Suspicious Code

  • Resolved raceman59

    (@raceman59)


    7 years, 7 months ago

    This plugin is triggering a security warning on VaultPress (owned by the makers of WordPress)

    Can you please comment about this suspicious code?

    Can you please remove it asap so that i may use your plugin and not have it flagged by VaultPress?

    VaultPress detected a new security issue on one of your sites.

    Our security scanners found 1 new security threats since the last email notification. Please visit the VaultPress security page for more details.

    Suspicious Code

    Our security scanners detected the following possible security issues. We recommend that you review the affected files.

    PHP.Generic.BadPattern.5

    This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned.

    Help Document

    plugins/wp-mail-logging/lib/vendor/pimple/pimple/src/Container.php

Viewing 8 replies - 1 through 8 (of 8 total)

  • This is ridiculous. It’s an established pattern for service based OOP and dependency injection.
    Please refer to https://pimple.sensiolabs.org/

    Thread Starter raceman59

    (@raceman59)

    No3x

    Thank you for the responce.

    Wether you think its “ridiculous” of not, VaultPress is flagging the code as potentially harmful and thus it IS a problem regardless of your opinion.

    Please send me a hash of the file to verify integrity. Maybe someone really put malicious code in there.

    But I don’t think that’s the reason: Please refer to a similar topic https://www.ads-software.com/support/topic/security-risk-vaultpress/

    Thread Starter raceman59

    (@raceman59)

    I have tried your plugin again, hoping it was updated to avoid this security alert being presented my VaultPress.

    Still VaultPress Immediately flags a section of your plugin as “Suspicion Code”

    This is the file that is the specific file causing errors
    /wp-content/plugins/wp-mail-logging/lib/vendor/pimple/pimple/src/Container.php

    Starting at line 242

    $extended = function ($c) use ($callable, $factory) {
    return $callable($factory($c), $c);
    };

    What are your thoughts on this issue?

    It’s an established pattern for service based OOP and dependency injection.
    Please refer to https://pimple.sensiolabs.org/

    Please send me a hash of the file to verify integrity. Maybe someone really put malicious code in there.

    But I don’t think that’s the reason: Please refer to a similar topic https://www.ads-software.com/support/topic/security-risk-vaultpress/

    Thread Starter raceman59

    (@raceman59)

    No3x

    Thank you for the email.

    I have positive reply from VaultPress staff.

    Their reply follows:

    I’ve taken a look at the security alert. I’ve also compared the file on your server with the file as provided from the plugin author, and it matches. This is a false positive, which I have ignored for you.

    At times, plugin authors may use a style of writing code that is similar to what we see when someone is trying to hack a site. VaultPress errs on the side of caution and alerts to anything that may benefit from a second look.

    Please let us know if you need any further assistance.

    Cheers ??

    Megan T.
    Happiness Engineer
    Jetpack | VaultPress | Akismet | Guided Transfer

    Oh wow, they have access to your webserver?

    I’m happy you could verify my statement about this from a 3rd party.

    Thread Starter raceman59

    (@raceman59)

    The VaultPress Staff have access to my VaultPress account which is where the file Alert is flagged.

    They have the ability to verify backed up files on VaultPress and “ignore” any security alerts if it seems appropriate.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Suspicious Code’ is closed to new replies.