/
baseline-taint.xml
121 lines (121 loc) · 4.68 KB
/
baseline-taint.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?xml version="1.0" encoding="UTF-8"?>
<files psalm-version="5.22.1@e9dad66e11274315dac27e08349c628c7d6a1a43">
<file src="redaxo/src/addons/backup/lib/backup.php">
<TaintedFile>
<code><![CDATA[$filename]]></code>
<code><![CDATA[$filename]]></code>
</TaintedFile>
</file>
<file src="redaxo/src/addons/backup/lib/compressor.php">
<TaintedFile>
<code><![CDATA[$source]]></code>
</TaintedFile>
</file>
<file src="redaxo/src/addons/cronjob/lib/cronjob.php">
<TaintedCallable>
<code><![CDATA[$class]]></code>
</TaintedCallable>
</file>
<file src="redaxo/src/addons/structure/plugins/content/lib/article_action.php">
<TaintedInclude>
<code><![CDATA[rex_stream::factory('action/' . $articleId . '/' . $type, $action)]]></code>
</TaintedInclude>
</file>
<file src="redaxo/src/addons/structure/plugins/history/fragments/history/layer.php">
<TaintedHtml>
<code><![CDATA[$this->getVar('content1iframe')]]></code>
<code><![CDATA[$this->getVar('content1select')]]></code>
<code><![CDATA[$this->getVar('content2iframe')]]></code>
<code><![CDATA[$this->getVar('content2select')]]></code>
</TaintedHtml>
<TaintedTextWithQuotes>
<code><![CDATA[$this->getVar('content1iframe')]]></code>
<code><![CDATA[$this->getVar('content1select')]]></code>
<code><![CDATA[$this->getVar('content2iframe')]]></code>
<code><![CDATA[$this->getVar('content2select')]]></code>
</TaintedTextWithQuotes>
</file>
<file src="redaxo/src/core/fragments/core/fe_ooops.php">
<TaintedHtml>
<code><![CDATA[$this->getVar('content', '')]]></code>
</TaintedHtml>
<TaintedTextWithQuotes>
<code><![CDATA[$this->getVar('content', '')]]></code>
</TaintedTextWithQuotes>
</file>
<file src="redaxo/src/core/fragments/core/form/search.php">
<TaintedHtml>
<code><![CDATA['<div class="' . $class . '"' . $id . '>
<span class="input-group-addon clear-button"><i class="rex-icon rex-icon-search"></i></span>
<input class="form-control" type="text"' . $autofocus . $placeholder . $value . '>
<span title="' . $clear . '" class="form-control-clear rex-icon rex-icon-clear form-control-feedback hidden"></span>
</div>']]></code>
</TaintedHtml>
<TaintedTextWithQuotes>
<code><![CDATA['<div class="' . $class . '"' . $id . '>
<span class="input-group-addon clear-button"><i class="rex-icon rex-icon-search"></i></span>
<input class="form-control" type="text"' . $autofocus . $placeholder . $value . '>
<span title="' . $clear . '" class="form-control-clear rex-icon rex-icon-clear form-control-feedback hidden"></span>
</div>']]></code>
</TaintedTextWithQuotes>
</file>
<file src="redaxo/src/core/fragments/core/page/docs.php">
<TaintedHtml>
<code><![CDATA[$this->getVar('content')]]></code>
<code><![CDATA[$this->getVar('sidebar')]]></code>
<code><![CDATA[$this->getVar('toc')]]></code>
</TaintedHtml>
<TaintedTextWithQuotes>
<code><![CDATA[$this->getVar('content')]]></code>
<code><![CDATA[$this->getVar('sidebar')]]></code>
<code><![CDATA[$this->getVar('toc')]]></code>
</TaintedTextWithQuotes>
</file>
<file src="redaxo/src/core/fragments/core/page/readme.php">
<TaintedHtml>
<code><![CDATA[$this->getVar('content')]]></code>
</TaintedHtml>
<TaintedTextWithQuotes>
<code><![CDATA[$this->getVar('content')]]></code>
</TaintedTextWithQuotes>
</file>
<file src="redaxo/src/core/lib/login/login.php">
<TaintedHeader>
<code><![CDATA[$rawHeader]]></code>
</TaintedHeader>
</file>
<file src="redaxo/src/core/lib/response.php">
<TaintedHeader>
<code><![CDATA[$name . ': ' . $value]]></code>
<code><![CDATA[$str]]></code>
<code><![CDATA['Location: ' . $url]]></code>
<code><![CDATA['Location: ' . $url]]></code>
</TaintedHeader>
</file>
<file src="redaxo/src/core/lib/sql/sql.php">
<TaintedSql>
<code><![CDATA[$query]]></code>
<code><![CDATA[$query]]></code>
<code><![CDATA[$query]]></code>
<code><![CDATA[$query]]></code>
<code><![CDATA[$query]]></code>
<code><![CDATA[$query]]></code>
<code><![CDATA[$query]]></code>
<code><![CDATA[$query]]></code>
</TaintedSql>
</file>
<file src="redaxo/src/core/lib/util/file.php">
<TaintedFile>
<code><![CDATA[$file]]></code>
<code><![CDATA[$file]]></code>
<code><![CDATA[$file]]></code>
<code><![CDATA[$file]]></code>
</TaintedFile>
</file>
<file src="redaxo/src/core/lib/util/socket/socket.php">
<TaintedCallable>
<code><![CDATA[$data]]></code>
<code><![CDATA[$data]]></code>
</TaintedCallable>
</file>
</files>