Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.3.0-alpha1

Scan ID: SCAN-DRUPAL-CORE-v3lBtZ • Hash: cb6bea84

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.815s

Vulnerability Details

L215

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:215
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($y < $this->seq[$k]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L263

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:263
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($ypos != $this->seq[$end]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L403

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:403
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j > 0');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L430

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:430
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j < $other_len && ! $other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L452

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:452
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('empty(array_diff(array_keys(parse_url($scheme_and_host)), ["scheme", "host", "port"]))', '$scheme_and_host contains scheme, host and port at most.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in CacheTagsInvalidator.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/CacheTagsInvalidator.php:25
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('Drupal\Component\Assertion\Inspector::assertAllStrings($tags)', 'Cache tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L146

Dynamic Code Execution in PhpBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/PhpBackend.php:146
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($tags)', 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L128

Dynamic Code Execution in ContainerBuilder.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/ContainerBuilder.php:128
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in BundleEntityFormBase.php

CWE-94
File Location: core/lib/Drupal/Core/Entity/BundleEntityFormBase.php:25
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset($form[$id_key])');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L259

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:259
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($chunk) || $chunk instanceof HtmlResponse);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L634

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:634
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$embedded_response instanceof \Drupal\Core\Render\HtmlResponse || $embedded_response instanceof \Drupal\Core\Ajax\AjaxResponse');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in BigPipeResponseAttachmentsProcessor.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipeResponseAttachmentsProcessor.php:60
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$response instanceof \Drupal\Core\Render\HtmlResponse');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L68

Dynamic Code Execution in ConfigExportUITest.php

CWE-94
File Location: core/modules/config/src/Tests/ConfigExportUITest.php:68
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($archive_contents), 'Downloaded archive file is not empty.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L144

Dynamic Code Execution in ContactSitewideTest.php

CWE-94
File Location: core/modules/contact/src/Tests/ContactSitewideTest.php:144
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a contact form.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in FieldUIRouteTest.php

CWE-94
File Location: core/modules/field_ui/src/Tests/FieldUIRouteTest.php:72
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(count($this->xpath('//ul/li[1]/a[contains(text(), :text)]', array(':text' => 'Default'))) == 1, 'Default secondary tab is in first position.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in NodeCreationTest.php

CWE-94
File Location: core/modules/node/src/Tests/NodeCreationTest.php:55
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L154

Dynamic Code Execution in NodeCreationTest.php

CWE-94
File Location: core/modules/node/src/Tests/NodeCreationTest.php:154
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L402

Dynamic Code Execution in NodeTranslationUITest.php

CWE-94
File Location: core/modules/node/src/Tests/NodeTranslationUITest.php:402
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($links[0]), format_string('The %langcode node translation has the correct alternate hreflang link for %alternate_langcode: %link.', array('%langcode' => $langcode, '%alternate_langcode' => $alternate_langcode, '%link' => $url->toString())));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L305

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:305
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[$index]), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L359

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:359
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[$index]), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L409

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:409
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(empty($links), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L522

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:522
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(strpos($this->getRawContent(), Html::escape($raw)) === FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L698

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:698
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L754

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:754
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(!preg_match($pattern, $this->getRawContent()), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L485

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:485
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(!$value, $message ? $message : SafeMarkup::format('Value @value is FALSE.', array('@value' => var_export($value, TRUE))), $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L631

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:631
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($is_identical, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L169

Dynamic Code Execution in SimpleTestTest.php

CWE-94
File Location: core/modules/simpletest/src/Tests/SimpleTestTest.php:169
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L150

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:150
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test2.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:168
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test4.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L200

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:200
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test7.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L315

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:315
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test2']), "Existing cache id test2 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L316

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:316
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test3']), "Existing cache id test3 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L317

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:317
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test6']), "Existing cache id test6 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L349

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:349
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test2']), "Existing cache id test2 is set");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L351

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:351
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test19']), "Added cache id test19 is set");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L362

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:362
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test6', $cids), "Deleted cache id test6 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L93

Dynamic Code Execution in EntityTranslationFormTest.php

CWE-94
File Location: core/modules/system/src/Tests/Entity/EntityTranslationFormTest.php:93
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L267

Dynamic Code Execution in UncaughtExceptionTest.php

CWE-94
File Location: core/modules/system/src/Tests/System/UncaughtExceptionTest.php:267
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(strpos($errors[0], $expected_entry) !== FALSE, 'Original error logged to the PHP error log when an exception is thrown by a logger');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L367

