mpcmach
commented
5 years ago VaultPress support has confirmed that they consider this to be a false positive that can be safely ignored.
Closed mpcmach closed 5 years ago
mpcmach
commented
5 years ago VaultPress support has confirmed that they consider this to be a false positive that can be safely ignored.
It looks like there's some code in the plugin here:
/wp-content/plugins/wp-ses/vendor/Aws3/Aws/middleware.php /wp-content/plugins/wp-ses/vendor/Aws3/GuzzleHttp/middleware.php
...that triggers a warning "PHP.Generic.BadPattern.5: This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned" in VaultPress's security scan feature.
VP says the problem lies in line 233 in the first file and line 202 in the second:
return $handler($f($command), $request);This may be a false positive that needs to be whitelisted/ignored in VP rather than fixed here, but could you confirm if this is the case?