Back to Codebase

Vulnerability Analysis Report

Mglaman Phpstan Drupal v1.2.11

Scan ID: SCAN-MGLAMAN-PHPSTAN-DRUPAL-HPN2w3 • Hash: b29e916e

Severity Score
Critical
Total Findings
29
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.774s

Vulnerability Details

L39

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:39
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($boolean_field instanceof BooleanItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L45

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:45
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($changed_field instanceof ChangedItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:76
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($float_field instanceof FloatItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L109

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:109
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($string_field instanceof StringItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L146

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:146
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_uri_field instanceof FileUriItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in GetDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/GetDeprecatedServiceRule.php:50
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($serviceNameArg instanceof Node\Arg);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L81

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:81
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($reflection !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:57
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($decimal_field instanceof DecimalItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L121

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:121
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($timestamp_field instanceof TimestampItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in StaticServiceDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/StaticServiceDeprecatedServiceRule.php:59
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($serviceNameArg instanceof Node\Arg);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L65

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:65
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($classType instanceof ObjectType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L11

Dynamic Code Execution in bug-586.php

CWE-94
File Location: tests/src/Rules/data/bug-586.php:11
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($genericContentEntityStorage instanceof ContentEntityStorageInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L11

Dynamic Code Execution in cache-backend-interface-stub.php

CWE-94
File Location: tests/src/Type/data/cache-backend-interface-stub.php:11
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($dbBackend instanceof DatabaseBackend);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L69

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:69
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity_reference_field instanceof EntityReferenceItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L95

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:95
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($map_field instanceof MapItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L101

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:101
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($password_field instanceof PasswordItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L115

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:115
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($string_long_field instanceof StringLongItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L127

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:127
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($uri_field instanceof UriItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L133

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:133
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($uuid_field instanceof UuidItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L84

Dynamic Code Execution in ExtensionMap.php

CWE-94
File Location: src/Drupal/ExtensionMap.php:84
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($combined));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L41

Dynamic Code Execution in EntityFieldMethodsViaMagicReflectionExtension.php

CWE-94
File Location: src/Reflection/EntityFieldMethodsViaMagicReflectionExtension.php:41
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($classReflection !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L10

Dynamic Code Execution in bug-563.php

CWE-94
File Location: tests/src/Type/data/bug-563.php:10
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($container !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L15

Dynamic Code Execution in cache-backend-interface-stub.php

CWE-94
File Location: tests/src/Type/data/cache-backend-interface-stub.php:15
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($memoryBackend instanceof MemoryBackend);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:31
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($link_field instanceof LinkItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L51

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:51
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($created_field instanceof CreatedItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L63

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:63
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($email_field instanceof EmailItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:82
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($integer_field instanceof IntegerItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L88

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:88
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($language_field instanceof LanguageItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L139

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:139
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_field instanceof FileItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.