Dynamic Code Execution in PluginBase.php

CWE-94
File Location: core/modules/views/src/Plugin/views/PluginBase.php:367
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('preg_match(\'/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/\', $token) === 1', 'Tokens need to be valid Twig variables.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L130

Dynamic Code Execution in DefaultViewsTest.php

CWE-94
File Location: core/modules/views/src/Tests/DefaultViewsTest.php:130
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(TRUE, format_string('View @view will be executed.', array('@view' => $view->storage->id())));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L146

Dynamic Code Execution in SearchIntegrationTest.php

CWE-94
File Location: core/modules/views/src/Tests/SearchIntegrationTest.php:146
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(isset($links[0]) && !isset($links[1]), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L165

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:165
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test4.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L234

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:234
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($backend->get('test1')), "Backend returned an object for cache id test1.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:360
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test21', $cids), "Nonexistent cache id test21 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L190

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:190
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($option_field === NULL, sprintf('An option "%s" exists in select "%s", but it should not.', $option, $select));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L252

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:252
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($links), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L296

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:296
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($links), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L388

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:388
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert($condition, $message) {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L208

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:208
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L367

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:367
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j < $other_len && ! $other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L407

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:407
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j >= 0 && !$other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L452

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:452
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j >= 0 && !$other_changed[$j]');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L69

Dynamic Code Execution in HWLDFWordAccumulator.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/HWLDFWordAccumulator.php:69
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!strstr($word, "\n"));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L453

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:453
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset(parse_url($scheme_and_host)["scheme"])', '$scheme_and_host is absolute and hence has a scheme.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L454

Dynamic Code Execution in Html.php

CWE-94
File Location: core/lib/Drupal/Component/Utility/Html.php:454
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('isset(parse_url($scheme_and_host)["host"])', '$base_url is absolute and hence has a host.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L32

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:32
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal::service(\'cache_contexts_manager\')->assertValidTokens($cache_contexts)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in CacheContextsManager.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Context/CacheContextsManager.php:103
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$this->assertValidTokens($context_tokens)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in Container.php

CWE-94
File Location: core/lib/Drupal/Core/DependencyInjection/Container.php:29
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(FALSE, 'The container was serialized.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L153

Dynamic Code Execution in DefaultPluginManager.php

CWE-94
File Location: core/lib/Drupal/Core/Plugin/DefaultPluginManager.php:153
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($cache_tags)', 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in ChainedPlaceholderStrategy.php

CWE-94
File Location: core/lib/Drupal/Core/Render/Placeholder/ChainedPlaceholderStrategy.php:38
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('!empty($this->placeholderStrategies)', 'At least one placeholder strategy must be present; by default the fallback strategy \Drupal\Core\Render\Placeholder\SingleFlushStrategy is always present.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L65

Dynamic Code Execution in AggregatorRenderingTest.php

CWE-94
File Location: core/modules/aggregator/src/Tests/AggregatorRenderingTest.php:65
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($links[0]), format_string('Link to href %href found.', array('%href' => $href)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L652

Dynamic Code Execution in BigPipe.php

CWE-94
File Location: core/modules/big_pipe/src/Render/BigPipe.php:652
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('$request_type === \Symfony\Component\HttpKernel\HttpKernelInterface::MASTER_REQUEST || $request_type === \Symfony\Component\HttpKernel\HttpKernelInterface::SUB_REQUEST');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L301

Dynamic Code Execution in FilterAdminTest.php

CWE-94
File Location: core/modules/filter/src/Tests/FilterAdminTest.php:301
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L195

Dynamic Code Execution in MigrateTestBase.php

CWE-94
File Location: core/modules/migrate/tests/src/Kernel/MigrateTestBase.php:195
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($type == 'status', $message, 'migrate');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L42

Dynamic Code Execution in NodeTypeInitialLanguageTest.php

CWE-94
File Location: core/modules/node/src/Tests/NodeTypeInitialLanguageTest.php:42
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($language_field), 'Language field is not visible on manage fields tab.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L107

Dynamic Code Execution in ResourceTestBase.php

CWE-94
File Location: core/modules/rest/tests/src/Functional/ResourceTestBase.php:107
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('[] === $user_role->getPermissions()', 'The authenticated user role has no permissions at all.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L205

Dynamic Code Execution in ConfigDependenciesTest.php

CWE-94
File Location: core/modules/rest/tests/src/Kernel/Entity/ConfigDependenciesTest.php:205
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('is_string($module)');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L384

