Back to Codebase

Vulnerability Analysis Report

Drupal Core v9.5.6

Scan ID: SCAN-DRUPAL-CORE-h3PiC5 • Hash: 7b1b6d2f

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.429s

Vulnerability Details

L208

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:208
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L347

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:347
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert(sizeof($lines) == sizeof($changed));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L367

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:367
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j < $other_len && ! $other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L407

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:407
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j >= 0 && !$other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L452

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:452
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j >= 0 && !$other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in MappedDiff.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/MappedDiff.php:36
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(sizeof($from_lines) == sizeof($mapped_from_lines));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L37

Dynamic Code Execution in MappedDiff.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/MappedDiff.php:37
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(sizeof($to_lines) == sizeof($mapped_to_lines));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L90

Dynamic Code Execution in FrontMatter.php

CWE-94
File Location: core/lib/Drupal/Component/FrontMatter/FrontMatter.php:90
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_subclass_of($serializer, SerializationInterface::class), sprintf('The $serializer parameter must reference a class that implements %s.', SerializationInterface::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L186

Dynamic Code Execution in LibraryDiscoveryParser.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDiscoveryParser.php:186
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(defined($category_weight), 'Invalid CSS category: ' . $category . '. See https://www.drupal.org/node/2274843.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L26

Dynamic Code Execution in CacheTagsInvalidator.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheTagsInvalidator.php:26
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in MemoryBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/MemoryBackend.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L51

Dynamic Code Execution in MemoryCache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/MemoryCache/MemoryCache.php:51
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L295

Dynamic Code Execution in EntityStorageBase.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/EntityStorageBase.php:295
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!is_null($id), sprintf('Cannot load the "%s" entity with NULL ID.', $this->entityTypeId));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L68

Dynamic Code Execution in Extension.php

CWE-94
File Location: core/lib/Drupal/Core/Extension/Extension.php:68
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($pathname === 'core/core.info.yml' || ($pathname[0] !== '/' && file_exists($root . '/' . $pathname)), sprintf('The file specified by the given app root, relative path and file name (%s) do not exist.', $root . '/' . $pathname));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L114

Dynamic Code Execution in HtmlResponseAttachmentsProcessor.php

CWE-94
File Location: core/lib/Drupal/Core/Render/HtmlResponseAttachmentsProcessor.php:114
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($response instanceof HtmlResponse);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L320

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:320
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($elements['#lazy_builder'][1]) === count(array_filter($elements['#lazy_builder'][1], function ($v) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L323

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:323
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!Element::children($elements), sprintf('When a #lazy_builder callback is specified, no children can exist; all children must be generated by the #lazy_builder callback. You specified the following children: %s.', implode(', ', Element::children($elements))));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L356

Dynamic Code Execution in Renderer.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Renderer.php:356
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($new_elements), "#lazy_builder callbacks must return a valid renderable array, got " . gettype($new_elements) . " from " . Variable::callableToString($elements['#lazy_builder'][0]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in PharExtensionInterceptor.php

CWE-94
File Location: core/lib/Drupal/Core/Security/PharExtensionInterceptor.php:40
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert(string $path, string $command): bool {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L183

Dynamic Code Execution in BigPipeStrategy.php

CWE-94
File Location: core/modules/big_pipe/src/Render/Placeholder/BigPipeStrategy.php:183
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($placeholder));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L774

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:774
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($this->elements[$tag]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1219

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1219
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($tag === '*');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1238

Dynamic Code Execution in HTMLRestrictions.php

CWE-94
File Location: core/modules/ckeditor5/src/HTMLRestrictions.php:1238
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($readable));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L68

Dynamic Code Execution in Heading.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5Plugin/Heading.php:68
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin_definition->getClass() === static::class);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L156

Dynamic Code Execution in CKEditor5PluginDefinition.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginDefinition.php:156
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($definition['drupal']['elements'] === []);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L470

Dynamic Code Execution in CKEditor5PluginManager.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/CKEditor5PluginManager.php:470
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plugin->getPluginDefinition()->hasConditions());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L211

