From 62399a1b88473d284052cb21e5407eacbd586f9d Mon Sep 17 00:00:00 2001
From: Pratik Ardhapurkar <ardhapup@amazon.com>
Date: Mon, 6 May 2024 08:39:13 +0530
Subject: [PATCH 1/3] Added missing php samples

---
 .../activated-debug-feature/compliant.php        | 12 ++++++++++++
 .../activated-debug-feature/non-compliant.php    | 12 ++++++++++++
 .../allow-url-fopen-or-include/compliant.php     | 12 ++++++++++++
 .../allow-url-fopen-or-include/non-compliant.php | 13 +++++++++++++
 php/src/detectors/assert-use/compliant.php       | 13 +++++++++++++
 php/src/detectors/assert-use/non-compliant.php   | 13 +++++++++++++
 php/src/detectors/avoid-exit-die/compliant.php   | 16 ++++++++++++++++
 .../detectors/avoid-exit-die/non-compliant.php   | 16 ++++++++++++++++
 php/src/detectors/coral-csrf-rule/compliant.php  | 14 ++++++++++++++
 .../detectors/coral-csrf-rule/non-compliant.php  | 14 ++++++++++++++
 .../dangerous-function-usage/compliant.php       | 12 ++++++++++++
 .../dangerous-function-usage/non-compliant.php   | 13 +++++++++++++
 .../improper-access-control/compliant.php        | 14 ++++++++++++++
 .../improper-access-control/non-compliant.php    | 15 +++++++++++++++
 .../detectors/insecure-connection/compliant.php  | 13 +++++++++++++
 .../insecure-connection/non-compliant.php        | 13 +++++++++++++
 .../insecure-cryptography/compliant.php          | 15 +++++++++++++++
 .../insecure-cryptography/non-compliant.php      | 15 +++++++++++++++
 .../compliant.php                                | 12 ++++++++++++
 .../non-compliant.php                            | 13 +++++++++++++
 .../ldap-bind-without-password/compliant.php     | 12 ++++++++++++
 .../ldap-bind-without-password/non-compliant.php | 12 ++++++++++++
 php/src/detectors/log-injection/compliant.php    | 13 +++++++++++++
 .../detectors/log-injection/non-compliant.php    | 14 ++++++++++++++
 .../compliant.php                                | 13 +++++++++++++
 .../non-compliant.php                            | 13 +++++++++++++
 .../detectors/sendfile-injection/compliant.php   | 12 ++++++++++++
 .../sendfile-injection/non-compliant.php         | 13 +++++++++++++
 .../sensitive-information-leak/compliant.php     | 12 ++++++++++++
 .../sensitive-information-leak/non-compliant.php | 12 ++++++++++++
 php/src/detectors/sql-injection/compliant.php    | 13 +++++++++++++
 .../detectors/sql-injection/non-compliant.php    | 13 +++++++++++++
 .../detectors/unsafe-reflection/compliant.php    | 14 ++++++++++++++
 .../unsafe-reflection/non-compliant.php          | 14 ++++++++++++++
 .../untrusted-deserialization/compliant.php      | 13 +++++++++++++
 .../untrusted-deserialization/non-compliant.php  | 13 +++++++++++++
 php/src/detectors/zip-bomb-attack/compliant.php  | 13 +++++++++++++
 .../detectors/zip-bomb-attack/non-compliant.php  | 12 ++++++++++++
 38 files changed, 501 insertions(+)
 create mode 100644 php/src/detectors/activated-debug-feature/compliant.php
 create mode 100644 php/src/detectors/activated-debug-feature/non-compliant.php
 create mode 100644 php/src/detectors/allow-url-fopen-or-include/compliant.php
 create mode 100644 php/src/detectors/allow-url-fopen-or-include/non-compliant.php
 create mode 100644 php/src/detectors/assert-use/compliant.php
 create mode 100644 php/src/detectors/assert-use/non-compliant.php
 create mode 100644 php/src/detectors/avoid-exit-die/compliant.php
 create mode 100644 php/src/detectors/avoid-exit-die/non-compliant.php
 create mode 100644 php/src/detectors/coral-csrf-rule/compliant.php
 create mode 100644 php/src/detectors/coral-csrf-rule/non-compliant.php
 create mode 100644 php/src/detectors/dangerous-function-usage/compliant.php
 create mode 100644 php/src/detectors/dangerous-function-usage/non-compliant.php
 create mode 100644 php/src/detectors/improper-access-control/compliant.php
 create mode 100644 php/src/detectors/improper-access-control/non-compliant.php
 create mode 100644 php/src/detectors/insecure-connection/compliant.php
 create mode 100644 php/src/detectors/insecure-connection/non-compliant.php
 create mode 100644 php/src/detectors/insecure-cryptography/compliant.php
 create mode 100644 php/src/detectors/insecure-cryptography/non-compliant.php
 create mode 100644 php/src/detectors/insecure-object-attribute-modification/compliant.php
 create mode 100644 php/src/detectors/insecure-object-attribute-modification/non-compliant.php
 create mode 100644 php/src/detectors/ldap-bind-without-password/compliant.php
 create mode 100644 php/src/detectors/ldap-bind-without-password/non-compliant.php
 create mode 100644 php/src/detectors/log-injection/compliant.php
 create mode 100644 php/src/detectors/log-injection/non-compliant.php
 create mode 100644 php/src/detectors/origins-verified-cross-origin-communications/compliant.php
 create mode 100644 php/src/detectors/origins-verified-cross-origin-communications/non-compliant.php
 create mode 100644 php/src/detectors/sendfile-injection/compliant.php
 create mode 100644 php/src/detectors/sendfile-injection/non-compliant.php
 create mode 100644 php/src/detectors/sensitive-information-leak/compliant.php
 create mode 100644 php/src/detectors/sensitive-information-leak/non-compliant.php
 create mode 100644 php/src/detectors/sql-injection/compliant.php
 create mode 100644 php/src/detectors/sql-injection/non-compliant.php
 create mode 100644 php/src/detectors/unsafe-reflection/compliant.php
 create mode 100644 php/src/detectors/unsafe-reflection/non-compliant.php
 create mode 100644 php/src/detectors/untrusted-deserialization/compliant.php
 create mode 100644 php/src/detectors/untrusted-deserialization/non-compliant.php
 create mode 100644 php/src/detectors/zip-bomb-attack/compliant.php
 create mode 100644 php/src/detectors/zip-bomb-attack/non-compliant.php