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:384
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(empty($links), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L465

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:465
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(strpos($this->getRawContent(), (string) $raw) === FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L493

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:493
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(strpos($this->getRawContent(), Html::escape($raw)) !== FALSE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L728

Dynamic Code Execution in AssertContentTrait.php

CWE-94
File Location: core/modules/simpletest/src/AssertContentTrait.php:728
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert((bool) preg_match($pattern, $this->getRawContent()), $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L601

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:601
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($not_equal, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L661

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:661
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert($not_identical, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L766

Dynamic Code Execution in TestBase.php

CWE-94
File Location: core/modules/simpletest/src/TestBase.php:766
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->assert(TRUE, $message, $group);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L152

Dynamic Code Execution in CommandsTest.php

CWE-94
File Location: core/modules/system/src/Tests/Ajax/CommandsTest.php:152
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assert('Settings command exists when JS aggregation is disabled.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L132

Dynamic Code Execution in DialogTest.php

CWE-94
File Location: core/modules/system/src/Tests/Ajax/DialogTest.php:132
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(strpos($ajax_result[3]['selector'], $no_target_expected_response['selector']) === 0, 'Selector starts with right string.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L159

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:159
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), 'Backend returned an object for cache id test3.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L246

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:246
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($backend->get('test2')), "Backend still has an object for cache id test2.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L280

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:280
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($object), sprintf("Backend returned an object for cache id %s.", $cid));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L318

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:318
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test7']), "Existing cache id test7 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L333

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/modules/system/src/Tests/Cache/GenericCacheBackendUnitTestBase.php:333
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test21', $cids), "Nonexistent cache id test21 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in AlterTest.php

CWE-94
File Location: core/modules/system/src/Tests/Form/AlterTest.php:36
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(strpos($content, implode(' ', $expected)) !== FALSE, 'Form alter hooks executed in the expected order.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L97

Dynamic Code Execution in RebuildTest.php

CWE-94
File Location: core/modules/system/src/Tests/Form/RebuildTest.php:97
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(count($this->xpath('//div[contains(@class, "field--name-field-ajax-test")]//input[@type="text"]')) == 2, 'AJAX submission succeeded.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L184

Dynamic Code Execution in StorageTest.php

CWE-94
File Location: core/modules/system/src/Tests/Form/StorageTest.php:184
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(empty($original['form']['#poisoned']), 'Original form structure was preserved');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L262

Dynamic Code Execution in TermTest.php

CWE-94
File Location: core/modules/taxonomy/src/Tests/TermTest.php:262
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($view_link), 'The message area contains a link to a node');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L373

Dynamic Code Execution in PluginBase.php

CWE-94
File Location: core/modules/views/src/Plugin/views/PluginBase.php:373
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('preg_match(\'/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/\', $top) === 1', 'Tokens need to be valid Twig variables.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L156

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:156
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), 'Backend returned an object for cache id test3.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L175

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:175
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test5.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L184

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:184
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($cached), "Backend returned an object for cache id test6.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L238

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:238
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($backend->get('test2')), "Backend returned an object for cache id %cid.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L243

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:243
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(is_object($backend->get('test2')), "Backend still has an object for cache id test2.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L315

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:315
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(isset($ret['test7']), "Existing cache id test7 is set.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L330

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:330
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test21', $cids), "Nonexistent cache id test21 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L359

Dynamic Code Execution in GenericCacheBackendUnitTestBase.php

CWE-94
File Location: core/tests/Drupal/KernelTests/Core/Cache/GenericCacheBackendUnitTestBase.php:359
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(in_array('test6', $cids), "Deleted cache id test6 is in cids array.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L208

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:208
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert($expected_title === $actual_title, 'Title found');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L275

Dynamic Code Execution in WebAssert.php

CWE-94
File Location: core/tests/Drupal/Tests/WebAssert.php:275
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assert(!empty($links[$index]), $message);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L99

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:99
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($yi < $n_to || $this->xchanged[$xi]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L448

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:448
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert('$j > 0');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in Cache.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/Cache.php:57
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($a) && \Drupal\Component\Assertion\Inspector::assertAllStrings($b)', 'Cache tags must be valid strings');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L197

Dynamic Code Execution in DatabaseBackend.php

CWE-94
File Location: core/lib/Drupal/Core/Cache/DatabaseBackend.php:197
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert('\Drupal\Component\Assertion\Inspector::assertAllStrings($item[\'tags\'])', 'Cache Tags must be strings.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.