Post AViBgWMrcfMOQFimC8 by valorin@infosec.exchange
 (DIR) More posts by valorin@infosec.exchange
 (DIR) Post #AVhw10mkds4xHmZvyC by valorin@infosec.exchange
       2023-05-16T08:31:06Z
       
       0 likes, 0 repeats
       
       Ok, #PHP & #Laravel folks... What comes to mind when you hear the words:  "Insecure Function"? 😱
       
 (DIR) Post #AVhw11h7GJAK6awwpE by wogan@mastodon.africa
       2023-05-16T09:00:30Z
       
       0 likes, 0 repeats
       
       @valorin Any function I (as the developer) don't feel secure in calling:* Badly-named method or variables* Not type hinted* Unclear from method signature what's about to happenIf I can't determine what it's going to do just by looking at the intellisense helper, I'm going to hesitate to use it, plus I'm not going to trust it to do its job properly.
       
 (DIR) Post #AVhwKAON9GT0aCJEuG by wogan@mastodon.africa
       2023-05-16T09:03:59Z
       
       0 likes, 0 repeats
       
       @valorin As I write this, I'm the architect in charge of a rapidly-growing codebase, where I'm watching engineers introduce antipatterns like that: poorly-named functions that are super easy to exploit if you can see their innards.In one case, someone is passing an entire Request object right down into the service layer without any validation, potentially opening up a data leak vector 🙃
       
 (DIR) Post #AViBgWMrcfMOQFimC8 by valorin@infosec.exchange
       2023-05-16T11:56:05Z
       
       0 likes, 0 repeats
       
       @wogan This is an awesome answer! 🤩I completely agree - functions should be clear what they do. Great example with the Request object - worryingly, that behaviour is far too common. 😭