The PHP SAST engine understands the Laravel routing system

Hello PHP developers,

Our PHP SAST engine was improved to detect more vulnerabilities by making it understand the routing system of Laravel.

The routing system is the most used entry point for attackers and their payloads. In order to detect vulnerabilities, our engine must be able to detect connections between the routing system, the respective routes and where the tainted data are used.

When the request processing is defined via callbacks through closures or controller methods, the PHP engine consider them as entry points (sources):

use App\Http\Controllers\UserController;

Route::get('/hello', function () {
    return 'Hello World';

Route::get('/user', [UserController::class, 'index']);

The engine is also able to recognize user-controlled parameters:

Route::get('user/{id}', function ($id) {
    return 'UserId  '.$id;

… and if they are validated by regular expressions:

Route::get('user/{id}', function ($id) {
})->where('id', '[0-9]+'); // here $id will be safe because only integers will be accepted

What’s next? We will provide support for Symfony Routes.

This is available now on SonarCloud and is included in SonarQube 8.7 Developer Edition.