Back to Codebase

Vulnerability Analysis Report

Mglaman Phpstan Drupal v1.1.31

Scan ID: SCAN-MGLAMAN-PHPSTAN-DRUPAL-VIaS8y • Hash: 6a2968e0

Severity Score
Critical
Total Findings
40
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.908s

Vulnerability Details

L80

Dynamic Code Execution in ExtensionMap.php

CWE-94
File Location: src/Drupal/ExtensionMap.php:80
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($combined));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L39

Dynamic Code Execution in DeprecatedAnnotationsRuleBase.php

CWE-94
File Location: src/Rules/Deprecations/DeprecatedAnnotationsRuleBase.php:39
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Stmt\Class_);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in StaticServiceDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/StaticServiceDeprecatedServiceRule.php:57
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($serviceNameArg instanceof Node\Arg);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in SymfonyCmfRoutingInClassMethodSignatureRule.php

CWE-94
File Location: src/Rules/Deprecations/SymfonyCmfRoutingInClassMethodSignatureRule.php:25
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof InClassMethodNode);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L22

Dynamic Code Execution in DiscouragedFunctionsRule.php

CWE-94
File Location: src/Rules/Drupal/Coder/DiscouragedFunctionsRule.php:22
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof FuncCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L20

Dynamic Code Execution in GlobalDrupalDependencyInjectionRule.php

CWE-94
File Location: src/Rules/Drupal/GlobalDrupalDependencyInjectionRule.php:20
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\StaticCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L58

Dynamic Code Execution in RenderCallbackRule.php

CWE-94
File Location: src/Rules/Drupal/RenderCallbackRule.php:58
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\ArrayItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:25
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Stmt\Class_);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L56

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:56
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($classType instanceof ObjectType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:31
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($link_field instanceof LinkItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L39

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:39
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($boolean_field instanceof BooleanItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L45

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:45
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($changed_field instanceof ChangedItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in EntityFieldMethodsViaMagicReflectionExtension.php

CWE-94
File Location: src/Reflection/EntityFieldMethodsViaMagicReflectionExtension.php:40
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($classReflection !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L26

Dynamic Code Execution in AccessDeprecatedConstant.php

CWE-94
File Location: src/Rules/Deprecations/AccessDeprecatedConstant.php:26
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\ConstFetch);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L23

Dynamic Code Execution in ConditionManagerCreateInstanceContextConfigurationRule.php

CWE-94
File Location: src/Rules/Deprecations/ConditionManagerCreateInstanceContextConfigurationRule.php:23
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\MethodCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L24

Dynamic Code Execution in RequestStackGetMainRequestRule.php

CWE-94
File Location: src/Rules/Drupal/RequestStackGetMainRequestRule.php:24
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\MethodCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L69

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:69
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity_reference_field instanceof EntityReferenceItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:76
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($float_field instanceof FloatItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L95

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:95
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($map_field instanceof MapItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L109

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:109
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($string_field instanceof StringItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L133

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:133
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($uuid_field instanceof UuidItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in GetDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/GetDeprecatedServiceRule.php:31
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\MethodCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in ModuleLoadInclude.php

CWE-94
File Location: src/Rules/Drupal/ModuleLoadInclude.php:25
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\FuncCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:72
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($reflection !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L51

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:51
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($created_field instanceof CreatedItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L63

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:63
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($email_field instanceof EmailItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L82

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:82
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($integer_field instanceof IntegerItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L101

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:101
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($password_field instanceof PasswordItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L115

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:115
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($string_long_field instanceof StringLongItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L139

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:139
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_field instanceof FileItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L48

Dynamic Code Execution in GetDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/GetDeprecatedServiceRule.php:48
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($serviceNameArg instanceof Node\Arg);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in StaticServiceDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/StaticServiceDeprecatedServiceRule.php:31
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\StaticCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L23

Dynamic Code Execution in SymfonyCmfRouteObjectInterfaceConstantsRule.php

CWE-94
File Location: src/Rules/Deprecations/SymfonyCmfRouteObjectInterfaceConstantsRule.php:23
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\ClassConstFetch);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L22

Dynamic Code Execution in LoadIncludes.php

CWE-94
File Location: src/Rules/Drupal/LoadIncludes.php:22
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\MethodCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in PluginManagerSetsCacheBackendRule.php

CWE-94
File Location: src/Rules/Drupal/PluginManager/PluginManagerSetsCacheBackendRule.php:25
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Stmt\ClassMethod);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:57
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($decimal_field instanceof DecimalItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L88

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:88
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($language_field instanceof LanguageItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L121

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:121
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($timestamp_field instanceof TimestampItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L127

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:127
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($uri_field instanceof UriItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L146

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:146
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_uri_field instanceof FileUriItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.