Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      // Any reference to STDIN is Sensitive
      $varstdin = STDIN; // Sensitive
      stream_get_line(STDIN, 40); // Sensitive
      stream_copy_to_stream(STDIN, STDOUT); // Sensitive
      // ...
      
      
      // Except those references as they can't create an injection vulnerability.
      ftruncate(STDIN, 5); // OK
      ftell(STDIN); // OK
      feof(STDIN); // OK
      fseek(STDIN, 5); // OK
      fclose(STDIN); // OK
      
      
      // STDIN can also be referenced like this
      $mystdin = 'php://stdin'; // Sensitive
      
      file_get_contents('php://stdin'); // Sensitive
      readfile('php://stdin'); // Sensitive
      
      $input = fopen('php://stdin', 'r'); // Sensitive
      fclose($input); // OK
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nicolas.harraudeau Nicolas Harraudeau
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: