Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin triggers "suspicious code" warning in VaultPress #2

Closed
mpcmach opened this issue Apr 23, 2019 · 1 comment
Closed

Plugin triggers "suspicious code" warning in VaultPress #2

mpcmach opened this issue Apr 23, 2019 · 1 comment

Comments

@mpcmach
Copy link

mpcmach commented Apr 23, 2019

It looks like there's some code in the plugin here:

/wp-content/plugins/wp-ses/vendor/Aws3/Aws/middleware.php
/wp-content/plugins/wp-ses/vendor/Aws3/GuzzleHttp/middleware.php

...that triggers a warning "PHP.Generic.BadPattern.5: This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned" in VaultPress's security scan feature.

VP says the problem lies in line 233 in the first file and line 202 in the second:

return $handler($f($command), $request);

This may be a false positive that needs to be whitelisted/ignored in VP rather than fixed here, but could you confirm if this is the case?
@mpcmach
Copy link
Author

mpcmach commented Apr 23, 2019

VaultPress support has confirmed that they consider this to be a false positive that can be safely ignored.

@mpcmach mpcmach closed this as completed Apr 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mpcmach