Dynamic Code Execution in FundamentalCompatibilityConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/FundamentalCompatibilityConstraintValidator.php:211
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($matching_plugins) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in SourceEditingPreventSelfXssConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingPreventSelfXssConstraintValidator.php:49
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(count($allowed_elements) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in SourceEditingPreventSelfXssConstraintValidator.php

CWE-94
File Location: core/modules/ckeditor5/src/Plugin/Validation/Constraint/SourceEditingPreventSelfXssConstraintValidator.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($attribute_name !== '*');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1659

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:1659
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1788

Dynamic Code Execution in CKEditor5PluginManagerTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Kernel/CKEditor5PluginManagerTest.php:1788
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($base_plugin_definition instanceof CKEditor5PluginDefinition);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L900

Dynamic Code Execution in HTMLRestrictionsTest.php

CWE-94
File Location: core/modules/ckeditor5/tests/src/Unit/HTMLRestrictionsTest.php:900
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($$parameter instanceof HTMLRestrictions);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in CommentStorageSchema.php

CWE-94
File Location: core/modules/comment/src/CommentStorageSchema.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($storage_definition instanceof RequiredFieldStorageDefinitionInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in ConfigExportUITest.php

CWE-94
File Location: core/modules/config/tests/src/Functional/ConfigExportUITest.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_system instanceof FileSystemInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L89

Dynamic Code Execution in FileRepositoryTest.php

CWE-94
File Location: core/modules/file/tests/src/Kernel/FileRepositoryTest.php:89
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($stream_wrapper_manager instanceof StreamWrapperManagerInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L172

Dynamic Code Execution in TemporaryQueryGuard.php

CWE-94
File Location: core/modules/jsonapi/src/Access/TemporaryQueryGuard.php:172
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_numeric($property_name), 'The specifier is not a property name, it must be a delta.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L625

Dynamic Code Execution in FieldResolver.php

CWE-94
File Location: core/modules/jsonapi/src/Context/FieldResolver.php:625
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($target_definition instanceof EntityDataDefinitionInterface, 'Entity reference fields should only be able to reference entities.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L162

Dynamic Code Execution in TemporaryJsonapiFileFieldUploader.php

CWE-94
File Location: core/modules/jsonapi/src/Controller/TemporaryJsonapiFileFieldUploader.php:162
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_a($field_definition->getClass(), FileFieldItemList::class, TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L141

Dynamic Code Execution in IncludeResolver.php

CWE-94
File Location: core/modules/jsonapi/src/IncludeResolver.php:141
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($target_type));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in Data.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/Data.php:59
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($data, ResourceIdentifierInterface::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in ErrorCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ErrorCollection.php:38
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($error) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L71

Dynamic Code Execution in JsonApiDocumentTopLevel.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/JsonApiDocumentTopLevel.php:71
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!$data instanceof ErrorCollection || $includes instanceof NullIncludedData);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L48

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:48
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($key) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L51

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:51
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAll(function ($link) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L54

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:54
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($context) || Inspector::assertAllObjects([$context], JsonApiDocumentTopLevel::class, ResourceObject::class, Relationship::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L86

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:86
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::validKey($key));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L133

Dynamic Code Execution in LinkCollection.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/LinkCollection.php:133
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!is_null($this->context), 'A LinkCollection is invalid unless a context has been established.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L81

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:81
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($resource_type) || $resource_type instanceof ResourceType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:82
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!isset($meta[static::ARITY_KEY]) || is_int($meta[static::ARITY_KEY]) && $meta[static::ARITY_KEY] >= 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L142

Dynamic Code Execution in ResourceIdentifier.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceIdentifier.php:142
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->hasArity());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L92

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:92
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($revision_id) || $resource_type->isVersionable());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L317

Dynamic Code Execution in ResourceObject.php

CWE-94
File Location: core/modules/jsonapi/src/JsonApiResource/ResourceObject.php:317
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof UserInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in FieldNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/FieldNormalizer.php:47
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field_definition instanceof FieldDefinitionInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L188

