Back to Codebase

Vulnerability Analysis Report

WooCommerce v10.9.0-beta.1

Scan ID: SCAN-WOOCOMMERCE-E9z1eU • Hash: db5c058a

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.019s

Vulnerability Details

L35

Dynamic Code Execution in Deferred.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Deferred.php:35
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($executor !== null, 'Always set in constructor, this callback runs only once.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L141

Dynamic Code Execution in SyncPromiseAdapter.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/Promise/Adapter/SyncPromiseAdapter.php:141
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($syncPromise instanceof SyncPromise);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L220

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:220
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($variableValues), 'Has variables if no errors.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L616

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:616
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fieldNode instanceof FieldNode, '$fieldNodes is non-empty');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L250

Dynamic Code Execution in Values.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/Values.php:250
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($argumentValueNode instanceof Node);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L144

Dynamic Code Execution in GraphQL.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/GraphQL.php:144
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($queryComplexity instanceof QueryComplexity, 'should not register a different rule for QueryComplexity');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in ListOfType.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/ListOfType.php:47
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof NamedType, 'known because we unwrapped all the way down');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in NamedTypeImplementation.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/NamedTypeImplementation.php:36
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($withoutPrefixType), 'regex is statically known to be correct');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L210

Dynamic Code Execution in QueryPlan.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/QueryPlan.php:210
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof Type, 'ensured by query validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L133

Dynamic Code Execution in Schema.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Schema.php:133
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof NamedType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L451

Dynamic Code Execution in AST.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/AST.php:451
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($schemaType instanceof ScalarType, "Schema must provide a ScalarType for built-in scalar \"{$typeName}\".");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L572

Dynamic Code Execution in AST.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/AST.php:572
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($innerType instanceof NullableType, 'proven by schema validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L422

Dynamic Code Execution in SchemaExtender.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/SchemaExtender.php:422
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($interface instanceof InterfaceType, 'we know this, but PHP templates cannot express it');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L514

Dynamic Code Execution in SchemaExtender.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/SchemaExtender.php:514
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L132

Dynamic Code Execution in TypeInfo.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/TypeInfo.php:132
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fieldType instanceof NamedType || $fieldType instanceof WrappingType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L154

Dynamic Code Execution in TypeInfo.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/TypeInfo.php:154
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fieldType instanceof NamedType || $fieldType instanceof WrappingType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L290

Dynamic Code Execution in Utils.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/Utils.php:290
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($lines), 'given the regex is valid');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L215

Dynamic Code Execution in QueryComplexity.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Validator/Rules/QueryComplexity.php:215
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_bool($skipArguments['if']), 'ensured by query validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L170

Dynamic Code Execution in OrderHelper.php

CWE-94
File Location: plugins/woocommerce/tests/legacy/unit-tests/rest-api/Helpers/OrderHelper.php:170
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( is_a( $wc_data_store->get_current_class_name(), OrdersTableDataStore::class, true ) === $enabled, 'data store\'s classname is "' . $wc_data_store->get_current_class_name() . '", but $enabled is "' . ( $enabled ? 'true' : 'false' ) . '"' );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L62

Dynamic Code Execution in class-wc-order-factory-test.php

CWE-94
File Location: plugins/woocommerce/tests/php/includes/class-wc-order-factory-test.php:62
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( $refund2->get_id() > 0 );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in DataSynchronizerTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/DataSynchronizerTests.php:70
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( get_post_type( $post_order2->get_id() ) === 'shop_order' );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L77

Dynamic Code Execution in DataSynchronizerTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/DataSynchronizerTests.php:77
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( get_post_type( $cot_order2->get_id() ) === DataSynchronizer::PLACEHOLDER_ORDER_POST_TYPE );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1409

Dynamic Code Execution in OrdersTableDataStoreTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/OrdersTableDataStoreTests.php:1409
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( get_post_type( $post_object->ID ) === 'shop_order' );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1839

Dynamic Code Execution in OrdersTableDataStoreTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/OrdersTableDataStoreTests.php:1839
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( $order->get_total_tax() > 0 );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L98

