Hi :)
For personal use, I needed to check that the developer doesn't execute OS commands in Php code in order to prevent OS command injection vulnerabilities.
Since it doesn't exist, I developed this custom rule. Now, it detects the use of risky functions such us:
- ell_exec()
- exec()
- system()
- proc_open()
- popen()
- passthru()
and proposes to do not use them, or at least to follow those steps if needed:
- Escaping any user input using escapeshellarg().
- Using an absolute path to the executable you call and comparing it to a list of allowed paths.
- Sandboxing the command
- Running the command with limited privileges
I was wondering if this rule is may interest other people and thus be added to the Php plugin.
Best regards