Back to Codebase

Vulnerability Analysis Report

Drush Drush v13.0.1

Scan ID: SCAN-DRUSH-DRUSH-FXOJlj • Hash: 4424ce31

Severity Score
Critical
Total Findings
23
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.507s

Vulnerability Details

L323

Dynamic Code Execution in CliCommands.php

CWE-94
File Location: src/Commands/core/CliCommands.php:323
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval(sprintf('class %s extends %s {
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L197

Dynamic Code Execution in DeployHookCommands.php

CWE-94
File Location: src/Commands/core/DeployHookCommands.php:197
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(isset($module) && isset($name) && isset($filename));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in PhpCommands.php

CWE-94
File Location: src/Commands/core/PhpCommands.php:60
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return eval($this->stdin()->contents());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L179

Dynamic Code Execution in FieldBaseOverrideCreateCommands.php

CWE-94
File Location: src/Commands/field/FieldBaseOverrideCreateCommands.php:179
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($override instanceof BaseFieldOverride);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L492

Dynamic Code Execution in FieldCreateCommands.php

CWE-94
File Location: src/Commands/field/FieldCreateCommands.php:492
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($storage instanceof EntityDisplayInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L291

Dynamic Code Execution in Drush.php

CWE-94
File Location: src/Drush.php:291
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($return instanceof SiteProcess);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L67

Dynamic Code Execution in DrushCommands.php

CWE-94
File Location: src/Commands/DrushCommands.php:67
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->io instanceof DrushStyle);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L272

Dynamic Code Execution in SiteInstallCommands.php

CWE-94
File Location: src/Commands/core/SiteInstallCommands.php:272
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($kernel instanceof InstallerKernel);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in MigrateExecutable.php

CWE-94
File Location: src/Drupal/Migrate/MigrateExecutable.php:168
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($eventDispatcher instanceof EventDispatcherInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L64

Dynamic Code Execution in DrushStyle.php

CWE-94
File Location: src-symfony-compatibility/v6/Style/DrushStyle.php:64
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($validator === null, 'The $validator parameter is non-functional. Use $validate instead.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L22

Dynamic Code Execution in ConfigAwareTrait.php

CWE-94
File Location: src/Config/ConfigAwareTrait.php:22
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($return instanceof DrushConfig, 'Expected DrushConfig, got ' . get_class($return) . '.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in DrushCommand.php

CWE-94
File Location: src/Psysh/DrushCommand.php:66
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($output instanceof ShellOutput);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L24

Dynamic Code Execution in FixtureCommands.php

CWE-94
File Location: sut/drush/Commands/FixtureCommands.php:24
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return eval($code . ';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in TestFixtureCommands.php

CWE-94
File Location: tests/functional/Commands/TestFixtureCommands.php:55
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return eval($code . ';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L119

Dynamic Code Execution in BootstrapManager.php

CWE-94
File Location: src/Boot/BootstrapManager.php:119
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->bootstrap instanceof DrupalBoot8);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L311

Dynamic Code Execution in DrupalBoot8.php

CWE-94
File Location: src/Boot/DrupalBoot8.php:311
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->kernel instanceof TerminableInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in DrushCommands.php

CWE-94
File Location: src/Commands/DrushCommands.php:76
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_null($this->logger) || $this->logger instanceof DrushLoggerManager, 'Instead of using replacing Drush\'s logger, use $this->add() on DrushLoggerManager to add a custom logger. See https://github.com/drush-ops/drush/pull/5022');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L33

Dynamic Code Execution in PhpCommands.php

CWE-94
File Location: src/Commands/core/PhpCommands.php:33
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return eval($code . ';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L143

Dynamic Code Execution in RsyncCommands.php

CWE-94
File Location: src/Commands/core/RsyncCommands.php:143
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($aliasConfigContext instanceof \Consolidation\Config\Config);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L504

Dynamic Code Execution in FieldCreateCommands.php

CWE-94
File Location: src/Commands/field/FieldCreateCommands.php:504
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($return instanceof EntityDisplayInterface || $return === null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L255

Dynamic Code Execution in FieldDeleteCommands.php

CWE-94
File Location: src/Commands/field/FieldDeleteCommands.php:255
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fieldStorage instanceof FieldStorageConfigInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L618

Dynamic Code Execution in MigrateExecutable.php

CWE-94
File Location: src/Drupal/Migrate/MigrateExecutable.php:618
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($eventDispatcher instanceof EventDispatcherInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in DrushHelpCommand.php

CWE-94
File Location: src/Psysh/DrushHelpCommand.php:49
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($output instanceof ShellOutput);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.