Hello,
We are using Sonarcloud enterprise. We just noticed that vulnerabilities in our index function controllers are not getting caught by the Sonarcloud’s quality profile. We are using the default quality profile “Sonar way” for everything at the moment.
We have a index controller which does not catch any vulnerabilities except for a security hotspot (hardcoded password).
Example false negative:
class Start extends CI_Controller
{
protected $cache_file;
protected $user_password;
public function index()
{
$this->user_password = "ex#amp¤el2020";
$this->cache_file = isset($_GET['user_file']) ? $_GET['user_file'] : '';
$file = $this->cache_file;
if (file_exists($file)) unlink($file);
if ($_POST['redirect_url'])
{
redirect($_POST['redirect_url']);
}
if ($_GET['redirect_url'])
{
redirect($_GET['redirect_url']);
}
}
To try this out i created the same controller function with a different name that seems to catch all the vulnerabilities.
Example true positive:
public function notindex()
{
$this->user_password = "ex#amp¤el2020";
$this->cache_file = isset($_GET['user_file']) ? $_GET['user_file'] : '';
$file = $this->cache_file;
if (file_exists($file)) unlink($file);
if ($_POST['redirect_url'])
{
redirect($_POST['redirect_url']);
}
if ($_GET['redirect_url'])
{
redirect($_GET['redirect_url']);
}
}
Would appreciate getting some help to resolve this since we have a lot of controller functions named index. Let me know if you need any more information.