Malware warnings on php code for GDPR framework

  • Resolved creativeloves

    (@creativeloves)


    2 years, 9 months ago

    Hi I am using GDPR framework by Data 443 and my malware scanner keeps flagging these lines of code as dangerous and probable malware. Can anyone give insight into this?

    1) protected function passthru($method, array $params)

    2) exec(“mklink /{$mode} “.escapeshellarg($link).’ ‘.escapeshellarg($target));

    3) assert(class_exists(‘ParagonIE_Sodium_Compat’), ‘Possible filesystem/autoloader bug?’);
    And
    assert(class_exists(‘ParagonIE_Sodium_Compat’))

    These are three separate ” flags” on the malware scanner. I use Cleantalk for antispam and malware scanning, and these lines of code are routinely triggered as dangerous with a “99.5%” likelihood of being malware. So, I’m wondering what’s up with that?

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hello,

    Thanks for bringing this to our attention. This is the first time we’ve heard of this issue. We’ll contact Cleantalk to see about resolving this false notification.

    Hello @data443 @creativeloves

    I’m a developer from CleanTalk team. I wanna share my thoughts about the issue:

    1. protected function passthru($method, array $params). Looks like it’s a false positive. Your passthru() is a method, not a native PHP function. We’ll tweak the logic. Thank you!
    2. exec(“mklink /{$mode} “.escapeshellarg($link).’ ‘.escapeshellarg($target)); – is not safe to use this, because if you made a mistake in sanitizing any of these 3 parameters, it will become a security vulnerability. You could use safe alternative for this like: link() and symlink().
    3. assert(class_exists(‘ParagonIE_Sodium_Compat’)) – as the documentation says, the assertions should not be used for normal runtime operations like input parameter checks. Only for debugging.

    • This reply was modified 2 years, 9 months ago by Safronik. Reason: spelling

    Hi @creativeloves @safronik ,
    We have scrubbed the plugin and would like to provide to you to test before we release publicly. Can you provide your email or send us an email at [email protected] so we can connect? Thank you!

    Thread Starter creativeloves

    (@creativeloves)

    Thank you both @data443 and @safronik for addressing this issue! I am still getting flags every day. I have been sent a new version of the GDPR framework plugin to test and that is my next step, but before I go download that and apply it I have a quick question for Data443. Has this new version been scrubbed of said security risks, such as resolving this?

    “2. exec(“mklink /{$mode} “.escapeshellarg($link).’ ‘.escapeshellarg($target)); – is not safe to use this, because if you made a mistake in sanitizing any of these 3 parameters, it will become a security vulnerability. You could use safe alternative for this like: link() and symlink().”

    The new version we sent you has been scrubbed of the security risks you encountered.

    After reviewing the original problem we’ve traced the vulnerable code to a set of third-party scripts tied to an early commit. We have removed said third-party scripts in version 2.0.0 in order to remediate the vulnerability, and have already taken steps to ensure future contributions are properly vetted.

    The latest version has been released.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Malware warnings on php code for GDPR framework’ is closed to new replies.