Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.8.10

Scan ID: SCAN-DRUPAL-CORE-UJ9xND • Hash: 5b92e494

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.034s

Vulnerability Details

L97

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:97
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($yi < $n_to || $this->xchanged[$xi]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L207

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:207
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L67

Dynamic Code Execution in HWLDFWordAccumulator.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/HWLDFWordAccumulator.php:67
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!strstr($word, "\n"));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L37

Dynamic Code Execution in MappedDiff.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/MappedDiff.php:37
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(sizeof($to_lines) == sizeof($mapped_to_lines));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L456

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:456
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset(parse_url($scheme_and_host)["scheme"]), '$scheme_and_host is absolute and hence has a scheme.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L115

Dynamic Code Execution in CacheCollector.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheCollector.php:115
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in CacheContextsManager.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Context/CacheContextsManager.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->assertValidTokens($context_tokens));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L147

Dynamic Code Execution in PhpBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/PhpBackend.php:147
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L152

Dynamic Code Execution in ContainerBuilder.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/ContainerBuilder.php:152
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:47
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(array_intersect_key($processed_placeholders, $placeholders) === $processed_placeholders, 'Processed placeholders must be a subset of all placeholders.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L34

Dynamic Code Execution in PharExtensionInterceptor.php

CWE-94
File Location: core/lib/Drupal/Core/Security/PharExtensionInterceptor.php:34
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert(string $path, string $command): bool {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L258

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:258
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->urlGenerator instanceof UrlGeneratorInterface, "The URL generator hasn't been set up. Any configuration YAML file with a service directive dealing with the Twig configuration can cause this, most likely found in a recently installed or changed module.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L84

Dynamic Code Execution in AggregatorTestBase.php

CWE-94
File Location: core/modules/aggregator/src/Tests/AggregatorTestBase.php:84
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a feed');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in AggregatorRenderingTest.php

CWE-94
File Location: core/modules/aggregator/tests/src/Functional/AggregatorRenderingTest.php:70
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($links[0]), new FormattableMarkup('Link to href %href found.', ['%href' => $href]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L77

Dynamic Code Execution in AggregatorTestBase.php

CWE-94
File Location: core/modules/aggregator/tests/src/Functional/AggregatorTestBase.php:77
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a feed');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in CommentStorageSchema.php

CWE-94
File Location: core/modules/comment/src/CommentStorageSchema.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($storage_definition instanceof RequiredFieldStorageDefinitionInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L707

Dynamic Code Execution in EntityDisplayTest.php

CWE-94
File Location: core/modules/field_ui/tests/src/Kernel/EntityDisplayTest.php:707
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($value, $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L449

Dynamic Code Execution in ForumTest.php

CWE-94
File Location: core/modules/forum/tests/src/Functional/ForumTest.php:449
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a term');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in FrontMatter.php

CWE-94
File Location: core/modules/help_topics/src/FrontMatter.php:59
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($source), '$source must be a string');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in FrontMatter.php

CWE-94
File Location: core/modules/help_topics/src/FrontMatter.php:60
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($serializer), '$serializer must be a string');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L209

Dynamic Code Execution in EntityAccessChecker.php

CWE-94
File Location: core/modules/jsonapi/src/Access/EntityAccessChecker.php:209
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($operation === 'view', 'JSON:API does not yet support mutable operations on revisions.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L244

Dynamic Code Execution in EntityAccessChecker.php

CWE-94
File Location: core/modules/jsonapi/src/Access/EntityAccessChecker.php:244
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in RelationshipFieldAccess.php

CWE-94
File Location: core/modules/jsonapi/src/Access/RelationshipFieldAccess.php:70
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($resource_type instanceof ResourceType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L614

Dynamic Code Execution in FieldResolver.php

CWE-94
File Location: core/modules/jsonapi/src/Context/FieldResolver.php:614
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($target_definition instanceof EntityDataDefinitionInterface, 'Entity reference fields should only be able to reference entities.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L742

Dynamic Code Execution in FieldResolver.php

CWE-94
File Location: core/modules/jsonapi/src/Context/FieldResolver.php:742
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($definitions[$internal_field_name]), 'The field name should have already been validated.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L123

Dynamic Code Execution in ResourceResponseSubscriber.php

CWE-94
File Location: core/modules/jsonapi/src/EventSubscriber/ResourceResponseSubscriber.php:123
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($jsonapi_doc_object instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L139

Dynamic Code Execution in IncludeResolver.php

CWE-94
File Location: core/modules/jsonapi/src/IncludeResolver.php:139
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($target_type));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L28