diff --git a/php/src/detectors/activated-debug-feature/compliant.php b/php/src/detectors/activated-debug-feature/compliant.php
new file mode 100644
index 0000000..1af1939
--- /dev/null
+++ b/php/src/detectors/activated-debug-feature/compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=detect-activated-debug-feature@v1.0 defects=0}
+// Compliant: Debug mode is disabled
+    config(['app.debug' => 'false']);
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/activated-debug-feature/non-compliant.php b/php/src/detectors/activated-debug-feature/non-compliant.php
new file mode 100644
index 0000000..b888641
--- /dev/null
+++ b/php/src/detectors/activated-debug-feature/non-compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=detect-activated-debug-feature@v1.0 defects=1}
+// Noncompliant:  Debug mode is eanbled
+    config(['app.debug' => 'true']); 
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/allow-url-fopen-or-include/compliant.php b/php/src/detectors/allow-url-fopen-or-include/compliant.php
new file mode 100644
index 0000000..5fe5a7e
--- /dev/null
+++ b/php/src/detectors/allow-url-fopen-or-include/compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=allow-url-fopen-or-include@v1.0 defects=0}
+// Compliant: `allow_url_fopen` set to `'Off'` 
+    ini_set('allow_url_fopen','Off');
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/allow-url-fopen-or-include/non-compliant.php b/php/src/detectors/allow-url-fopen-or-include/non-compliant.php
new file mode 100644
index 0000000..fe1e16e
--- /dev/null
+++ b/php/src/detectors/allow-url-fopen-or-include/non-compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=allow-url-fopen-or-include@v1.0 defects=1}
+// Noncompliant: `allow_url_fopen` set to `'On'` 
+    ini_set('allow_url_fopen','On');
+// {/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/assert-use/compliant.php b/php/src/detectors/assert-use/compliant.php
new file mode 100644
index 0000000..ec5b9e0
--- /dev/null
+++ b/php/src/detectors/assert-use/compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=assert-use@v1.0 defects=0}
+// Compliant : assert input is not tainted
+    $tainted = $_GET['userinput'];
+    assert('2 > 1');
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/assert-use/non-compliant.php b/php/src/detectors/assert-use/non-compliant.php
new file mode 100644
index 0000000..580340d
--- /dev/null
+++ b/php/src/detectors/assert-use/non-compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=assert-use@v1.0 defects=1}
+// NonCompliant: the userinput is not sanitized
+    $tainted = $_GET['userinput'];
+    assert($tainted);
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/avoid-exit-die/compliant.php b/php/src/detectors/avoid-exit-die/compliant.php
new file mode 100644
index 0000000..bef8a9e
--- /dev/null
+++ b/php/src/detectors/avoid-exit-die/compliant.php
@@ -0,0 +1,16 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=avoid-exit-die@v1.0 defects=0}
+// Compliant: Exception thrown in a compliant way.
+function compliant($param)  {
+    if ($param == 42) {
+      throw new Exception('Value 42 is not expected.');
+    }
+}
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/avoid-exit-die/non-compliant.php b/php/src/detectors/avoid-exit-die/non-compliant.php
new file mode 100644
index 0000000..f3f52b7
--- /dev/null
+++ b/php/src/detectors/avoid-exit-die/non-compliant.php
@@ -0,0 +1,16 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=avoid-exit-die@v1.0 defects=1}
+// Noncompliant : exit() is used to terminate the script
+function nonCompliant($param)  {
+    if ($param === 42) {
+        exit(23);
+    }
+}
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/coral-csrf-rule/compliant.php b/php/src/detectors/coral-csrf-rule/compliant.php
new file mode 100644
index 0000000..701e896
--- /dev/null
+++ b/php/src/detectors/coral-csrf-rule/compliant.php
@@ -0,0 +1,14 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=coral-csrf-rule@v1.0 defects=0}
+// Compliant: CSRF protection enabled
+$resolver->setDefaults([
+    'csrf_protection' => true
+  ]);
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/coral-csrf-rule/non-compliant.php b/php/src/detectors/coral-csrf-rule/non-compliant.php
new file mode 100644
index 0000000..c99b912
--- /dev/null
+++ b/php/src/detectors/coral-csrf-rule/non-compliant.php
@@ -0,0 +1,14 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=coral-csrf-rule@v1.0 defects=1}
+// Noncompliant: CSRF protection is disabled
+$resolver->setDefaults(array(
+    'csrf_protection' => false
+  ));
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/dangerous-function-usage/compliant.php b/php/src/detectors/dangerous-function-usage/compliant.php
new file mode 100644
index 0000000..fcb385b
--- /dev/null
+++ b/php/src/detectors/dangerous-function-usage/compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=dangerous-function-usage@v1.0 defects=0}
+// Compliant: `openssl_encrypt` function to perform encryption using the OpenSSL library.
+    openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/dangerous-function-usage/non-compliant.php b/php/src/detectors/dangerous-function-usage/non-compliant.php
new file mode 100644
index 0000000..c1526b7
--- /dev/null
+++ b/php/src/detectors/dangerous-function-usage/non-compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=dangerous-function-usage@v1.0 defects=1}
+// Noncompliant: `mcrypt_ecb` function to perform decryption using the ECB 
+    mcrypt_ecb(MCRYPT_BLOWFISH, $key, base64_decode($input), MCRYPT_DECRYPT);
+// {/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/improper-access-control/compliant.php b/php/src/detectors/improper-access-control/compliant.php
new file mode 100644
index 0000000..9abfbc4
--- /dev/null
+++ b/php/src/detectors/improper-access-control/compliant.php
@@ -0,0 +1,14 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=improper-access-control@v1.0 defects=0}
+// Compliant: The session prefix is used to prevent 
+    $inputA = $_POST['input'];
+    $_SESSION['prefix' . $_POST['input']] = true;
+//{/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/improper-access-control/non-compliant.php b/php/src/detectors/improper-access-control/non-compliant.php
new file mode 100644
index 0000000..ea6a137
--- /dev/null
