Semgrep mapping to phpcs-security-audit for `php.lang.security.file-inclusion.file-inclusion` is incorrect
Summary
- We map
php.lang.security.file-inclusion.file-inclusion
toPHPCS_SecurityAudit.BadFunctions.FilesystemFunctions.WarnFilesystem
- Based on the description from Semgrep website & our rules, this should have been
BadFunctions.EasyRFISniff
- Reported by user (internal only zd ref)
What is the current bug behavior?
Incorrect vulnerability reporting
What is the expected correct behavior?
Correctly report this as EasyRFISniff
Possible fixes
Update the mapping
Edited by Andrew Winata