Back to Codebase

Vulnerability Analysis Report

Mglaman Phpstan Drupal v1.3.2

Scan ID: SCAN-MGLAMAN-PHPSTAN-DRUPAL-nW0MJs • Hash: a66b2ecb

Severity Score
Critical
Total Findings
32
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.13s

Vulnerability Details

L59

Dynamic Code Execution in StaticServiceDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/StaticServiceDeprecatedServiceRule.php:59
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($serviceNameArg instanceof Node\Arg);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L80

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:80
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($reflection !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L54

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:54
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($boolean_field instanceof BooleanItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:66
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($created_field instanceof CreatedItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:72
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($decimal_field instanceof DecimalItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L91

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:91
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($float_field instanceof FloatItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L103

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:103
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($language_field instanceof LanguageItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L154

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:154
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($datetime_field instanceof DateTimeItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L41

Dynamic Code Execution in EntityFieldMethodsViaMagicReflectionExtension.php

CWE-94
File Location: src/Reflection/EntityFieldMethodsViaMagicReflectionExtension.php:41
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($classReflection !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L11

Dynamic Code Execution in bug-586.php

CWE-94
File Location: tests/src/Rules/data/bug-586.php:11
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($genericContentEntityStorage instanceof ContentEntityStorageInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L78

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:78
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($email_field instanceof EmailItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L84

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:84
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($entity_reference_field instanceof EntityReferenceItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L97

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:97
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($integer_field instanceof IntegerItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L124

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:124
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($string_field instanceof StringItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L130

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:130
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($string_long_field instanceof StringLongItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L136

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:136
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($timestamp_field instanceof TimestampItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L142

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:142
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($uri_field instanceof UriItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L63

Dynamic Code Execution in BrowserTestBaseDefaultThemeRule.php

CWE-94
File Location: src/Rules/Drupal/Tests/BrowserTestBaseDefaultThemeRule.php:63
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($classType instanceof ObjectType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L11

Dynamic Code Execution in cache-backend-interface-stub.php

CWE-94
File Location: tests/src/Type/data/cache-backend-interface-stub.php:11
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($dbBackend instanceof DatabaseBackend);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L46

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:46
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($link_field instanceof LinkItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L161

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:161
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_field instanceof FileItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L182

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:182
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_long_field instanceof TextLongItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L190

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:190
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_with_summary_field instanceof TextWithSummaryItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in GetDeprecatedServiceRule.php

CWE-94
File Location: src/Rules/Deprecations/GetDeprecatedServiceRule.php:50
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($serviceNameArg instanceof Node\Arg);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L10

Dynamic Code Execution in bug-563.php

CWE-94
File Location: tests/src/Type/data/bug-563.php:10
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($container !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L15

Dynamic Code Execution in cache-backend-interface-stub.php

CWE-94
File Location: tests/src/Type/data/cache-backend-interface-stub.php:15
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($memoryBackend instanceof MemoryBackend);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:60
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($changed_field instanceof ChangedItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L110

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:110
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($map_field instanceof MapItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L116

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:116
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($password_field instanceof PasswordItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L148

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:148
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($uuid_field instanceof UuidItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:168
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file_uri_field instanceof FileUriItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L174

Dynamic Code Execution in field-types.php

CWE-94
File Location: tests/src/Type/data/field-types.php:174
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($text_field instanceof TextItem);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.