- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: php-security/assert-user-input
Language: PHP
Severity: Error
Category: Security
CWE: 95
You should not call assert
on unsanitized user input. The assert
function is a debugging feature in PHP that evaluates an assertion and triggers an error when the assertion is false. Using unsanitized user input as the argument for an assert
function can lead to security vulnerabilities, as it could allow a malicious user to execute arbitrary code.
To adhere to this rule and maintain good coding practices, always sanitize user inputs before using them in your code. You can create a function to sanitize the input, or use built-in PHP functions such as filter_var
. Additionally, it’s generally a good idea to avoid using the assert
function on user input altogether, even if it has been sanitized. Instead, use other methods to validate user input, such as comparison operators or regular expressions.
<?php
$data = $_GET['input'];
assert($data);
<?php
$data = $_GET['input'];
$data = sanitize_input($data);
assert($data);
|
|
For more information, please read the Code Analysis documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products