Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.3.0-rc1

Scan ID: SCAN-DRUPAL-CORE-TzatX8 • Hash: c1d51344

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.006s

Vulnerability Details

L208

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:208
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L263

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:263
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($ypos != $this->seq[$end]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L403

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:403
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j > 0');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L407

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:407
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j >= 0 && !$other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in MappedDiff.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/MappedDiff.php:36
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(sizeof($to_lines) == sizeof($mapped_to_lines));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L32

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:32
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal::service(\'cache_contexts_manager\')->assertValidTokens($cache_contexts)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L114

Dynamic Code Execution in CacheCollector.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheCollector.php:114
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($tags)', 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in BundleEntityFormBase.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/BundleEntityFormBase.php:25
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset($form[$id_key])');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L65

Dynamic Code Execution in AggregatorRenderingTest.php

CWE-94
File Location: core/modules/aggregator/src/Tests/AggregatorRenderingTest.php:65
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($links[0]), format_string('Link to href %href found.', array('%href' => $href)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L654

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:654
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$request_type === \Symfony\Component\HttpKernel\HttpKernelInterface::MASTER_REQUEST || $request_type === \Symfony\Component\HttpKernel\HttpKernelInterface::SUB_REQUEST');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L136

Dynamic Code Execution in ContactSitewideTest.php

CWE-94
File Location: core/modules/contact/src/Tests/ContactSitewideTest.php:136
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a contact form.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in NodeCreationTest.php

CWE-94
File Location: core/modules/node/tests/src/Functional/NodeCreationTest.php:55
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in NodeTypeInitialLanguageTest.php

CWE-94
File Location: core/modules/node/tests/src/Functional/NodeTypeInitialLanguageTest.php:42
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($language_field), 'Language field is not visible on manage fields tab.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in NodeTypeInitialLanguageTest.php

CWE-94
File Location: core/modules/node/tests/src/Functional/NodeTypeInitialLanguageTest.php:71
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($language_field), 'Language field is visible on manage form display tab.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L437

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:437
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(strpos($this->getRawContent(), (string) $raw) !== FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L493

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:493
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(strpos($this->getRawContent(), Html::escape($raw)) !== FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L601

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:601
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($not_equal, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L631

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:631
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($is_identical, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L661

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:661
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($not_identical, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L813

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:813
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert('debug', $message, 'Debug', $caller);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L150

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:150
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test2.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L241

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:241
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($backend->get('test2')), "Backend returned an object for cache id %cid.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L361

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:361
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test3', $cids), "Deleted cache id test3 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L362

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:362
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test6', $cids), "Deleted cache id test6 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L185

Dynamic Code Execution in StorageTest.php

CWE-94
File Location: core/modules/system/src/Tests/Form/StorageTest.php:185
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($original['form_state']['poisoned']), 'Original form state was preserved');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L373

Dynamic Code Execution in PluginBase.php

CWE-94
File Location: core/modules/views/src/Plugin/views/PluginBase.php:373
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('preg_match(\'/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/\', $top) === 1', 'Tokens need to be valid Twig variables.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L239

Dynamic Code Execution in HandlerTest.php

CWE-94
File Location: core/modules/views/src/Tests/Handler/HandlerTest.php:239
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($expected == $handler->value, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L165

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:165
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test4.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L184

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:184
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test6.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L197

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:197
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test7.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L277

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:277
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($object), sprintf("Backend returned an object for cache id %s.", $cid));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L312

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:312
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test2']), "Existing cache id test2 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L358

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:358
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test3', $cids), "Deleted cache id test3 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L97

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:97
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(NULL === $node, sprintf('A button "%s" appears on this page, but it should not.', $button));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L252

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:252
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($links), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L224

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:224
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L448

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:448
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j > 0');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L452

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:452
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j >= 0 && !$other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L69

Dynamic Code Execution in HWLDFWordAccumulator.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/HWLDFWordAccumulator.php:69
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!strstr($word, "\n"));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L35

Dynamic Code Execution in MappedDiff.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/MappedDiff.php:35
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(sizeof($from_lines) == sizeof($mapped_from_lines));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L452

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:452
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('empty(array_diff(array_keys(parse_url($scheme_and_host)), ["scheme", "host", "port"]))', '$scheme_and_host contains scheme, host and port at most.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L454

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:454
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset(parse_url($scheme_and_host)["host"])', '$base_url is absolute and hence has a host.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in CacheTagsInvalidator.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheTagsInvalidator.php:25
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('Drupal\Component\Assertion\Inspector::assertAllStrings($tags)', 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L96

Dynamic Code Execution in MemoryBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/MemoryBackend.php:96
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($tags)', 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L146

Dynamic Code Execution in PhpBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/PhpBackend.php:146
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($tags)', 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L53

Dynamic Code Execution in Element.php

CWE-94
File Location: core/lib/Drupal/Core/Config/Schema/Element.php:53
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($typed_data_manager instanceof TypedConfigManagerInterface, '$typed_data_manager should be an instance of \Drupal\Core\Config\TypedConfigManagerInterface.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:47
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('array_intersect_key($processed_placeholders, $placeholders) === $processed_placeholders', 'Processed placeholders must be a subset of all placeholders.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in AggregatorRenderingTest.php

CWE-94
File Location: core/modules/aggregator/src/Tests/AggregatorRenderingTest.php:60
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($links[0]), 'Item link found.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in UpdateFeedItemTest.php

CWE-94
File Location: core/modules/aggregator/src/Tests/UpdateFeedItemTest.php:42
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a feed');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L634

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:634
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$embedded_response instanceof \Drupal\Core\Render\HtmlResponse || $embedded_response instanceof \Drupal\Core\Ajax\AjaxResponse');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in BigPipeResponseAttachmentsProcessor.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipeResponseAttachmentsProcessor.php:60
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$response instanceof \Drupal\Core\Render\HtmlResponse');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L68

Dynamic Code Execution in ConfigExportUITest.php

CWE-94
File Location: core/modules/config/src/Tests/ConfigExportUITest.php:68
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($archive_contents), 'Downloaded archive file is not empty.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in ConfigInstallProfileUnmetDependenciesTest.php

CWE-94
File Location: core/modules/config/src/Tests/ConfigInstallProfileUnmetDependenciesTest.php:66
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert('debug', $message, 'Debug', $caller);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in ConfigInstallProfileUnmetDependenciesTest.php

CWE-94
File Location: core/modules/config/src/Tests/ConfigInstallProfileUnmetDependenciesTest.php:72
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert('exception', $message, $group, $caller);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L144

Dynamic Code Execution in ContactSitewideTest.php

CWE-94
File Location: core/modules/contact/src/Tests/ContactSitewideTest.php:144
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a contact form.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L557

Dynamic Code Execution in ForumTest.php

CWE-94
File Location: core/modules/forum/tests/src/Functional/ForumTest.php:557
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a term');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in NodeTypeInitialLanguageTest.php

CWE-94
File Location: core/modules/node/tests/src/Functional/NodeTypeInitialLanguageTest.php:76
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($language_display), 'Language field is visible on manage display tab.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L104

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/rest/tests/src/Functional/ResourceTestBase.php:104
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('[] === $user_role->getPermissions()', 'The anonymous user role has no permissions at all.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L459

Dynamic Code Execution in ShortcutLinksTest.php

CWE-94
File Location: core/modules/shortcut/src/Tests/ShortcutLinksTest.php:459
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[$index]), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L305

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:305
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[$index]), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L359

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:359
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[$index]), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L522

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:522
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(strpos($this->getRawContent(), Html::escape($raw)) === FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L698

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:698
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L728

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:728
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert((bool) preg_match($pattern, $this->getRawContent()), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1477

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:1477
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($status, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L460

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:460
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert((bool) $value, $message ? $message : SafeMarkup::format('Value @value is TRUE.', array('@value' => var_export($value, TRUE))), $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L485

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:485
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(!$value, $message ? $message : SafeMarkup::format('Value @value is FALSE.', array('@value' => var_export($value, TRUE))), $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L531

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:531
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($value), $message ? $message : SafeMarkup::format('Value @value is not NULL.', array('@value' => var_export($value, TRUE))), $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L787

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:787
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L915

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:915
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(FALSE, 'No test methods found.', 'Requirements', array('function' => __METHOD__ . '()', 'file' => __FILE__, 'line' => __LINE__));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L169

Dynamic Code Execution in SimpleTestTest.php

CWE-94
File Location: core/modules/simpletest/src/Tests/SimpleTestTest.php:169
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L140

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:140
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test1.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:168
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test4.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L187

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:187
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test6.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L280

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:280
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($object), sprintf("Backend returned an object for cache id %s.", $cid));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L363

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:363
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test21', $cids), "Nonexistent cache id test21 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L97

Dynamic Code Execution in RebuildTest.php

CWE-94
File Location: core/modules/system/src/Tests/Form/RebuildTest.php:97
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(count($this->xpath('//div[contains(@class, "field--name-field-ajax-test")]//input[@type="text"]')) == 2, 'AJAX submission succeeded.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L184

Dynamic Code Execution in StorageTest.php

CWE-94
File Location: core/modules/system/src/Tests/Form/StorageTest.php:184
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($original['form']['#poisoned']), 'Original form structure was preserved');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L61

Dynamic Code Execution in DependencyTest.php

CWE-94
File Location: core/modules/system/src/Tests/Module/DependencyTest.php:61
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(count($checkbox) == 1, 'Checkbox for the module is disabled.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L90

Dynamic Code Execution in DependencyTest.php

CWE-94
File Location: core/modules/system/src/Tests/Module/DependencyTest.php:90
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(count($checkbox) == 1, 'Checkbox for the module is disabled.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L267

Dynamic Code Execution in UncaughtExceptionTest.php

CWE-94
File Location: core/modules/system/src/Tests/System/UncaughtExceptionTest.php:267
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(strpos($errors[0], $expected_entry) !== FALSE, 'Original error logged to the PHP error log when an exception is thrown by a logger');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L146

Dynamic Code Execution in SearchIntegrationTest.php

CWE-94
File Location: core/modules/views/src/Tests/SearchIntegrationTest.php:146
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[0]) && !isset($links[1]), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L22

Dynamic Code Execution in AssertLegacyTrait.php

CWE-94
File Location: core/tests/Drupal/KernelTests/AssertLegacyTrait.php:22
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- protected function assert($actual, $message = '') {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L238

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:238
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($backend->get('test2')), "Backend returned an object for cache id %cid.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L243

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:243
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($backend->get('test2')), "Backend still has an object for cache id test2.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L329

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:329
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test19', $cids), "Nonexistent cache id test19 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:360
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test21', $cids), "Nonexistent cache id test21 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L190

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:190
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($option_field === NULL, sprintf('An option "%s" exists in select "%s", but it should not.', $option, $select));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L275

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:275
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($links[$index]), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L296

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:296
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($links), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L459

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:459
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($node === NULL, "A hidden field '$field' exists on this page, but it should not.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L347

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:347
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('sizeof($lines) == sizeof($changed)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L430

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:430
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j < $other_len && ! $other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in AccessResult.php

CWE-94
File Location: core/lib/Drupal/Core/Access/AccessResult.php:42
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('is_string($reason) || is_null($reason)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:57
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($a) && \Drupal\Component\Assertion\Inspector::assertAllStrings($b)', 'Cache tags must be valid strings');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L128

Dynamic Code Execution in ContainerBuilder.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/ContainerBuilder.php:128
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L153

Dynamic Code Execution in DefaultPluginManager.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/DefaultPluginManager.php:153
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($cache_tags)', 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in AggregatorTestBase.php

CWE-94
File Location: core/modules/aggregator/src/Tests/AggregatorTestBase.php:71
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a feed');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L423

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:423
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset($no_js_placeholders[$placeholder])');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L183

Dynamic Code Execution in BigPipeStrategy.php

CWE-94
File Location: core/modules/big_pipe/src/Render/Placeholder/BigPipeStrategy.php:183
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('is_string($placeholder)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.