Dynamic Code Execution in ResourceObjectNormalizer.php

CWE-94
File Location: core/modules/jsonapi/src/Normalizer/ResourceObjectNormalizer.php:188
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($normalized_field instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in ResourceTypeBuildEvent.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeBuildEvent.php:50
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllObjects($fields, ResourceTypeField::class));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L356

Dynamic Code Execution in ResourceTypeRepository.php

CWE-94
File Location: core/modules/jsonapi/src/ResourceType/ResourceTypeRepository.php:356
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($bundle) && !empty($bundle), 'A bundle ID is required. Bundleless entity types should pass the entity type ID again.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L48

Dynamic Code Execution in VersionByRel.php

CWE-94
File Location: core/modules/jsonapi/src/Revisions/VersionByRel.php:48
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L112

Dynamic Code Execution in ExternalNormalizersTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ExternalNormalizersTest.php:112
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($expected_value_jsonapi_normalization, [static::VALUE_ORIGINAL, static::VALUE_OVERRIDDEN], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L830

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:830
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($via_link) || $via_link instanceof Url);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2438

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php:2438
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->entity instanceof RevisionableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L99

Dynamic Code Execution in FieldItemNormalizerTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Kernel/Normalizer/FieldItemNormalizerTest.php:99
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($result instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L104

Dynamic Code Execution in FieldItemNormalizerTest.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Kernel/Normalizer/FieldItemNormalizerTest.php:104
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($result instanceof CacheableNormalization);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L141

Dynamic Code Execution in CommonCollectionFilterAccessTestPatternsTrait.php

CWE-94
File Location: core/modules/jsonapi/tests/src/Traits/CommonCollectionFilterAccessTestPatternsTrait.php:141
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->entity instanceof EntityPublishedInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in ExtraFieldBlock.php

CWE-94
File Location: core/modules/layout_builder/src/Plugin/Block/ExtraFieldBlock.php:76
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($field_name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L669

Dynamic Code Execution in InlineBlockTest.php

CWE-94
File Location: core/modules/layout_builder/tests/src/FunctionalJavascript/InlineBlockTest.php:669
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert($permissions, TRUE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L203

Dynamic Code Execution in OEmbedIframeController.php

CWE-94
File Location: core/modules/media/src/Controller/OEmbedIframeController.php:203
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($bubbleable_metadata instanceof BubbleableMetadata);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L298

Dynamic Code Execution in MediaEmbed.php

CWE-94
File Location: core/modules/media/src/Plugin/Filter/MediaEmbed.php:298
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($media === NULL || $media instanceof MediaInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L100

Dynamic Code Execution in OEmbedIframeControllerTest.php

CWE-94
File Location: core/modules/media/tests/src/Kernel/OEmbedIframeControllerTest.php:100
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($response instanceof HtmlResponse);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L167

Dynamic Code Execution in MigrateEntityContentValidationTest.php

CWE-94
File Location: core/modules/migrate/tests/src/Kernel/MigrateEntityContentValidationTest.php:167
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($filter_test_format instanceof FilterFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L176

Dynamic Code Execution in MigrateEntityContentValidationTest.php

CWE-94
File Location: core/modules/migrate/tests/src/Kernel/MigrateEntityContentValidationTest.php:176
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($role instanceof RoleInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L244

Dynamic Code Execution in Schema.php

CWE-94
File Location: core/modules/pgsql/src/Driver/Database/pgsql/Schema.php:244
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($constraint_type, ['c', 'f', 'p', 'u', 't', 'x']));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L154

Dynamic Code Execution in SearchMultilingualEntityTest.php

CWE-94
File Location: core/modules/search/tests/src/Functional/SearchMultilingualEntityTest.php:154
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($search_index instanceof SearchIndexInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L264

Dynamic Code Execution in SearchRankingTest.php

CWE-94
File Location: core/modules/search/tests/src/Functional/SearchRankingTest.php:264
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($search_index instanceof SearchIndexInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in SearchMatchTest.php

CWE-94
File Location: core/modules/search/tests/src/Kernel/SearchMatchTest.php:55
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($search_index instanceof SearchIndexInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L35

