Skip to content

Configuration: Unsafe Function Use

Identifier: unsafe_function_use

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Unsafe function use happens when developers incorporate functions in their code that don't properly manage user input or system resources, opening the door for attacks like SQL injection, cross-site scripting, or even remote code execution. Such vulnerabilities allow attackers to manipulate inputs or commands, which can lead to unauthorized data access, data corruption, or even taking full control of your system. The risk arises from using outdated or improperly secured functions that havent been updated to handle modern threat models, and it's easy to fall into this trap if security isn't a priority during development. If left unchecked, these vulnerabilities can lead to significant security breaches and costly remedies down the line, so it's important to stay vigilant and use safer alternatives wherever possible.

Configuration

Example

Example configuration:

---
security_tests:
  unsafe_function_use:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.