Back to Codebase

Vulnerability Analysis Report

Mglaman Phpstan Drupal v1.1.12

Scan ID: SCAN-MGLAMAN-PHPSTAN-DRUPAL-ZdZfop • Hash: eb28374f

Severity Score
Critical
Total Findings
39
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.517s

Vulnerability Details

L80

Dynamic Code Execution in ExtensionMap.php

CWE-94
File Location: src/Drupal/ExtensionMap.php:80
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($combined));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in EntityFieldMethodsViaMagicReflectionExtension.php

CWE-94
File Location: src/Reflection/EntityFieldMethodsViaMagicReflectionExtension.php:40
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($classReflection !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in StaticServiceDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/StaticServiceDeprecatedServiceRule.php:31
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\StaticCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in StaticServiceDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/StaticServiceDeprecatedServiceRule.php:57
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($serviceNameArg instanceof Node\Arg);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L22

Dynamic Code Execution in DiscouragedFunctionsRule.php

CWE-94
File Location: src/Rules/Drupal/Coder/DiscouragedFunctionsRule.php:22
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof FuncCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L20

Dynamic Code Execution in GlobalDrupalDependencyInjectionRule.php

CWE-94
File Location: src/Rules/Drupal/GlobalDrupalDependencyInjectionRule.php:20
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\StaticCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L22

Dynamic Code Execution in LoadIncludes.php

CWE-94
File Location: src/Rules/Drupal/LoadIncludes.php:22
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\MethodCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L107

Dynamic Code Execution in EntityFieldsViaMagicReflectionExtensionTest.php

CWE-94
File Location: tests/src/Reflection/EntityFieldsViaMagicReflectionExtensionTest.php:107
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($readableType instanceof ObjectType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:29
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($link_field instanceof LinkItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L43

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:43
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($changed_field instanceof ChangedItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L67

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:67
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity_reference_field instanceof EntityReferenceItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L99

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:99
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($password_field instanceof PasswordItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L107

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:107
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($string_field instanceof StringItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L39

Dynamic Code Execution in DeprecatedAnnotationsRuleBase.php

CWE-94
File Location: src/Rules/Deprecations/DeprecatedAnnotationsRuleBase.php:39
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Stmt\Class_);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in PluginManagerSetsCacheBackendRule.php

CWE-94
File Location: src/Rules/Drupal/PluginManager/PluginManagerSetsCacheBackendRule.php:25
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Stmt\ClassMethod);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:72
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($reflection !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L32

Dynamic Code Execution in drupal-phpunit-hack.php

CWE-94
File Location: drupal-phpunit-hack.php:32
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($alteredCode !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in GetDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/GetDeprecatedServiceRule.php:31
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\MethodCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in ModuleLoadInclude.php

CWE-94
File Location: src/Rules/Drupal/ModuleLoadInclude.php:25
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\FuncCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L48

Dynamic Code Execution in RenderCallbackRule.php

CWE-94
File Location: src/Rules/Drupal/RenderCallbackRule.php:48
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\ArrayItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L56

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:56
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($classType instanceof ObjectType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L37

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:37
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($boolean_field instanceof BooleanItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L61

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:61
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($email_field instanceof EmailItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L86

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:86
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($language_field instanceof LanguageItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L93

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:93
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($map_field instanceof MapItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L113

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:113
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($string_long_field instanceof StringLongItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L119

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:119
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($timestamp_field instanceof TimestampItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L125

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:125
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($uri_field instanceof UriItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L131

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:131
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($uuid_field instanceof UuidItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L27

Dynamic Code Execution in AccessDeprecatedConstant.php

CWE-94
File Location: src/Rules/Deprecations/AccessDeprecatedConstant.php:27
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\ConstFetch);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L23

Dynamic Code Execution in ConditionManagerCreateInstanceContextConfigurationRule.php

CWE-94
File Location: src/Rules/Deprecations/ConditionManagerCreateInstanceContextConfigurationRule.php:23
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Expr\MethodCall);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L48

Dynamic Code Execution in GetDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/GetDeprecatedServiceRule.php:48
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($serviceNameArg instanceof Node\Arg);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L25

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:25
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof Node\Stmt\Class_);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L99

Dynamic Code Execution in EntityFieldsViaMagicReflectionExtensionTest.php

CWE-94
File Location: tests/src/Reflection/EntityFieldsViaMagicReflectionExtensionTest.php:99
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($readableType instanceof ObjectType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L102

Dynamic Code Execution in EntityFieldsViaMagicReflectionExtensionTest.php

CWE-94
File Location: tests/src/Reflection/EntityFieldsViaMagicReflectionExtensionTest.php:102
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($writeableType instanceof ObjectType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:49
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($created_field instanceof CreatedItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L55

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:55
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($decimal_field instanceof DecimalItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L74

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:74
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($float_field instanceof FloatItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L80

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:80
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($integer_field instanceof IntegerItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.