Jetpack reports "malicious code pattern" in Container.php file

WordPress Event Management, Calendars & Registration Forums Report A Bug Jetpack reports "malicious code pattern" in Container.php file

This topic contains 2 replies, has 2 voices, and was last updated by  Benjamine Heath 2 years, 10 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • June 14, 2021 at 3:35 pm #39951

    Hi,

    I received this notification from my Jetpack plugin:

    The file Container.php contains a malicious code pattern
    Threat found (PHP_Generic_BadPattern_5)

    This code pattern is often used to run a very dangerous shell program on your server. The code in these files needs to be reviewed, and possibly cleaned.

    /srv/htdocs/wp-content/plugins/event-organiser-pro/lib/Pimple/Container.php

    $extended = function ($c) use ($callable, $factory) {
    return $callable($factory($c), $c);
    };

    Can you offer any advice on this?

    Thanks,

    Ben

    Benjamine Heath
    June 14, 2021 at 5:15 pm #39952

    Hi Ben,

    The code is safe, and the warning is a false positive. It comes from the Pimple library which is used by the plug-in to provide dependency injection.

    It appears that Event Organiser isn’t the only plug-in to be caught by this: https://wordpress.org/support/topic/php-generic-badpattern-5-warning-in-pimple-container/

    Stephen Harris
    June 14, 2021 at 9:45 pm #39954

    Understood! Thanks for the clarification on this.

    Benjamine Heath
  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
To enable me to focus on Pro customers, only users who have a valid license for the Pro add-on may post new topics or replies in this forum. If you have a valid license, please log-in or register an account using the e-mail address you purchased the license with. If you don't you can purchase one here. Or there's always the WordPress repository forum.