From 00a37798001b2d511e076194db2e421391e0023a Mon Sep 17 00:00:00 2001 From: David Roe Date: Tue, 17 Oct 2023 11:13:35 +0100 Subject: [PATCH] test: update reflection using user input snapshots --- .../__snapshots__/test.js.snap | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/php/lang/reflection_using_user_input/__snapshots__/test.js.snap b/tests/php/lang/reflection_using_user_input/__snapshots__/test.js.snap index 49c4f41f8..90f57efda 100644 --- a/tests/php/lang/reflection_using_user_input/__snapshots__/test.js.snap +++ b/tests/php/lang/reflection_using_user_input/__snapshots__/test.js.snap @@ -9,7 +9,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 5, "full_filename": "/tmp/bearer-scan/bad.php", @@ -43,7 +43,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 6, "full_filename": "/tmp/bearer-scan/bad.php", @@ -77,7 +77,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 7, "full_filename": "/tmp/bearer-scan/bad.php", @@ -111,7 +111,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 8, "full_filename": "/tmp/bearer-scan/bad.php", @@ -145,7 +145,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 10, "full_filename": "/tmp/bearer-scan/bad.php", @@ -179,7 +179,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 12, "full_filename": "/tmp/bearer-scan/bad.php", @@ -213,7 +213,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 14, "full_filename": "/tmp/bearer-scan/bad.php", @@ -247,7 +247,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 15, "full_filename": "/tmp/bearer-scan/bad.php", @@ -281,7 +281,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 17, "full_filename": "/tmp/bearer-scan/bad.php", @@ -315,7 +315,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 18, "full_filename": "/tmp/bearer-scan/bad.php", @@ -349,7 +349,7 @@ exports[`php_lang_reflection_using_user_input bad 1`] = ` ], "id": "php_lang_reflection_using_user_input", "title": "Use of reflection influenced by user input detected.", - "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\nmethod(params[:method])\\n\`\`\`\\n\\n✅ Use user input indirectly when using reflection:\\n\\n\`\`\`php\\nmethod_name =\\n case params[:action]\\n when \\"option1\\"\\n \\"method1\\"\\n when \\"option2\\"\\n \\"method2\\"\\n end\\n\\nmethod(method_name)\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", + "description": "## Description\\n\\nApplications should not look up or manipulate code using user-supplied data.\\n\\n## Remediations\\n\\n❌ Avoid using user input when using reflection:\\n\\n\`\`\`php\\n$class = new ReflectionClass($_GET[\\"class\\"])\\n\`\`\`\\n\\n## Resources\\n- [OWASP Code injection explained](https://owasp.org/www-community/attacks/Code_Injection)\\n", "documentation_url": "https://docs.bearer.com/reference/rules/php_lang_reflection_using_user_input", "line_number": 19, "full_filename": "/tmp/bearer-scan/bad.php",