+++ b/php/src/detectors/improper-access-control/non-compliant.php
@@ -0,0 +1,15 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+
+//{fact rule=improper-access-control@v1.0 defects=1}
+// Noncompliant: tainted session variable is used in a session 
+    $inputA = $_POST['input'];
+	$_SESSION[$inputA] = true;
+//{/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/insecure-connection/compliant.php b/php/src/detectors/insecure-connection/compliant.php
new file mode 100644
index 0000000..afbeb68
--- /dev/null
+++ b/php/src/detectors/insecure-connection/compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-connection@v1.0 defects=0}
+ // Compliant: CURLOPT_SSL_VERIFYPEER is set to true
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
+ // {/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/insecure-connection/non-compliant.php b/php/src/detectors/insecure-connection/non-compliant.php
new file mode 100644
index 0000000..00dc34b
--- /dev/null
+++ b/php/src/detectors/insecure-connection/non-compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-connection@v1.0 defects=1}
+//Noncompliant: CURLOPT_SSL_VERIFYPEER is set to false
+curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+// {/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/insecure-cryptography/compliant.php b/php/src/detectors/insecure-cryptography/compliant.php
new file mode 100644
index 0000000..0c85f6a
--- /dev/null
+++ b/php/src/detectors/insecure-cryptography/compliant.php
@@ -0,0 +1,15 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-cryptography@v1.0 defects=0}
+// Compliant : SHA-256 is secure hashing algorithm
+function compliant($value) {
+    $pass = hash('sha256', $value);
+    $user->setPassword($pass);
+}
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/insecure-cryptography/non-compliant.php b/php/src/detectors/insecure-cryptography/non-compliant.php
new file mode 100644
index 0000000..1369a9e
--- /dev/null
+++ b/php/src/detectors/insecure-cryptography/non-compliant.php
@@ -0,0 +1,15 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-cryptography@v1.0 defects=1}
+// Noncompliant: Weak hashing algorithm MD5 is used
+function nonCompliant($value) { 
+    $pass = hash('md5', $value);
+    $user->setPassword($pass);
+}
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/insecure-object-attribute-modification/compliant.php b/php/src/detectors/insecure-object-attribute-modification/compliant.php
new file mode 100644
index 0000000..ad3ed90
--- /dev/null
+++ b/php/src/detectors/insecure-object-attribute-modification/compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-object-attribute-modification@v1.0 defects=0}
+// Compliant: guarded model initialised with value
+protected $guarded = ['name', 'email'];
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/insecure-object-attribute-modification/non-compliant.php b/php/src/detectors/insecure-object-attribute-modification/non-compliant.php
new file mode 100644
index 0000000..dc9efba
--- /dev/null
+++ b/php/src/detectors/insecure-object-attribute-modification/non-compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=insecure-object-attribute-modification@v1.0 defects=1}
+// Noncompliant: use of guarded array property.
+protected $guarded = [];
+// {/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/ldap-bind-without-password/compliant.php b/php/src/detectors/ldap-bind-without-password/compliant.php
new file mode 100644
index 0000000..9f26623
--- /dev/null
+++ b/php/src/detectors/ldap-bind-without-password/compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=ldap-bind-without-password@v1.0 defect=0}
+// Compliant: username and passwrod provided
+ldap_bind($ldapconn, "username", "password");
+//{fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/ldap-bind-without-password/non-compliant.php b/php/src/detectors/ldap-bind-without-password/non-compliant.php
new file mode 100644
index 0000000..9dbc03d
--- /dev/null
+++ b/php/src/detectors/ldap-bind-without-password/non-compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=ldap-bind-without-password@v1.0 defect=1}
+// Noncompliant: username and password is missing  
+ldap_bind($ldapconn, NULL, NULL);
+// {fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/log-injection/compliant.php b/php/src/detectors/log-injection/compliant.php
new file mode 100644
index 0000000..ece1515
--- /dev/null
+++ b/php/src/detectors/log-injection/compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+    // {fact rule=log-injection@v1.0 defects=0}
+    // Compliant: `log_errors` is set to `'0'`, PHP will log errors to the error log file.
+    ini_set('log_errors', '1');
+    // {/fact}
+ 
+?>
\ No newline at end of file
diff --git a/php/src/detectors/log-injection/non-compliant.php b/php/src/detectors/log-injection/non-compliant.php
new file mode 100644
index 0000000..86c5852
--- /dev/null
+++ b/php/src/detectors/log-injection/non-compliant.php
@@ -0,0 +1,14 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+    // {fact rule=log-injection@v1.0 defects=1}
+    // Noncompliant: `log_errors` is set to `'0'`, PHP will not log errors to the error log file.
+    ini_set('log_errors', '0');
+    // {/fact}
+?>
+
+log-injection
\ No newline at end of file
diff --git a/php/src/detectors/origins-verified-cross-origin-communications/compliant.php b/php/src/detectors/origins-verified-cross-origin-communications/compliant.php
new file mode 100644
index 0000000..7de9bc4
--- /dev/null
+++ b/php/src/detectors/origins-verified-cross-origin-communications/compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=origins-verified-cross-origin-communications@v1.0 defects=0}
+// Compliant: Custom header with a wildcard value does not pose a risk to cross-origin communication
+header("Other-Property: *");
+// {/fact}
+    
+?>
\ No newline at end of file
diff --git a/php/src/detectors/origins-verified-cross-origin-communications/non-compliant.php b/php/src/detectors/origins-verified-cross-origin-communications/non-compliant.php
new file mode 100644
index 0000000..59c8033
--- /dev/null
+++ b/php/src/detectors/origins-verified-cross-origin-communications/non-compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=origins-verified-cross-origin-communications@v1.0 defects=1}
