Skip to content

Instantly share code, notes, and snippets.

@kirtangajjar

kirtangajjar/1-Index-Now-Plugin-Audit-Summary

Last active December 6, 2023 13:24
Show Gist options
  • Save kirtangajjar/2046b4978ebf4f72c1658ed6a41f3c07 to your computer and use it in GitHub Desktop.
Save kirtangajjar/2046b4978ebf4f72c1658ed6a41f3c07 to your computer and use it in GitHub Desktop.
Download ZIP
Index-Now-Plugin-Audit
Raw
1-Index-Now-Plugin-Audit-Summary
╰─➤ phpcs --standard=PHPCompatibilityWP,WordPress-VIP-Go -s --report=source --ignore=vendor-prefixed plugins/mihdan-index-now
PHP CODE SNIFFER VIOLATION SOURCE SUMMARY
---------------------------------------------------------------------------------------------------------
SOURCE COUNT
---------------------------------------------------------------------------------------------------------
Squiz.PHP.CommentedOutCode.Found 6
WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout 6
WordPress.DB.DirectDatabaseQuery.DirectQuery 5
WordPress.Security.NonceVerification.Recommended 5
WordPressVIPMinimum.Functions.RestrictedFunctions.wp_remote_get_wp_remote_get 5
WordPress.DB.DirectDatabaseQuery.NoCaching 4
WordPress.DB.PreparedSQL.InterpolatedNotPrepared 4
WordPress.DateTime.RestrictedFunctions.date_date 3
WordPress.Security.EscapeOutput.OutputNotEscaped 3
WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 3
WordPress.DB.PreparedSQL.NotPrepared 2
WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized 2
WordPress.DB.DirectDatabaseQuery.SchemaChange 1
WordPress.PHP.DevelopmentFunctions.error_log_print_r 1
WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize 1
WordPress.Security.NonceVerification.Missing 1
WordPressVIPMinimum.Functions.RestrictedFunctions.url_to_postid_url_to_postid 1
WordPressVIPMinimum.Security.ExitAfterRedirect.NoExit 1
WordPressVIPMinimum.Variables.RestrictedVariables.cache_constraints___SERVER__HTTP_USER_AGENT__ 1
---------------------------------------------------------------------------------------------------------
A TOTAL OF 55 SNIFF VIOLATIONS WERE FOUND IN 19 SOURCES
---------------------------------------------------------------------------------------------------------
Time: 2.71 secs; Memory: 22MB
Raw
2-Index-Now-Plugin-Audit
phpcs --standard=PHPCompatibilityWP,WordPress-VIP-Go --ignore=vendor-prefixed -s plugins/mihdan-index-now
FILE: /home/kirtan/Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Utils.php
---------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AND 1 WARNING AFFECTING 1 LINE
---------------------------------------------------------------------------------------------------------
100 | WARNING | Detected usage of a non-sanitized input variable: $_SERVER['HTTP_USER_AGENT']
| | (WordPress.Security.ValidatedSanitizedInput.InputNotSanitized)
100 | ERROR | Due to server-side caching, server-side based client related logic might not work. We
| | recommend implementing client side logic in JavaScript instead.
| | (WordPressVIPMinimum.Variables.RestrictedVariables.cache_constraints___SERVER__HTTP_USER_AGENT__)
---------------------------------------------------------------------------------------------------------
FILE: ...e/kirtan/Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Views/WPOSA.php
---------------------------------------------------------------------------------------------------------
FOUND 2 ERRORS AFFECTING 2 LINES
---------------------------------------------------------------------------------------------------------
664 | ERROR | All output should be run through an escaping function (see the Security sections in the
| | WordPress Developer Handbooks), found '$html'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
1626 | ERROR | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Missing)
---------------------------------------------------------------------------------------------------------
FILE: ...kirtan/Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Views/HelpTab.php
---------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
---------------------------------------------------------------------------------------------------------
42 | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly
| | displayed. Use gmdate() instead. (WordPress.DateTime.RestrictedFunctions.date_date)
---------------------------------------------------------------------------------------------------------
FILE: ...Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Views/Log_List_Table.php
---------------------------------------------------------------------------------------------------------
FOUND 5 ERRORS AND 4 WARNINGS AFFECTING 6 LINES
---------------------------------------------------------------------------------------------------------
92 | ERROR | Use placeholders and $wpdb->prepare(); found interpolated variable {$table_name} at
| | "SELECT * FROM {$table_name} ORDER BY {$order_by} LIMIT %d, %d"
| | (WordPress.DB.PreparedSQL.InterpolatedNotPrepared)
92 | ERROR | Use placeholders and $wpdb->prepare(); found interpolated variable {$order_by} at
| | "SELECT * FROM {$table_name} ORDER BY {$order_by} LIMIT %d, %d"
| | (WordPress.DB.PreparedSQL.InterpolatedNotPrepared)
211 | WARNING | print_r() found. Debug code should not normally be used in production.