Dynamic Code Execution in SearchTextProcessorTest.php

CWE-94
File Location: core/modules/search/tests/src/Kernel/SearchTextProcessorTest.php:35
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_processor instanceof SearchTextProcessorInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L58

Dynamic Code Execution in DateTimeNormalizer.php

CWE-94
File Location: core/modules/serialization/src/Normalizer/DateTimeNormalizer.php:58
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($datetime instanceof DateTimeInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L20

Dynamic Code Execution in EntityDateFormat.php

CWE-94
File Location: core/modules/system/src/Plugin/migrate/destination/EntityDateFormat.php:20
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity instanceof DateFormatInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in CommonTestController.php

CWE-94
File Location: core/modules/system/tests/modules/common_test/src/Controller/CommonTestController.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($module_extension_list instanceof ExtensionList);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L179

Dynamic Code Execution in ModuleHandlerTest.php

CWE-94
File Location: core/modules/system/tests/src/Kernel/Extension/ModuleHandlerTest.php:179
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($profile_list instanceof ProfileExtensionList);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L222

Dynamic Code Execution in ModuleHandlerTest.php

CWE-94
File Location: core/modules/system/tests/src/Kernel/Extension/ModuleHandlerTest.php:222
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($profile_list instanceof ProfileExtensionList);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L162

Dynamic Code Execution in TipPluginBase.php

CWE-94
File Location: core/modules/tour/src/TipPluginBase.php:162
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array(trim($location ?? ''), [
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in CommandsTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Ajax/CommandsTest.php:59
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert('Settings command exists when JS aggregation is disabled.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L54

Dynamic Code Execution in ContextDefinitionTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Plugin/ContextDefinitionTest.php:54
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->expectExceptionMessage('assert(strpos($data_type, \'entity:\') !== 0 || $this instanceof EntityContextDefinition)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L350

Dynamic Code Execution in KernelTestBaseTest.php

CWE-94
File Location: core/tests/Drupal/KernelTests/KernelTestBaseTest.php:350
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(TRUE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L64

Dynamic Code Execution in SchemaIntrospectionTestTrait.php

CWE-94
File Location: core/tests/Drupal/Tests/Core/Database/SchemaIntrospectionTestTrait.php:64
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(in_array($index_type, ['index', 'unique', 'primary'], TRUE));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L172

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:172
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(NULL === $node, sprintf('A button "%s" appears on this page, but it should not.', $button));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L318

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:318
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($links[$index]), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L406

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:406
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($links[$index]), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L427

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:427
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($links), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L667

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:667
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($node === NULL, "A hidden field '$field' exists on this page, but it should not.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L99

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:99
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($xi < $n_from || $this->ychanged[$yi]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L215

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:215
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($y < $this->seq[$k]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L224

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:224
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L430

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:430
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($j < $other_len && ! $other_changed[$j]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L182

Dynamic Code Execution in LibraryDiscoveryParser.php

CWE-94
File Location: core/lib/Drupal/Core/Asset/LibraryDiscoveryParser.php:182
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(static::validateCssLibrary($library[$type]) < 2, 'CSS files should be specified as key/value pairs, where the values are configuration options. See https://www.drupal.org/node/2274843.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L115

Dynamic Code Execution in CacheCollector.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheCollector.php:115
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($tags), 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L108

Dynamic Code Execution in CacheContextsManager.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Context/CacheContextsManager.php:108
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->assertValidTokens($context_tokens));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L74

Dynamic Code Execution in StaticMenuLinkOverrides.php

CWE-94
File Location: core/lib/Drupal/Core/Menu/StaticMenuLinkOverrides.php:74
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($id), 'Menu link plugin ID should be a string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L158

Dynamic Code Execution in DefaultPluginManager.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/DefaultPluginManager.php:158
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Inspector::assertAllStrings($cache_tags), 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L255

Dynamic Code Execution in DefaultPluginManager.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/DefaultPluginManager.php:255
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($definition->getClass()), 'Plugin definitions must have a class');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.