-
-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathdisallowed-insecure-calls.neon
81 lines (81 loc) · 3.2 KB
/
disallowed-insecure-calls.neon
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
parameters:
disallowedFunctionCalls:
-
function: 'md5()'
message: 'use hash() with at least SHA-256 for secure hash, or password_hash() for passwords'
-
function: 'sha1()'
message: 'use hash() with at least SHA-256 for secure hash, or password_hash() for passwords'
-
function: 'md5_file()'
message: 'use hash_file() with at least SHA-256 for secure hash'
-
function: 'sha1_file()'
message: 'use hash_file() with at least SHA-256 for secure hash'
-
function: 'hash()'
message: 'use hash() with at least SHA-256 for secure hash, or password_hash() for passwords'
allowExceptCaseInsensitiveParams:
1: 'md5'
-
function: 'hash()'
message: 'use hash() with at least SHA-256 for secure hash, or password_hash() for passwords'
allowExceptCaseInsensitiveParams:
1: 'sha1'
-
function: 'hash_file()'
message: 'use hash_file() with at least SHA-256 for secure hash, or password_hash() for passwords'
allowExceptCaseInsensitiveParams:
1: 'md5'
-
function: 'hash_file()'
message: 'use hash_file() with at least SHA-256 for secure hash, or password_hash() for passwords'
allowExceptCaseInsensitiveParams:
1: 'sha1'
-
function: 'hash_init()'
message: 'use hash_init() with at least SHA-256 for secure hash, or password_hash() for passwords'
allowExceptCaseInsensitiveParams:
1: 'md5'
-
function: 'hash_init()'
message: 'use hash_init() with at least SHA-256 for secure hash, or password_hash() for passwords'
allowExceptCaseInsensitiveParams:
1: 'sha1'
-
function: 'rand()'
message: 'it is not a cryptographically secure generator, use random_int() instead'
-
function: 'mt_rand()'
message: 'it is not a cryptographically secure generator, use random_int() instead'
-
function: 'lcg_value()'
message: 'it is not a cryptographically secure generator, use random_int() instead'
-
function: 'uniqid()'
message: 'it is not a cryptographically secure generator, use random_bytes() instead'
-
function: 'mysql_query()'
message: 'use PDO::prepare() with variable binding/parametrized queries to prevent SQL Injection vulnerability'
-
function: 'mysql_unbuffered_query()'
message: 'use PDO::prepare() with variable binding/parametrized queries to prevent SQL Injection vulnerability'
-
function: 'mysqli_query()'
message: 'use PDO::prepare() with variable binding/parametrized queries to prevent SQL Injection vulnerability'
-
function: 'mysqli_multi_query()'
message: 'use PDO::prepare() with variable binding/parametrized queries to prevent SQL Injection vulnerability'
-
function: 'mysqli_real_query()'
message: 'use PDO::prepare() with variable binding/parametrized queries to prevent SQL Injection vulnerability'
disallowedMethodCalls:
-
function: 'mysqli::query()'
message: 'use PDO::prepare() with variable binding/parametrized queries to prevent SQL Injection vulnerability'
-
function: 'mysqli::multi_query()'
message: 'use PDO::prepare() with variable binding/parametrized queries to prevent SQL Injection vulnerability'
-
function: 'mysqli::real_query()'
message: 'use PDO::prepare() with variable binding/parametrized queries to prevent SQL Injection vulnerability'