| | (WordPress.PHP.DevelopmentFunctions.error_log_print_r)
218 | ERROR | All output should be run through an escaping function (see the Security sections in the
| | WordPress Developer Handbooks), found '$item'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
218 | ERROR | All output should be run through an escaping function (see the Security sections in the
| | WordPress Developer Handbooks), found '$item'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
227 | WARNING | Detected usage of a non-sanitized input variable: $_POST['_wpnonce']
| | (WordPress.Security.ValidatedSanitizedInput.InputNotSanitized)
241 | WARNING | Use of a direct database call is discouraged.
| | (WordPress.DB.DirectDatabaseQuery.DirectQuery)
241 | WARNING | Direct database call without caching detected. Consider using wp_cache_get() /
| | wp_cache_set() or wp_cache_delete(). (WordPress.DB.DirectDatabaseQuery.NoCaching)
242 | ERROR | Use placeholders and $wpdb->prepare(); found $query
| | (WordPress.DB.PreparedSQL.NotPrepared)
---------------------------------------------------------------------------------------------------------
FILE: ...irtan/Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Views/Settings.php
---------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AND 4 WARNINGS AFFECTING 5 LINES
---------------------------------------------------------------------------------------------------------
89 | WARNING | This comment is 58% valid code; is this commented out code?
| | (Squiz.PHP.CommentedOutCode.Found)
96 | WARNING | This comment is 58% valid code; is this commented out code?
| | (Squiz.PHP.CommentedOutCode.Found)
118 | WARNING | This comment is 65% valid code; is this commented out code?
| | (Squiz.PHP.CommentedOutCode.Found)
306 | WARNING | This comment is 55% valid code; is this commented out code?
| | (Squiz.PHP.CommentedOutCode.Found)
437 | ERROR | date() is affected by runtime timezone changes which can cause date/time to be
| | incorrectly displayed. Use gmdate() instead.
| | (WordPress.DateTime.RestrictedFunctions.date_date)
---------------------------------------------------------------------------------------------------------
FILE: /home/kirtan/Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Hooks.php
---------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
---------------------------------------------------------------------------------------------------------
121 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
---------------------------------------------------------------------------------------------------------
FILE: /home/kirtan/Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Cron.php
---------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AND 2 WARNINGS AFFECTING 2 LINES
---------------------------------------------------------------------------------------------------------
56 | WARNING | Use of a direct database call is discouraged.
| | (WordPress.DB.DirectDatabaseQuery.DirectQuery)
56 | WARNING | Direct database call without caching detected. Consider using wp_cache_get() /
| | wp_cache_set() or wp_cache_delete(). (WordPress.DB.DirectDatabaseQuery.NoCaching)
57 | ERROR | Use placeholders and $wpdb->prepare(); found interpolated variable {$table_name} at
| | "DELETE FROM {$table_name} WHERE DATEDIFF(NOW(), created_at)>=%d"
| | (WordPress.DB.PreparedSQL.InterpolatedNotPrepared)
---------------------------------------------------------------------------------------------------------
FILE: /home/kirtan/Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Main.php
---------------------------------------------------------------------------------------------------------
FOUND 5 ERRORS AND 9 WARNINGS AFFECTING 9 LINES
---------------------------------------------------------------------------------------------------------
133 | WARNING | This comment is 59% valid code; is this commented out code?
| | (Squiz.PHP.CommentedOutCode.Found)
210 | ERROR | date() is affected by runtime timezone changes which can cause date/time to be
| | incorrectly displayed. Use gmdate() instead.
| | (WordPress.DateTime.RestrictedFunctions.date_date)
266 | WARNING | Use of a direct database call is discouraged.
| | (WordPress.DB.DirectDatabaseQuery.DirectQuery)
266 | WARNING | Direct database call without caching detected. Consider using wp_cache_get() /
| | wp_cache_set() or wp_cache_delete(). (WordPress.DB.DirectDatabaseQuery.NoCaching)
266 | ERROR | Use placeholders and $wpdb->prepare(); found $sql
| | (WordPress.DB.PreparedSQL.NotPrepared)
275 | WARNING | Use of a direct database call is discouraged.
| | (WordPress.DB.DirectDatabaseQuery.DirectQuery)
275 | WARNING | Direct database call without caching detected. Consider using wp_cache_get() /
| | wp_cache_set() or wp_cache_delete(). (WordPress.DB.DirectDatabaseQuery.NoCaching)
275 | ERROR | Use placeholders and $wpdb->prepare(); found interpolated variable {$table_name} at
| | "SHOW TABLES LIKE '{$table_name}'"
| | (WordPress.DB.PreparedSQL.InterpolatedNotPrepared)
276 | WARNING | Attempting a database schema change is discouraged.
