VaultPress Security Scan

  • This plugin is causing a suspicious code alert from VaultPress:


    PHP.Generic.BadPattern.5

    This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned.

    The scan is pointing to the file:

    ./wp-content/plugins/woo-mailerlite/vendor/clue/stream-filter/tests/FunTest.php

    And the lines:

    $this->assertEquals(‘grfg’, $rot(‘test’));
    // This line is the line is causing the issue:
    $this->assertEquals(‘test’, $rot($rot(‘test’)));
    $this->assertEquals(null, $rot());

    Please resolve this issue.

Viewing 3 replies - 1 through 3 (of 3 total)

  • Actually the related files are just for testing some cases inside the used library (used for communicating with the MailerLite API). It’s nothing you should be afraid of.

    Thread Starter SndChaser

    (@sndchaser)

    Yes, I thought they were test units given where they are located… But I try to not make too many assumptions.

    The fact is, while the test units are included in the production version of the plugin in the WP repository they are going to set off the VaultPress security scanner. The test units really shouldn’t have shipped with the production version of the plugin…

    It would be a different matter altogether if I had grabbed a development version from github and manually installed it. (I’d deserve all sorts of derision for installing dev code on a production server… ?? )

    George

    Thanks for your feedback George, we keep this in mind for the next plugin update.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘VaultPress Security Scan’ is closed to new replies.