+// Noncompliant: Access-Control-Allow-Origin` header to `*` can allow any origin to access sensitive resources without proper verification.
+header('Access-Control-Allow-Origin: *');
+// {/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/sendfile-injection/compliant.php b/php/src/detectors/sendfile-injection/compliant.php
new file mode 100644
index 0000000..37685c7
--- /dev/null
+++ b/php/src/detectors/sendfile-injection/compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=sendfile-injection@v1.0 defects=0}
+// Compliant: Non tainted input is passed to the function
+include_once('constant.php');
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/sendfile-injection/non-compliant.php b/php/src/detectors/sendfile-injection/non-compliant.php
new file mode 100644
index 0000000..de83c45
--- /dev/null
+++ b/php/src/detectors/sendfile-injection/non-compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=sendfile-injection@v1.0 defects=1}
+$user_input = $_GET["tainted"];
+// Noncompliant: $user_input is not sanitized.
+include_once($user_input);
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/sensitive-information-leak/compliant.php b/php/src/detectors/sensitive-information-leak/compliant.php
new file mode 100644
index 0000000..952aa2c
--- /dev/null
+++ b/php/src/detectors/sensitive-information-leak/compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=sensitive-information-leak@v1.0 defects=0}
+// Compliant: fsockopen() is used to connect to a remote host.
+$abc->fsockopen($hostname); 
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/sensitive-information-leak/non-compliant.php b/php/src/detectors/sensitive-information-leak/non-compliant.php
new file mode 100644
index 0000000..2c3e9d2
--- /dev/null
+++ b/php/src/detectors/sensitive-information-leak/non-compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=isensitive-information-leak@v1.0 defects=1}
+// Noncomplaint: socket_create() is considered for connection
+socket_create($domain, $type, $protocol); 
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/sql-injection/compliant.php b/php/src/detectors/sql-injection/compliant.php
new file mode 100644
index 0000000..b80ffd4
--- /dev/null
+++ b/php/src/detectors/sql-injection/compliant.php
@@ -0,0 +1,13 @@
+<?php
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+    //{fact rule=sql-injection@v1.0 defects=0}
+    // Compliant: column name is fixed
+    $tainted = $_GET['userinput'];
+    $user = DB::table('users')->where('name', $tainted)->first();
+    // {/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/sql-injection/non-compliant.php b/php/src/detectors/sql-injection/non-compliant.php
new file mode 100644
index 0000000..11fc0d0
--- /dev/null
+++ b/php/src/detectors/sql-injection/non-compliant.php
@@ -0,0 +1,13 @@
+<?php
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+	
+    //{fact rule=sql-injection@v1.0 defects=1}
+    // Noncomplaint: tainted column name
+    $tainted = $_GET['userinput'];
+    $user = DB::table('users')->where($tainted, 'John')->first();
+    // {/fact}
+?>
+	
\ No newline at end of file
diff --git a/php/src/detectors/unsafe-reflection/compliant.php b/php/src/detectors/unsafe-reflection/compliant.php
new file mode 100644
index 0000000..2c9711b
--- /dev/null
+++ b/php/src/detectors/unsafe-reflection/compliant.php
@@ -0,0 +1,14 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=unsafe-reflection@v1.0 defects=0} 
+// Compliant: No reflection is used.   
+    $myController= "MyController";
+	$controller = new $myController();
+// {/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/unsafe-reflection/non-compliant.php b/php/src/detectors/unsafe-reflection/non-compliant.php
new file mode 100644
index 0000000..4c7d8ed
--- /dev/null
+++ b/php/src/detectors/unsafe-reflection/non-compliant.php
@@ -0,0 +1,14 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=unsafe-reflection@v1.0 defects=1}
+// Noncompliant: Uses reflection to create a controller object
+    $parts = explode("/", $_SERVER['PATH_INFO']);
+	$controllerName = $parts[0];
+	$controller = new $controllerName($parts[1]);
+ // {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/untrusted-deserialization/compliant.php b/php/src/detectors/untrusted-deserialization/compliant.php
new file mode 100644
index 0000000..2c0addf
--- /dev/null
+++ b/php/src/detectors/untrusted-deserialization/compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=untrusted-deserialization@v1.0 defects=0}
+    // Compliant: EXTR_SKIP is used to skip the extraction of the variable.
+    $ok = $_FILES["/some/bad/path"];
+	extract($ok, EXTR_SKIP, "wddx");
+//{/fact}     
+?>
\ No newline at end of file
diff --git a/php/src/detectors/untrusted-deserialization/non-compliant.php b/php/src/detectors/untrusted-deserialization/non-compliant.php
new file mode 100644
index 0000000..075b787
--- /dev/null
+++ b/php/src/detectors/untrusted-deserialization/non-compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=untrusted-deserialization@v1.0 defects=1}
+    $bad2 = $_FILES["/some/bad/path"];
+	// Noncompliant: EXTR_PREFIX_SAME is used to extract variables with the same name.
+	 extract($bad2, EXTR_PREFIX_SAME, "wddx");
+//{/fact} 
+?>
\ No newline at end of file
diff --git a/php/src/detectors/zip-bomb-attack/compliant.php b/php/src/detectors/zip-bomb-attack/compliant.php
new file mode 100644
index 0000000..2b40090
--- /dev/null
+++ b/php/src/detectors/zip-bomb-attack/compliant.php
@@ -0,0 +1,13 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+ //{fact rule=zip-bomb-attack@v1.0 defects=0}
+ // Compliant: `zip_entry_read` will read the next 1024 bytes of data from the zip entry starting from the current position.
+ zip_entry_read($zip_entry, 1024); 
+// {/fact}
+
+?>
\ No newline at end of file
diff --git a/php/src/detectors/zip-bomb-attack/non-compliant.php b/php/src/detectors/zip-bomb-attack/non-compliant.php
new file mode 100644
index 0000000..7ef484c
--- /dev/null
+++ b/php/src/detectors/zip-bomb-attack/non-compliant.php
@@ -0,0 +1,12 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+ //{fact rule=zip-bomb-attack@v1.0 defects=1}
+ // Noncomplaint: The entire content of the zip entry is read and returned by `zip_entry_read`
+ zip_entry_read($zip_entry, zip_entry_filesize($zip_entry)); 
+// {/fact}
+?>
\ No newline at end of file

