normalizer/FieldItemNormalizerTest.php:69
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($result instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L126

Dynamic Code Execution in FieldItemNormalizerTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Kernel/Normalizer/FieldItemNormalizerTest.php:126
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($result instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L125

Dynamic Code Execution in LinkCollectionNormalizerTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Kernel/Normalizer/LinkCollectionNormalizerTest.php:125
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($edit_form_url));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L203

Dynamic Code Execution in OEmbedIframeController.php

CWE-94
File Location: core/modules/media/src/Controller/OEmbedIframeController.php:203
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($bubbleable_metadata instanceof BubbleableMetadata);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L148

Dynamic Code Execution in WidgetAccessTest.php

CWE-94
File Location: core/modules/media_library/tests/src/FunctionalJavascript/WidgetAccessTest.php:148
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fieldConfig instanceof FieldConfig);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in MigrateEntityContentValidationTest.php

CWE-94
File Location: core/modules/migrate/tests/src/Kernel/MigrateEntityContentValidationTest.php:168
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($filter_test_format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in Upgrade6TestWithContentModeration.php

CWE-94
File Location: core/modules/migrate_drupal_ui/tests/src/Functional/d6/Upgrade6TestWithContentModeration.php:42
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($editorial instanceof WorkflowInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L131

Dynamic Code Execution in NodeAccessControlHandler.php

CWE-94
File Location: core/modules/node/src/NodeAccessControlHandler.php:131
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof NodeInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L254

Dynamic Code Execution in Schema.php

CWE-94
File Location: core/modules/pgsql/src/Driver/Database/pgsql/Schema.php:254
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($constraint_type, ['c', 'f', 'p', 'u', 't', 'x']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L132

Dynamic Code Execution in RequestHandler.php

CWE-94
File Location: core/modules/rest/src/RequestHandler.php:132
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($route_match->getRouteObject()->getMethods()) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L121

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/rest/tests/src/Functional/ResourceTestBase.php:121
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert([] === $user_role->getPermissions(), 'The authenticated user role has no permissions at all.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L136

Dynamic Code Execution in ConfigDependenciesTest.php

CWE-94
File Location: core/modules/rest/tests/src/Kernel/Entity/ConfigDependenciesTest.php:136
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($module));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L252

Dynamic Code Execution in SearchRankingTest.php

CWE-94
File Location: core/modules/search/tests/src/Functional/SearchRankingTest.php:252
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($search_index instanceof SearchIndexInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L111

Dynamic Code Execution in SearchTokenizerTest.php

CWE-94
File Location: core/modules/search/tests/src/Kernel/SearchTokenizerTest.php:111
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_processor instanceof SearchTextProcessorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L135

Dynamic Code Execution in SearchTokenizerTest.php

CWE-94
File Location: core/modules/search/tests/src/Kernel/SearchTokenizerTest.php:135
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_processor instanceof SearchTextProcessorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in DateTimeIso8601Normalizer.php

CWE-94
File Location: core/modules/serialization/src/Normalizer/DateTimeIso8601Normalizer.php:36
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($datetime instanceof DateTimeIso8601);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L155

Dynamic Code Execution in LinksetController.php

CWE-94
File Location: core/modules/system/src/Controller/LinksetController.php:155
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($element_access instanceof AccessResultInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L264

Dynamic Code Execution in system.post_update.php

CWE-94
File Location: core/modules/system/system.post_update.php:264
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($typed_config instanceof Mapping, "Failed on config name '$name'");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in ThemeInstallController.php

CWE-94
File Location: core/modules/system/tests/modules/nightwatch_theme_install_utility/src/Controller/ThemeInstallController.php:82
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($default_or_admin, ['default', 'admin']), 'The $default_or_admin parameter must be `default` or `admin`');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L241

Dynamic Code Execution in LinksetControllerTest.php

CWE-94
File Location: core/modules/system/tests/src/Functional/Menu/LinksetControllerTest.php:241
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($our_name_page instanceof NodeInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in TipPluginBase.php

CWE-94
File Location: core/modules/tour/src/TipPluginBase.php:76
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array(trim($location ?? ''), [
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L384

Dynamic Code Execution in PluginBase.php

CWE-94
File Location: core/modules/views/src/Plugin/views/PluginBase.php:384
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $token) === 1, 'Tokens need to be valid Twig variables.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in WorkspaceRepository.php

CWE-94
File Location: core/modules/workspaces/src/WorkspaceRepository.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertStringable($a->label()) && Inspector::assertStringable($b->label()), 'Workspace labels are expected to be a string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.