Support » Plugin: WunderAutomation » PHP.Generic.BadPattern.5 warning in Pimple container

  • Resolved opicron

    (@opicron)


    Ha Team,

    I receive warnings about PHP.Generic.BadPattern.5 in /src/Pimple/cotainer.php.

    “This code pattern is ofter used to run very dangerous shell programs on servers”

    Would you be so kind to review this issue?

    • This topic was modified 4 months, 3 weeks ago by opicron.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Any change to review this?

    Plugin Author wundermatics

    (@wundermatics)

    Hi,

    Sorry. We didn’t have notifications enabled, totally missed this question from you. We’re looking at this as soon as possible.

    Plugin Author wundermatics

    (@wundermatics)

    Hi @opicron,

    First, thanks for brining this to our attention.

    Assuming you are seeing this error message on VaultPress? This is a false positive from Vault Press, it’s been known to happen for this particular class.

    The indicated class is called Pimple and is a standard Dependency Injection container provided by Sensiolabs. It’s one of the top 5 most popular DI components available for PHP, in active use on millions of PHP-driven websites and applications. It’s also one of the few DI-containers that supports PHP 5.x which is a desirable feature when using within WordPress. According to Packagist, there are no security issues reported about Pimple. Please follow the links below to learn more about the Pimple DI library.

    There are several similar support questions here on the WordPress forums where various plugins has had this issue reported by VaultPress, specifically for Pimple. Best practice seem to be to ask VaultPress to ignore this file and mark it as false positive.

    Should you need any more help resolving this with VaultPress, don’t hesitate to get back to us. From now on, we have notifications enabled (sorry about the delay).

    Similar threads regarding Pimple:
    https://wordpress.org/support/topic/suspious-code/:
    https://wordpress.org/support/topic/suspicious-code-3/
    https://wordpress.org/support/topic/security-risk-vaultpress/

    Links:
    Official homepage:
    http://pimple.sensiolabs.org/

    Packagist summary:
    https://packagist.org/packages/pimple/pimple

    Thanks for the response, much appreciated. I checked the source code and figured it was a false positive. Just hate seeing errors in Vaultpress ;).

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.