Php Improper Neutralization Template Engine
Description
Detects template injection vulnerabilities in PHP applications using the Twig template engine where user input is not properly sanitized before being processed by template functions. This can allow attackers to inject and execute malicious template code, potentially leading to remote code execution.
Detection Strategy
• Checks if Twig template engine library is imported in the codebase
• Identifies usage of dangerous template functions or methods that can process dynamic content
• Analyzes if unsanitized or user-controlled data flows into these template processing functions
• Reports a vulnerability when untrusted input reaches template processing functions without proper escaping or sanitization
Vulnerable code example
<?php
use Twig\Environment;
use Twig\Loader\FilesystemLoader;
$loader = new FilesystemLoader(__DIR__ . '/templates');
$twig = new Environment($loader, ['cache' => false]);
// VULNERABLE: User input directly used as template name without validation...✅ Secure code example
<?php
use Twig\Environment;
use Twig\Loader\FilesystemLoader;
$loader = new FilesystemLoader(__DIR__ . '/templates');
$twig = new Environment($loader, [
'cache' => false,
'autoescape' => true // Ensure autoescaping is enabled...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.