| | (WordPress.DB.DirectDatabaseQuery.SchemaChange)
379 | ERROR | Detected usage of a non-sanitized, non-validated input variable _SERVER:
| | "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"
| | (WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized)
379 | ERROR | Detected usage of a non-sanitized, non-validated input variable _SERVER:
| | "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"
| | (WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized)
380 | WARNING | url_to_postid() is uncached, please use wpcom_vip_url_to_postid() instead.
| | (WordPressVIPMinimum.Functions.RestrictedFunctions.url_to_postid_url_to_postid)
404 | WARNING | wp_remote_get() is highly discouraged. Please use vip_safe_wp_remote_get() instead
| | which is designed to more gracefully handle failure than wp_remote_get() does.
| | (WordPressVIPMinimum.Functions.RestrictedFunctions.wp_remote_get_wp_remote_get)
407 | WARNING | wp_remote_get() is highly discouraged. Please use vip_safe_wp_remote_get() instead
| | which is designed to more gracefully handle failure than wp_remote_get() does.
| | (WordPressVIPMinimum.Functions.RestrictedFunctions.wp_remote_get_wp_remote_get)
---------------------------------------------------------------------------------------------------------
FILE: ...tes/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Providers/Bing/BingWebmaster.php
---------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
---------------------------------------------------------------------------------------------------------
55 | ERROR | Detected high remote request timeout. `timeout` is set to `30`.
| | (WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout)
---------------------------------------------------------------------------------------------------------
FILE: ...outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Providers/Yandex/YandexWebmaster.php
---------------------------------------------------------------------------------------------------------
FOUND 5 ERRORS AND 10 WARNINGS AFFECTING 12 LINES
---------------------------------------------------------------------------------------------------------
69 | WARNING | This comment is 84% valid code; is this commented out code?
| | (Squiz.PHP.CommentedOutCode.Found)
76 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
76 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
76 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
80 | WARNING | Processing form data without nonce verification.
| | (WordPress.Security.NonceVerification.Recommended)
80 | WARNING | Detected usage of a non-sanitized input variable: $_GET['code']
| | (WordPress.Security.ValidatedSanitizedInput.InputNotSanitized)
106 | WARNING | serialize() found. Serialized data has known vulnerability problems with Object
| | Injection. JSON is generally a better approach for serializing data. See
| | https://www.owasp.org/index.php/PHP_Object_Injection
| | (WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize)
110 | ERROR | `wp_safe_redirect()` should almost always be followed by a call to `exit;`.
| | (WordPressVIPMinimum.Security.ExitAfterRedirect.NoExit)
133 | ERROR | Detected high remote request timeout. `timeout` is set to `30`.
| | (WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout)
136 | WARNING | wp_remote_get() is highly discouraged. Please use vip_safe_wp_remote_get() instead
| | which is designed to more gracefully handle failure than wp_remote_get() does.
| | (WordPressVIPMinimum.Functions.RestrictedFunctions.wp_remote_get_wp_remote_get)
162 | ERROR | Detected high remote request timeout. `timeout` is set to `30`.
| | (WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout)
165 | WARNING | wp_remote_get() is highly discouraged. Please use vip_safe_wp_remote_get() instead
| | which is designed to more gracefully handle failure than wp_remote_get() does.
| | (WordPressVIPMinimum.Functions.RestrictedFunctions.wp_remote_get_wp_remote_get)
191 | ERROR | Detected high remote request timeout. `timeout` is set to `30`.
| | (WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout)
224 | ERROR | Detected high remote request timeout. `timeout` is set to `30`.
| | (WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout)
231 | WARNING | wp_remote_get() is highly discouraged. Please use vip_safe_wp_remote_get() instead
| | which is designed to more gracefully handle failure than wp_remote_get() does.
| | (WordPressVIPMinimum.Functions.RestrictedFunctions.wp_remote_get_wp_remote_get)
---------------------------------------------------------------------------------------------------------
FILE: ...tan/Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/IndexNowAbstract.php
---------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
---------------------------------------------------------------------------------------------------------
186 | ERROR | Detected high remote request timeout. `timeout` is set to `30`.
| | (WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout)
---------------------------------------------------------------------------------------------------------
FILE: ...kirtan/Local Sites/outdoorlife/app/public/wp-content/plugins/mihdan-index-now/src/Logger/Logger.php
---------------------------------------------------------------------------------------------------------
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
---------------------------------------------------------------------------------------------------------
29 | WARNING | Use of a direct database call is discouraged.
| | (WordPress.DB.DirectDatabaseQuery.DirectQuery)
---------------------------------------------------------------------------------------------------------
Time: 2.61 secs; Memory: 22MB
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment