- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: php-security/extract-untrusted-data
Language: PHP
Severity: Error
Category: Security
CWE: 95
The extract()
function in PHP can be used to import variables into the local symbol table from an array. However, using it on untrusted data, such as user input, can lead to a variety of security vulnerabilities, including arbitrary code execution and SQL injection, making it a dangerous practice.
By using extract()
on untrusted data, you may inadvertently create variables that overwrite important ones, or worse, you could execute harmful code that was injected by a malicious user.
To adhere to this rule, you should explicitly assign and sanitize user input rather than using extract()
. This will ensure your code remains secure and compliant.
<?php
// Insecure: Using extract() on untrusted data from $_GET
extract($_GET);
echo "Hello, $name!";
// Insecure: Using extract() on untrusted data from $_POST
extract($_POST);
if ($isAdmin) {
echo "Welcome, admin!";
} else {
echo "Welcome, user!";
}
// Insecure: Using extract() on untrusted data from $_FILES
extract($_FILES['uploadedFile']);
if (move_uploaded_file($tmp_name, "uploads/$name")) {
echo "File uploaded successfully!";
} else {
echo "File upload failed.";
}
?>
<?php
// Secure: Explicitly assign and sanitize user input
$name = htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8');
echo "Hello, $name!";
// Secure: Explicitly assign and validate user input
$isAdmin = isset($_POST['isAdmin']) && $_POST['isAdmin'] == '1';
if ($isAdmin) {
echo "Welcome, admin!";
} else {
echo "Welcome, user!";
}
// Secure: Explicitly handle file upload variables and validate
$file = $_FILES['uploadedFile'];
$uploadDir = 'uploads/';
$uploadFile = $uploadDir . basename($file['name']);
if (move_uploaded_file($file['tmp_name'], $uploadFile)) {
echo "File uploaded successfully!";
} else {
echo "File upload failed.";
}
?>