Dynamic Code Execution in IncludedData.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/IncludedData.php:28
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, ResourceObject::class, EntityAccessDeniedHttpException::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in JsonApiDocumentTopLevel.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/JsonApiDocumentTopLevel.php:71
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!$data instanceof ErrorCollection || $includes instanceof NullIncludedData);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L85

Dynamic Code Execution in Link.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Link.php:85
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($link_relation_type));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L201

Dynamic Code Execution in Link.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Link.php:201
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::compare($a, $b) === 0, 'Only equivalent links can be merged.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L54

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:54
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($context) || Inspector::assertAllObjects([$context], JsonApiDocumentTopLevel::class, ResourceObject::class, Relationship::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L28

Dynamic Code Execution in OmittedData.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/OmittedData.php:28
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, EntityAccessDeniedHttpException::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L142

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:142
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->hasArity());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L415

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:415
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($value === NULL);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L417

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:417
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field instanceof EntityReferenceFieldItemListInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L24

Dynamic Code Execution in DataNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/DataNormalizer.php:24
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof Data);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L164

Dynamic Code Execution in FieldItemNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldItemNormalizer.php:164
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_item instanceof FieldItemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in FieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldNormalizer.php:36
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($context['resource_object'] instanceof ResourceObject);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in FieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldNormalizer.php:47
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_definition instanceof FieldDefinitionInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L174

Dynamic Code Execution in JsonApiDocumentTopLevelNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/JsonApiDocumentTopLevelNormalizer.php:174
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof JsonApiDocumentTopLevel);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L52

Dynamic Code Execution in ResourceIdentifierNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/ResourceIdentifierNormalizer.php:52
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($object instanceof ResourceIdentifier);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L192

Dynamic Code Execution in ResourceObjectNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/ResourceObjectNormalizer.php:192
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($normalized_field instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L207

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:207
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($field_names));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L376

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:376
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($bundle) && !empty($bundle), 'A bundle ID is required. Bundleless entity types should pass the entity type ID again.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L117

Dynamic Code Execution in ResourceVersionRouteEnhancer.php

CWE-94
File Location: core/modules/jsonapi/src/Revisions/ResourceVersionRouteEnhancer.php:117
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($defaults['entity'] instanceof EntityInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L84

Dynamic Code Execution in Routes.php

CWE-94
File Location: core/modules/jsonapi/src/Routing/Routes.php:84
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($jsonapi_base_path));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L89

Dynamic Code Execution in Routes.php

CWE-94
File Location: core/modules/jsonapi/src/Routing/Routes.php:89
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L113

Dynamic Code Execution in ExternalNormalizersTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ExternalNormalizersTest.php:113
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($expected_value_jsonapi_denormalization, [static::VALUE_ORIGINAL, static::VALUE_OVERRIDDEN], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L237

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:237
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert([] === $user_role->getPermissions(), 'The authenticated user role has no permissions at all.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L625

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:625
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($method === 'GET', 'Only read operations on revisions are supported.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L825

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:825
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($via_link) || $via_link instanceof Url);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L541

Dynamic Code Execution in InlineBlockTest.php

CWE-94
File Location: core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockTest.php:541
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert($permissions, FALSE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L543

Dynamic Code Execution in InlineBlockTest.php

CWE-94
File Location: core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockTest.php:543
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert($permissions, TRUE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L208

Dynamic Code Execution in MigrateTestBase.php

CWE-94
File Location: core/modules/migrate/tests/src/Kernel/MigrateTestBase.php:208
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($type == 'status', $message, 'migrate');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L121

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/rest/tests/src/Functional/ResourceTestBase.php:121
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert([] === $user_role->getPermissions(), 'The authenticated user role has no permissions at all.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L206

Dynamic Code Execution in ConfigDependenciesTest.php

CWE-94
File Location: core/modules/rest/tests/src/Kernel/Entity/ConfigDependenciesTest.php:206
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($expected_configuration === FALSE || is_array($expected_configuration));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L58

Dynamic Code Execution in SearchNodeUpdateAndDeletionTest.php

CWE-94
File Location: core/modules/search/tests/src/Functional/SearchNodeUpdateAndDeletionTest.php:58
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($search_index instanceof SearchIndexInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L220

Dynamic Code Execution in FieldableEntityNormalizerTrait.php

CWE-94
File Location: core/modules/serialization/src/Normalizer/FieldableEntityNormalizerTrait.php:220
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_item instanceof FieldItemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L536

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:536
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(!isset($value), $message ? $message : new FormattableMarkup('Value @value is NULL.', ['@value' => var_export($value, TRUE)]), $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L794

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:794
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(TRUE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L844

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:844
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert('exception', $message, $group, $caller);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L179

Dynamic Code Execution in SimpleTestTest.php

CWE-94
File Location: core/modules/simpletest/src/Tests/SimpleTestTest.php:179
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'Lorem Ipsum');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L304

Dynamic Code Execution in WebTestBase.php

CWE-94
File Location: core/modules/simpletest/src/WebTestBase.php:304
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $pass = $this->assert($this->drupalUserIsLoggedIn($account), new FormattableMarkup('User %name successfully logged in.', ['%name' => $account->getAccountName()]), 'User login');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L161

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:161
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), 'Backend returned an object for cache id test3.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L180

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:180
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test5.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L202

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:202
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test7.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L282

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:282
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($object), sprintf("Backend returned an object for cache id %s.", $cid));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L321

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:321
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test6']), "Existing cache id test6 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L337

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:337
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test21', $cids), "Nonexistent cache id test21 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L99

Dynamic Code Execution in EntityTranslationFormTest.php

CWE-94
File Location: core/modules/system/tests/src/Functional/Entity/EntityTranslationFormTest.php:99
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L379

Dynamic Code Execution in PluginBase.php

CWE-94
File Location: core/modules/views/src/Plugin/views/PluginBase.php:379
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $token) === 1, 'Tokens need to be valid Twig variables.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L522

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/tests/Drupal/KernelTests/AssertContentTrait.php:522
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(strpos($this->getRawContent(), Html::escape($raw)) === FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L698

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/tests/Drupal/KernelTests/AssertContentTrait.php:698
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L728

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/tests/Drupal/KernelTests/AssertContentTrait.php:728
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert((bool) preg_match($pattern, $this->getRawContent()), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L54

Dynamic Code Execution in CommandsTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Ajax/CommandsTest.php:54
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert('Settings command exists when JS aggregation is disabled.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in CommandsTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Ajax/CommandsTest.php:57
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert('Settings command exists when JS aggregation is enabled.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L147

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:147
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test2.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L156

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:156
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), 'Backend returned an object for cache id test3.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L277

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:277
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($object), sprintf("Backend returned an object for cache id %s.", $cid));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L316

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:316
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test6']), "Existing cache id test6 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L349

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:349
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test7']), "Existing cache id test7 is set");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:360
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test3', $cids), "Deleted cache id test3 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L96

Dynamic Code Execution in DatabaseLegacyTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Database/DatabaseLegacyTest.php:96
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(db_set_active($get_active_db), 'Database connection is active');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L191

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:191
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($option_field === NULL, sprintf('An option "%s" exists in select "%s", but it should not.', $option, $select));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L297

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:297
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($links), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L599

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:599
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!preg_match($regex, $actual), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L98

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:98
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($xi < $n_from || $this->ychanged[$yi]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L223

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:223
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L406

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:406
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j >= 0 && !$other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L451

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:451
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j >= 0 && !$other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in MappedDiff.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/MappedDiff.php:36
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(sizeof($from_lines) == sizeof($mapped_from_lines));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L455

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:455
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(empty(array_diff(array_keys(parse_url($scheme_and_host)), ["scheme", "host", "port"])), '$scheme_and_host contains scheme, host and port at most.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L68

Dynamic Code Execution in LibraryDependencyResolver.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDependencyResolver.php:68
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($libraries) === count(array_unique($libraries)), '$libraries can\'t contain duplicate items.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L33

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:33
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\Drupal::service('cache_contexts_manager')->assertValidTokens($cache_contexts));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L226

Dynamic Code Execution in DatabaseBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/DatabaseBackend.php:226
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($item['tags']), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in MemoryBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/MemoryBackend.php:103
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:38
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($this->placeholderStrategies), 'At least one placeholder strategy must be present; by default the fallback strategy \Drupal\Core\Render\Placeholder\SingleFlushStrategy is always present.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L284

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:284
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($url) || $url instanceof Url, '$url must be a string or object of type \Drupal\Core\Url');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L285

Dynamic Code Execution in TwigExtension.php

CWE-94
File Location: core/lib/Drupal/Core/Template/TwigExtension.php:285
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($attributes) || $attributes instanceof Attribute, '$attributes, if set, must be an array or object of type \Drupal\Core\Template\Attribute');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.