Dynamic Code Execution in AmpPromiseAdapter.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/Promise/Adapter/AmpPromiseAdapter.php:98
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($ampPromise instanceof AmpPromise);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L32

Dynamic Code Execution in ReactPromiseAdapter.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/Promise/Adapter/ReactPromiseAdapter.php:32
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($reactPromise instanceof ReactPromiseInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L918

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:918
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1475

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:1475
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L459

Dynamic Code Execution in Lexer.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Language/Lexer.php:459
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_int($code), 'Since only a single char is read');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L47

Dynamic Code Execution in NonNull.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/NonNull.php:47
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof NamedType, 'known because we unwrapped all the way down');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L259

Dynamic Code Execution in QueryPlan.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/QueryPlan.php:259
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L442

Dynamic Code Execution in ResolveInfo.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/ResolveInfo.php:442
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($parentType instanceof HasFieldsType, 'ensured by query validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L333

Dynamic Code Execution in Type.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/Type.php:333
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof NullableType, 'only other option');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L452

Dynamic Code Execution in Schema.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Schema.php:452
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($abstractType instanceof InterfaceType, 'only other option');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L264

Dynamic Code Execution in SchemaValidationContext.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/SchemaValidationContext.php:264
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof ScalarType, 'only remaining option');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L325

Dynamic Code Execution in ASTDefinitionBuilder.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/ASTDefinitionBuilder.php:325
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($def instanceof InputObjectTypeDefinitionNode, 'all implementations are known');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L356

Dynamic Code Execution in SchemaExtender.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/SchemaExtender.php:356
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($extension instanceof EnumTypeExtensionNode, 'proven by schema validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L109

Dynamic Code Execution in TypeInfo.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/TypeInfo.php:109
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L169

Dynamic Code Execution in TypeInfo.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/TypeInfo.php:169
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($argType instanceof NamedType || $argType instanceof WrappingType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L89

Dynamic Code Execution in Value.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/Value.php:89
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($itemType instanceof InputType, 'known through schema validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L29

Dynamic Code Execution in UniqueArgumentDefinitionNames.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Validator/Rules/UniqueArgumentDefinitionNames.php:29
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L38

Dynamic Code Execution in UniqueFieldDefinitionNames.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Validator/Rules/UniqueFieldDefinitionNames.php:38
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L211

Dynamic Code Execution in OrderHelper.php

CWE-94
File Location: plugins/woocommerce/tests/legacy/unit-tests/rest-api/Helpers/OrderHelper.php:211
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( isset( $post ) );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in class-wc-order-factory-test.php

CWE-94
File Location: plugins/woocommerce/tests/php/includes/class-wc-order-factory-test.php:50
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( $order2 > 0 );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L58

Dynamic Code Execution in class-wc-order-factory-test.php

CWE-94
File Location: plugins/woocommerce/tests/php/includes/class-wc-order-factory-test.php:58
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( $refund1->get_id() > 0 );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L111

Dynamic Code Execution in OrdersTableDataStoreRestOrdersControllerTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/OrdersTableDataStoreRestOrdersControllerTests.php:111
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( is_a( $wc_data_store->get_current_class_name(), OrdersTableDataStore::class, true ) === $enabled );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in AmpFutureAdapter.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/Promise/Adapter/AmpFutureAdapter.php:36
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($future instanceof Future);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L109

Dynamic Code Execution in AmpPromiseAdapter.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/Promise/Adapter/AmpPromiseAdapter.php:109
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($values), 'Either $reason or $values must be passed');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L542

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:542
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fieldNodes instanceof \ArrayObject, 'The keys of $fields populate $responseName');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L914

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:914
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($returnType instanceof NamedType, 'Wrapping types should return early');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L226

Dynamic Code Execution in Visitor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Language/Visitor.php:226
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($node instanceof NodeList, 'Follows from $inList');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L149

Dynamic Code Execution in InputObjectType.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/InputObjectType.php:149
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field instanceof Type || is_array($field) || $field instanceof InputObjectField);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L154