From ca21f6c220d518d6cbfc1df0ee8f4ef50e8a7cf9 Mon Sep 17 00:00:00 2001
From: Pratik Ardhapurkar <ardhapup@amazon.com>
Date: Mon, 6 May 2024 14:04:33 +0530
Subject: [PATCH 2/3] Added missing samples for php

---
 .../activated-debug-feature/non-compliant.php |  2 +-
 .../insecure-connection/compliant.php         |  6 +++---
 .../insecure-connection/non-compliant.php     |  2 +-
 php/src/detectors/log-injection/compliant.php |  2 +-
 .../detectors/log-injection/non-compliant.php |  5 ++---
 .../server-side-request-forgery/compliant.php |  1 -
 .../compliant.php                             | 19 +++++++++++++++++++
 .../non-compliant.php                         | 18 ++++++++++++++++++
 .../detectors/unsafe-reflection/compliant.php |  4 ++--
 .../unsafe-reflection/non-compliant.php       |  6 +++---
 .../untrusted-deserialization/compliant.php   |  6 +++---
 .../non-compliant.php                         |  6 +++---
 .../detectors/zip-bomb-attack/compliant.php   |  1 -
 13 files changed, 56 insertions(+), 22 deletions(-)
 create mode 100644 php/src/detectors/static-initialization-vector/compliant.php
 create mode 100644 php/src/detectors/static-initialization-vector/non-compliant.php

