Sending HTTP requests is security-sensitive. It has led in the past to the following vulnerabilities:
An HTTP request has different kinds of vulnerabilities:
This rule flags code that initiates an HTTP request. The goal is to guide security code reviews.
You are at risk if you answered yes to any of those questions.
Builtin functions
function sendHttpRequest($url) {
// The following are questionable when used with a hard coded http or https url. The limitation is to avoid False positives.
file_get_contents('https://example.com'); // Questionable
fopen('http://example.com', 'r'); // Questionable
readfile('http://example.com'); // Questionable
copy('http://example.com', 'test.txt'); // Questionable
file('http://example.com'); // Questionable
// Some of these function also accept a context. When this context is an 'http' context. See above.
file_get_contents('http://example.com', false, $context); // Questionable
fopen('http://example.com', 'r', false, $context); // Questionable
file('http://example.com', 0, $context); // Questionable
readfile('http://example.com', False, $context); // Questionable
get_headers('http://example.com'); // Questionable
get_meta_tags('http://example.com'); // Questionable, when used with a hard coded http or https url. The limitation is to avoid False positives.
}
Curl functions
$url = 'http://example.com'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); //Execute the request. $data = curl_exec($ch); // Questionable curl_close($ch);
Guzzle
new GuzzleHttp\Client(); // Questionable
PECL HTTP
new http\Client\Request('GET', 'http://example.com'); // Questionable