I'm scanning a folder in my server using RIPS. The report came out and some of the vulnerabilities that were reported are "Userinput reaches sensitive sink.". The lines reported are lines defining a variable. You can see the report here. Does anyone know how I can fix this? Shouldnt this be normal and not reported as a vulnerability?
質問する
1882 次
3 に答える
0
次のようなコードがある場合を考えてみましょう。
$name = $city = $email = $message = "";
ユーザー入力が重要なシンクに到達すると、RIPS はこのコードを報告します。
これを解決するには、次のトリックを適用できます。
$name=test_input("");
$city=test_input("");
$email=test_input("");
$message=test_input("");
function test_input($data) {
$data = trim($data);
$data = stripcslashes($data);
$data = htmlspecialchars($data);
$data = htmlentities($data, ENT_QUOTES, "utf-8");
return $data;
}
于 2019-07-18T07:24:33.307 に答える