diff --git a/php/src/detectors/activated-debug-feature/non-compliant.php b/php/src/detectors/activated-debug-feature/non-compliant.php
index b888641..61437b3 100644
--- a/php/src/detectors/activated-debug-feature/non-compliant.php
+++ b/php/src/detectors/activated-debug-feature/non-compliant.php
@@ -6,7 +6,7 @@
 */
 
 // {fact rule=detect-activated-debug-feature@v1.0 defects=1}
-// Noncompliant:  Debug mode is eanbled
+// Noncompliant: Debug mode is eanbled
     config(['app.debug' => 'true']); 
 // {/fact}
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/insecure-connection/compliant.php b/php/src/detectors/insecure-connection/compliant.php
index afbeb68..3e3b5b3 100644
--- a/php/src/detectors/insecure-connection/compliant.php
+++ b/php/src/detectors/insecure-connection/compliant.php
@@ -6,8 +6,8 @@
 */
 
 // {fact rule=insecure-connection@v1.0 defects=0}
- // Compliant: CURLOPT_SSL_VERIFYPEER is set to true
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
- // {/fact}
+// Compliant: CURLOPT_SSL_VERIFYPEER is set to true
+curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
+// {/fact}
 
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/insecure-connection/non-compliant.php b/php/src/detectors/insecure-connection/non-compliant.php
index 00dc34b..997b121 100644
--- a/php/src/detectors/insecure-connection/non-compliant.php
+++ b/php/src/detectors/insecure-connection/non-compliant.php
@@ -6,7 +6,7 @@
 */
 
