File tree Expand file tree Collapse file tree 6 files changed +26
-10
lines changed
php-checks/src/main/resources/org/sonar/l10n/php/rules/php Expand file tree Collapse file tree 6 files changed +26
-10
lines changed Original file line number Diff line number Diff line change 11< h2 > Why is this an issue?</ h2 >
22< p > Putting multiple statements on a single line lowers the code readability and makes debugging the code more complex.</ p >
33< pre >
4- if (someCondition) doSomething(); // Noncompliant
4+ if (someCondition) { doSomething(); } // Noncompliant
5+
6+ doSomething(); doSomethingElse(); // Noncompliant
57</ pre >
68< p > Write one statement per line to improve readability.</ p >
79< pre >
810if (someCondition) {
911 doSomething();
1012}
13+
14+ doSomething();
15+ doSomethingElse();
1116</ pre >
1217< h3 > Exceptions</ h3 >
1318< p > The rule ignores anonymous functions containing a single statement.</ p >
Original file line number Diff line number Diff line change @@ -3,18 +3,23 @@ <h2>Why is this an issue?</h2>
33open-source applications. This practice exposes your application to significant security risks.</ p >
44< p > This rule flags instances of hard-coded credentials used in database and LDAP connections. It looks for hard-coded credentials in connection
55strings, and for variable names that match any of the patterns from the provided list.</ p >
6+ < p > In the past, it has led to the following vulnerabilities:</ p >
7+ < ul >
8+ < li > < a href ="https://www.cve.org/CVERecord?id=CVE-2019-13466 "> CVE-2019-13466</ a > </ li >
9+ < li > < a href ="https://www.cve.org/CVERecord?id=CVE-2018-15389 "> CVE-2018-15389</ a > </ li >
10+ </ ul >
611< h2 > How to fix it</ h2 >
712< p > Credentials should be stored in a configuration file that is not committed to the code repository, in a database, or managed by your cloud
813provider’s secrets management service. If a password is exposed in the source code, it must be changed immediately.</ p >
914< h3 > Code Examples</ h3 >
10- < h4 > Noncompliant Code Example </ h4 >
15+ < h4 > Noncompliant code example </ h4 >
1116< pre data-diff-id ="1 " data-diff-type ="noncompliant ">
1217$password = "65DBGgwe4uazdWQA"; // Noncompliant
1318
1419$httpUrl = "https://example.domain?user=user&password=65DBGgwe4uazdWQA" // Noncompliant
1520$sshUrl = "ssh://user:65DBGgwe4uazdWQA@example.domain" // Noncompliant
1621</ pre >
17- < h4 > Compliant Solution </ h4 >
22+ < h4 > Compliant solution </ h4 >
1823< pre data-diff-id ="1 " data-diff-type ="compliant ">
1924$user = getUser();
2025$password = getPassword(); // Compliant
Original file line number Diff line number Diff line change 1212 "func" : " Constant\/ Issue"
1313 "constantCost" : " 30min"
1414 },
15+ "quickfix" : " infeasible"
1516 "tags" : [
1617 " cwe"
1718 ],
4142 " 3.5.2"
4243 " 6.4.1"
4344 ]
44- },
45- "quickfix" : " unknown"
45+ }
4646}
Original file line number Diff line number Diff line change @@ -13,9 +13,14 @@ <h4>Noncompliant Code Example</h4>
1313$secret = '47828a8dd77ee1eb9dde2d5e93cb221ce8c32b37'; // Noncompliant
1414MyClass->callMyService($secret);
1515</ pre >
16- < h4 > Compliant Solution </ h4 >
17- < p > Using < a href =" https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/php/example_code/secretsmanager " > AWS Secrets Manager </ a > :</ p >
16+ < h4 > Compliant solution </ h4 >
17+ < p > Store the secret in an environment variable or configuration file :</ p >
1818< pre data-diff-id ="1 " data-diff-type ="compliant ">
19+ $secret = getenv('MY_SECRET');
20+ MyClass->callMyService($secret);
21+ </ pre >
22+ < p > Or using < a href ="https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/php/example_code/secretsmanager "> AWS Secrets Manager</ a > :</ p >
23+ < pre >
1924use Aws\SecretsManager\SecretsManagerClient;
2025use Aws\Exception\AwsException;
2126$client = new SecretsManagerClient(...);
@@ -45,5 +50,6 @@ <h2>Resources</h2>
4550 < li > OWASP - < a href ="https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication "> Top 10 2017 Category A2 - Broken Authentication</ a >
4651 </ li >
4752 < li > CWE - < a href ="https://cwe.mitre.org/data/definitions/798 "> CWE-798 - Use of Hard-coded Credentials</ a > </ li >
53+ < li > MSC - < a href ="https://wiki.sei.cmu.edu/confluence/x/OjdGBQ "> MSC03-J - Never hard code sensitive information</ a > </ li >
4854</ ul >
4955
Original file line number Diff line number Diff line change 1212 "func" : " Constant\/ Issue"
1313 "constantCost" : " 30min"
1414 },
15+ "quickfix" : " infeasible"
1516 "tags" : [
1617 " cwe"
1718 ],
4041 " 3.5.2"
4142 " 6.4.1"
4243 ]
43- },
44- "quickfix" : " unknown"
44+ }
4545}
Original file line number Diff line number Diff line change 33 "languages" : [
44 " PHP"
55 ],
6- "latest-update" : " 2026-01-08T10:11:00.424605796Z "
6+ "latest-update" : " 2026-02-02T05:36:28.563406648Z "
77 "options" : {
88 "no-language-in-filenames" : true ,
99 "preserve-filenames" : true
You can’t perform that action at this time.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments