1.2.803. No Hardcoded Port

When connecting to a remove server, port is an important information. It is recommended to make this configurable (with constant or configuration), to as to be able to change this value without changing the code.

<?php

    // Both configurable IP and hostname
    $connection = ssh2_connect($_ENV['SSH_HOST'], $_ENV['SSH_PORT'], $methods, $callbacks);

    // Both hardcoded IP and hostname
    $connection = ssh2_connect('shell.example.com', 22, $methods, $callbacks);

    if (!$connection) die('Connection failed');
?>

1.2.803.1. Suggestions

  • Move the port to a configuration file, an environment variable

1.2.803.2. Specs

Short name

Structures/NoHardcodedPort

Rulesets

All, Analyze, Security

Exakat since

0.8.4

PHP Version

All

Severity

Minor

Time To Fix

Quick (30 mins)

Precision

Very high

Features

port

Examples

WordPress

Available in

Entreprise Edition, Exakat Cloud