Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Questionable Code Example

      function evaluate_xpath($doc, $xpathstring, $xmlstring)
      {
          $xpath = new DOMXpath($doc);
          $xpath->query($xpathstring); // Questionable
          $xpath->evaluate($xpathstring); // Questionable
      
          // There is no risk if the xpath is hardcoded
          $xpath->query("/users/user[@name='alice']"); // Compliant
          $xpath->evaluate("/users/user[@name='alice']"); // Compliant
      
          // An issue will also be created if the SimpleXMLElement is created
          // by simplexml_load_file, simplexml_load_string or simplexml_import_dom
          $xml = new SimpleXMLElement($doc);
          $xml->xpath($xpathstring); // Questionable
      
          // There is no risk if the xpath is hardcoded
          $xml->xpath("/users/user[@name='alice']"); // Compliant
      }
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nicolas.harraudeau Nicolas Harraudeau
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: