Sensitive Sink

Static analysis for PHP
A sensitive sink is every construct/function that can cause a vulnerability when it is given TaintedData as a parameter.

The following constructs are listed as a SensitiveSink:

  • die
  • echo
  • exit
  • print
  • `` (backticks)
  • eval
  • include
  • include_once
  • require
  • require_once

-- EricBouwers - 29 Dec 2006