CodeIgniter Forums
veracode scanning CI - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forum-1.html)
+--- Forum: Lounge (https://forum.codeigniter.com/forum-3.html)
+--- Thread: veracode scanning CI (/thread-68134.html)



veracode scanning CI - ciadvantage - 05-30-2017

Presently my company signed up with this guy and scan to code project which I have developed based on CI 2.2.x
( I knew CI 3.1.4 is out a while but still migrating to it now as I have lot of changes to suit 3.1.4) and the vulnerables
were

[Image: severity-4.png]

250

Code:
    250
include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php');

and this is inĀ system/core/CodeIgniter.php

And the stated flaw is it is subject to remote file inclusion vulnerability!


I am kinda wonderouse if we have any defense for this and if someone knows please advise!

Many thanks



RE: veracode scanning CI - Narf - 05-30-2017

It's a false-positive.


RE: veracode scanning CI - ciadvantage - 05-31-2017

(05-30-2017, 02:53 PM)Narf Wrote: It's a false-positive.

thanks Narf