Dynamic Code Execution in InputObjectType.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/InputObjectType.php:154
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($field) || $field instanceof InputObjectField); // @phpstan-ignore-line TODO remove when using actual union types
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L174

Dynamic Code Execution in QueryPlan.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/QueryPlan.php:174
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($parentType instanceof HasFieldsType, 'ensured by query validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L482

Dynamic Code Execution in ResolveInfo.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/ResolveInfo.php:482
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fieldType instanceof Type, 'ensured by query validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L493

Dynamic Code Execution in ResolveInfo.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/ResolveInfo.php:493
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fieldType instanceof Type, 'ensured by query validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L496

Dynamic Code Execution in ResolveInfo.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/ResolveInfo.php:496
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($fieldType instanceof NamedType, 'ensured by query validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L267

Dynamic Code Execution in Type.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/Type.php:267
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type === null || $type instanceof NamedType, 'only other option');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L142

Dynamic Code Execution in Schema.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Schema.php:142
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L539

Dynamic Code Execution in Schema.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Schema.php:539
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($abstractType instanceof UnionType, 'only other option');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L157

Dynamic Code Execution in AST.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/AST.php:157
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($wrappedType instanceof InputType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L443

Dynamic Code Execution in AST.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/AST.php:443
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof ScalarType, 'only remaining option');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L15

Dynamic Code Execution in PhpDoc.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/PhpDoc.php:15
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($content), 'regex is statically known to be valid');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L18

Dynamic Code Execution in PhpDoc.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/PhpDoc.php:18
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($content), 'regex is statically known to be valid');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L323

Dynamic Code Execution in SchemaExtender.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/SchemaExtender.php:323
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($extension instanceof InputObjectTypeExtensionNode, 'proven by schema validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L384

Dynamic Code Execution in SchemaExtender.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/SchemaExtender.php:384
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($extension instanceof UnionTypeExtensionNode, 'proven by schema validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L415

Dynamic Code Execution in SchemaExtender.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/SchemaExtender.php:415
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L451

Dynamic Code Execution in SchemaPrinter.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/SchemaPrinter.php:451
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($reasonAST instanceof StringValueNode);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L131

Dynamic Code Execution in Utils.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/Utils.php:131
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_string($char), 'format string is statically known to be correct');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L135

Dynamic Code Execution in Utils.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/Utils.php:135
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($unpacked), 'format string is statically known to be correct');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L207

Dynamic Code Execution in QueryValidationContext.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Validator/QueryValidationContext.php:207
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($selection instanceof FieldNode || $selection instanceof InlineFragmentNode);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L204

Dynamic Code Execution in QueryComplexity.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Validator/Rules/QueryComplexity.php:204
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_bool($includeArguments['if']), 'ensured by query validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L69

Dynamic Code Execution in DataSynchronizerTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/DataSynchronizerTests.php:69
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( get_post_type( $post_order1->get_id() ) === 'shop_order' );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L76

Dynamic Code Execution in DataSynchronizerTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/DataSynchronizerTests.php:76
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( get_post_type( $cot_order1->get_id() ) === DataSynchronizer::PLACEHOLDER_ORDER_POST_TYPE );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3300

Dynamic Code Execution in OrdersTableDataStoreTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/OrdersTableDataStoreTests.php:3300
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( $order->get_date_modified() < $current_date_time ); // Meta check, to make sure our test stay effective if we run testsuite in a different timezone.
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3439

Dynamic Code Execution in OrdersTableDataStoreTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/OrdersTableDataStoreTests.php:3439
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( empty( $order->get_changes() ), 'Order was not saved properly, test cannot continue.' );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L45

Dynamic Code Execution in AmpPromiseAdapter.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/Promise/Adapter/AmpPromiseAdapter.php:45
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($ampPromise instanceof AmpPromise);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L39

Dynamic Code Execution in SyncPromiseAdapter.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/Promise/Adapter/SyncPromiseAdapter.php:39
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($syncPromise instanceof SyncPromise);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L219

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:219
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($operation instanceof OperationDefinitionNode, 'Has operation if no errors.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L927

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:927
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($schemaType instanceof LeafType, "Schema must provide a LeafType for built-in scalar \"{$returnType->name}\".");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1261

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:1261
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_bool($isTypeOf), 'Promise would return early');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1480

Dynamic Code Execution in ReferenceExecutor.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Executor/ReferenceExecutor.php:1480
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L165

Dynamic Code Execution in InputObjectType.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/InputObjectType.php:165
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($field instanceof InputObjectField); // @phpstan-ignore-line TODO remove when using actual union types
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L201

Dynamic Code Execution in QueryPlan.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Type/Definition/QueryPlan.php:201
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof Type, 'ensured by query validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L174

Dynamic Code Execution in AST.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/AST.php:174
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($itemType instanceof InputType, 'proven by schema validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L238

Dynamic Code Execution in AST.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/AST.php:238
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof LeafType, 'other options were exhausted');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L622

Dynamic Code Execution in ASTDefinitionBuilder.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/ASTDefinitionBuilder.php:622
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof InputType, 'proven by schema validation');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L149

Dynamic Code Execution in TypeInfo.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/TypeInfo.php:149
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($argType instanceof NamedType || $argType instanceof WrappingType);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L64

Dynamic Code Execution in Value.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/Value.php:64
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($schemaType instanceof ScalarType, "Schema must provide a ScalarType for built-in scalar \"{$type->name}\".");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L122

Dynamic Code Execution in Value.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Utils/Value.php:122
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($type instanceof InputObjectType, 'we handled all other cases at this point');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L34

Dynamic Code Execution in ExecutableDefinitions.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Validator/Rules/ExecutableDefinitions.php:34
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L50

Dynamic Code Execution in UniqueInputFieldNames.php

CWE-94
File Location: plugins/woocommerce/lib/packages/GraphQL/Validator/Rules/UniqueInputFieldNames.php:50
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(is_array($knownNames), 'should not happen if the visitor works correctly');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L212

Dynamic Code Execution in OrderHelper.php

CWE-94
File Location: plugins/woocommerce/tests/legacy/unit-tests/rest-api/Helpers/OrderHelper.php:212
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( 'shop_order' === $post->post_type );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L49

Dynamic Code Execution in class-wc-order-factory-test.php

CWE-94
File Location: plugins/woocommerce/tests/php/includes/class-wc-order-factory-test.php:49
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( $order1 > 0 );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L78

Dynamic Code Execution in DataSynchronizerTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/DataSynchronizerTests.php:78
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( get_post_type( $cot_order3->get_id() ) === DataSynchronizer::PLACEHOLDER_ORDER_POST_TYPE );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1840

Dynamic Code Execution in OrdersTableDataStoreTests.php

CWE-94
File Location: plugins/woocommerce/tests/php/src/Internal/DataStores/Orders/OrdersTableDataStoreTests.php:1840
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert( $order->get_total() > 0 );
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L128

Potential SQL Injection in rest-api.php

CWE-89
File Location: plugins/woocommerce-beta-tester/api/options/rest-api.php:128
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $options = $wpdb->get_results( $query ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L458

Potential SQL Injection in class-wc-customer-data-store.php

CWE-89
File Location: plugins/woocommerce/includes/data-stores/class-wc-customer-data-store.php:458
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $count = $wpdb->get_var( $sql );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L280

Potential SQL Injection in class-wc-payment-token-data-store.php

CWE-89
File Location: plugins/woocommerce/includes/data-stores/class-wc-payment-token-data-store.php:280
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $token_results = $wpdb->get_results( $sql . ' WHERE ' . implode( ' AND ', $where ) . ' ' . $limits );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L347

Potential SQL Injection in class-wc-webhook-data-store.php

CWE-89
File Location: plugins/woocommerce/includes/data-stores/class-wc-webhook-data-store.php:347
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $webhook_ids = wp_parse_id_list( $wpdb->get_col( $query ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));