Comments (6)
The problem is in very simple regex in JAMSS (\$\w[^;=\)]*=[^;=\)]*`.*`
), unlikely it may be fixed easily. The proper way is to use token_get_all
and search for `
token there, but it's out of JAMSS approach.
from jedchecker.
The sample code does not seem to have the `
or what am I missing...
from jedchecker.
@dryabov A new case related to backticks and images:
#001 /joomhelper360/assets/css/ajax-loader.gif in line: 26
? Pattern found#24 - PHP execution operator: backticks (``)
from jedchecker.
I know, there is a lot of false-positives with this rule, because it just finds $
followed by =
and two `
s (at any distances). That's why the warning message may contain a code that doesn't contain `
at all, because of it may be located many lines below (usually inside of a quoted string).
from jedchecker.
in that case, just giving the file path and not the code will be more helpful... so that we do self investigation. Since seeing the code, and not seeing the issue make one ignore it, and that is bad.
from jedchecker.
My current idea is to implement a concept of "scopes" for JAMSS rules, e.g. the check of PHP embedded into a GIF file requires to analyze the entire file (a "full" scope), and this check for backticks requires to analyze PHP code only (a "code" scope, i.e. excluding HTML and quoted strings). As a result, most of false-positives will be eliminated.
from jedchecker.
Related Issues (20)
- False positive The JEXEC security check was not found in this file. HOT 18
- [Suggestion] - Extend the readme on Crowdin Project
- False positive PH2 error HOT 4
- Dependency Dashboard
- Error: Whitespace in the key is not allowed HOT 3
- JED Checker 2.4.1 extension downloaded from the JED differs from development repository
- Language file is not loaded, when lang prefix is missing. HOT 1
- JEXEC security check HOT 6
- [PHP 8.1] Deprecated: trim(): Passing null to parameter #1 ($string) in rules/xmlinfo.php on line 322 HOT 2
- Warning: syntax error, unexpected '{' or '!' HOT 1
- NOTICE: Node <folder> has unknown attribute 'plugin' is wrong? HOT 2
- Not recognized in XML: <name>language KEY</name> HOT 3
- JEDchecked in Joomla 3.10.12 failed: TypeError: Failed to fetch HOT 17
- [J5] JED Checker extension only works with b/c plugin enabled HOT 2
- JEF Checker 2.4.2 has no checksum HOT 2
- 0 strpos(): Argument #3 ($offset) must be contained in argument #1 ($haystack) HOT 1
- JED Checker to report linebreaks in language files HOT 4
- JED Checker never finishes in PHP 8.3.0 HOT 14
- Wrong deprecation: Joomla\CMS\Filesystem\File and Joomla\CMS\Filesystem\Folder ? HOT 4
- There is interference in the mobile version, Joomla 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jedchecker.