1.2.801. No Hardcoded Ip¶
Do not leave hard coded IP in your code.
It is recommended to move such configuration in external files or databases, for each update.
This may also come handy when testing.
127.0.0.1
, \:\:1
and \:\:0
are omitted, and not considered as a violation.
<?php
// This IPv4 is hardcoded.
$ip = '183.207.224.50';
// This IPv6 is hardcoded.
$ip = '2001:0db8:85a3:0000:0000:8a2e:0370:7334';
// This looks like an IP
$thisIsNotAnIP = '213.187.99.50';
$thisIsNotAnIP = '2133:1387:9393:5330';
?>
See also Use of Hardcoded IPv4 Addresses and Never hard code sensitive information.
1.2.801.1. Suggestions¶
Move the hardcoded IP to an external source : environment variable, configuration file, database.
Remove the hardcoded IP and ask for it at execution.
Use a literal value for default messages in form.
1.2.801.2. Specs¶
Short name |
Structures/NoHardcodedIp |
Rulesets |
|
Exakat since |
0.8.4 |
PHP Version |
All |
Severity |
Minor |
Time To Fix |
Slow (1 hour) |
Precision |
Very high |
Features |
ip |
Examples |
|
Available in |