 // {fact rule=insecure-connection@v1.0 defects=1}
-//Noncompliant: CURLOPT_SSL_VERIFYPEER is set to false
+// Noncompliant: CURLOPT_SSL_VERIFYPEER is set to false
 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 // {/fact}
 
diff --git a/php/src/detectors/log-injection/compliant.php b/php/src/detectors/log-injection/compliant.php
index ece1515..fb4d8ab 100644
--- a/php/src/detectors/log-injection/compliant.php
+++ b/php/src/detectors/log-injection/compliant.php
@@ -9,5 +9,5 @@
     // Compliant: `log_errors` is set to `'0'`, PHP will log errors to the error log file.
     ini_set('log_errors', '1');
     // {/fact}
- 
+    
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/log-injection/non-compliant.php b/php/src/detectors/log-injection/non-compliant.php
index 86c5852..ca47b51 100644
--- a/php/src/detectors/log-injection/non-compliant.php
+++ b/php/src/detectors/log-injection/non-compliant.php
@@ -9,6 +9,5 @@
     // Noncompliant: `log_errors` is set to `'0'`, PHP will not log errors to the error log file.
     ini_set('log_errors', '0');
     // {/fact}
-?>
-
-log-injection
\ No newline at end of file
+    
+?>
\ No newline at end of file
diff --git a/php/src/detectors/server-side-request-forgery/compliant.php b/php/src/detectors/server-side-request-forgery/compliant.php
index 16168ee..841bca7 100644
--- a/php/src/detectors/server-side-request-forgery/compliant.php
+++ b/php/src/detectors/server-side-request-forgery/compliant.php
@@ -9,7 +9,6 @@
 function compliant(){
     // Compliant: Ensures the request is being sent to the expected destination
     $file = file_get_contents("index.php");
-
 }
 //{/fact}
 ?>
diff --git a/php/src/detectors/static-initialization-vector/compliant.php b/php/src/detectors/static-initialization-vector/compliant.php
new file mode 100644
index 0000000..6987a45
--- /dev/null
+++ b/php/src/detectors/static-initialization-vector/compliant.php
@@ -0,0 +1,19 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=static-initialization-vector@v1.0 defects=0}
+function compliant1($plaintext, $password) {
+    $method = "AES-256-CBC";
+    $key = hash('sha256', $password, true);
+    $iv = openssl_random_pseudo_bytes(16);
+// Compliant: $iv is used to initialize the cipher
+    $ciphertext = openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv);
+    $hash = hash_hmac('sha256', $ciphertext . $iv, $key, true);
+    return $iv . $hash . $ciphertext;
+}
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/static-initialization-vector/non-compliant.php b/php/src/detectors/static-initialization-vector/non-compliant.php
new file mode 100644
index 0000000..3447c22
--- /dev/null
+++ b/php/src/detectors/static-initialization-vector/non-compliant.php
@@ -0,0 +1,18 @@
+<?php
+
+/* 
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+//{fact rule=static-initialization-vector@v1.0 defects=1}
+function nonCompliant2($plaintext, $password) {
+    $key = hash('sha256', $password, true);
+    $iv = "4c25ecc95c8816db753cba44a3b56aca";
+// Noncompliant : Hardcoded `vi` value in initialization vector.   
+    $ciphertext = openssl_encrypt($plaintext, "AES-256-CBC", $key, OPENSSL_RAW_DATA, $iv);
+    $hash = hash_hmac('sha256', $ciphertext . $iv, $key, true);
+    return $iv . $hash . $ciphertext;
+}
+// {/fact}
+?>
\ No newline at end of file
diff --git a/php/src/detectors/unsafe-reflection/compliant.php b/php/src/detectors/unsafe-reflection/compliant.php
index 2c9711b..921ea71 100644
--- a/php/src/detectors/unsafe-reflection/compliant.php
+++ b/php/src/detectors/unsafe-reflection/compliant.php
@@ -7,8 +7,8 @@
 
 //{fact rule=unsafe-reflection@v1.0 defects=0} 
 // Compliant: No reflection is used.   
-    $myController= "MyController";
-	$controller = new $myController();
+$myController= "MyController";
+$controller = new $myController();
 // {/fact}
 
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/unsafe-reflection/non-compliant.php b/php/src/detectors/unsafe-reflection/non-compliant.php
index 4c7d8ed..b61cb8c 100644
--- a/php/src/detectors/unsafe-reflection/non-compliant.php
+++ b/php/src/detectors/unsafe-reflection/non-compliant.php
@@ -7,8 +7,8 @@
 
 //{fact rule=unsafe-reflection@v1.0 defects=1}
 // Noncompliant: Uses reflection to create a controller object
-    $parts = explode("/", $_SERVER['PATH_INFO']);
-	$controllerName = $parts[0];
-	$controller = new $controllerName($parts[1]);
+$parts = explode("/", $_SERVER['PATH_INFO']);
+$controllerName = $parts[0];
+$controller = new $controllerName($parts[1]);
  // {/fact}
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/untrusted-deserialization/compliant.php b/php/src/detectors/untrusted-deserialization/compliant.php
index 2c0addf..2c0180d 100644
--- a/php/src/detectors/untrusted-deserialization/compliant.php
+++ b/php/src/detectors/untrusted-deserialization/compliant.php
@@ -6,8 +6,8 @@
 */
 
 //{fact rule=untrusted-deserialization@v1.0 defects=0}
-    // Compliant: EXTR_SKIP is used to skip the extraction of the variable.
-    $ok = $_FILES["/some/bad/path"];
-	extract($ok, EXTR_SKIP, "wddx");
+// Compliant: EXTR_SKIP is used to skip the extraction of the variable.
+$ok = $_FILES["/some/bad/path"];
+extract($ok, EXTR_SKIP, "wddx");
 //{/fact}     
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/untrusted-deserialization/non-compliant.php b/php/src/detectors/untrusted-deserialization/non-compliant.php
index 075b787..e2f2fb6 100644
--- a/php/src/detectors/untrusted-deserialization/non-compliant.php
+++ b/php/src/detectors/untrusted-deserialization/non-compliant.php
@@ -6,8 +6,8 @@
 */
 
 //{fact rule=untrusted-deserialization@v1.0 defects=1}
-    $bad2 = $_FILES["/some/bad/path"];
-	// Noncompliant: EXTR_PREFIX_SAME is used to extract variables with the same name.
-	 extract($bad2, EXTR_PREFIX_SAME, "wddx");
+$bad2 = $_FILES["/some/bad/path"];
+// Noncompliant: EXTR_PREFIX_SAME is used to extract variables with the same name.
+extract($bad2, EXTR_PREFIX_SAME, "wddx");
 //{/fact} 
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/zip-bomb-attack/compliant.php b/php/src/detectors/zip-bomb-attack/compliant.php
index 2b40090..9c2983a 100644
--- a/php/src/detectors/zip-bomb-attack/compliant.php
+++ b/php/src/detectors/zip-bomb-attack/compliant.php
@@ -9,5 +9,4 @@
  // Compliant: `zip_entry_read` will read the next 1024 bytes of data from the zip entry starting from the current position.
  zip_entry_read($zip_entry, 1024); 
 // {/fact}
-
 ?>
\ No newline at end of file

From 732e11fbaf076571b7b885980a03fdba395f5a2d Mon Sep 17 00:00:00 2001
From: Pratik Ardhapurkar <ardhapup@amazon.com>
Date: Thu, 9 May 2024 12:30:04 +0530
Subject: [PATCH 3/3] Corrected samples

---
 php/src/detectors/dangerous-function-usage/non-compliant.php  | 4 ++--
 php/src/detectors/improper-access-control/compliant.php       | 1 -
 php/src/detectors/log-injection/compliant.php                 | 2 +-
 php/src/detectors/sensitive-information-leak/compliant.php    | 2 +-
 .../detectors/sensitive-information-leak/non-compliant.php    | 2 +-
 php/src/detectors/sql-injection/non-compliant.php             | 2 +-
 .../detectors/static-initialization-vector/non-compliant.php  | 2 +-
 php/src/detectors/zip-bomb-attack/non-compliant.php           | 2 +-
 8 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/php/src/detectors/dangerous-function-usage/non-compliant.php b/php/src/detectors/dangerous-function-usage/non-compliant.php
index c1526b7..c9a5fa6 100644
--- a/php/src/detectors/dangerous-function-usage/non-compliant.php
+++ b/php/src/detectors/dangerous-function-usage/non-compliant.php
@@ -6,8 +6,8 @@
 */
 
 // {fact rule=dangerous-function-usage@v1.0 defects=1}
-// Noncompliant: `mcrypt_ecb` function to perform decryption using the ECB 
-    mcrypt_ecb(MCRYPT_BLOWFISH, $key, base64_decode($input), MCRYPT_DECRYPT);
+// Noncompliant: `mcrypt_ecb` function to perform encryption using the ECB 
+    mcrypt_ecb(MCRYPT_BLOWFISH, $key, base64_decode($input), MCRYPT_ENCRYPT);
 // {/fact}
 
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/improper-access-control/compliant.php b/php/src/detectors/improper-access-control/compliant.php
index 9abfbc4..335211f 100644
--- a/php/src/detectors/improper-access-control/compliant.php
+++ b/php/src/detectors/improper-access-control/compliant.php
@@ -7,7 +7,6 @@
 
 //{fact rule=improper-access-control@v1.0 defects=0}
 // Compliant: The session prefix is used to prevent 
-    $inputA = $_POST['input'];
     $_SESSION['prefix' . $_POST['input']] = true;
 //{/fact}
 
diff --git a/php/src/detectors/log-injection/compliant.php b/php/src/detectors/log-injection/compliant.php
index fb4d8ab..78c963f 100644
--- a/php/src/detectors/log-injection/compliant.php
+++ b/php/src/detectors/log-injection/compliant.php
@@ -6,7 +6,7 @@
 */
 
     // {fact rule=log-injection@v1.0 defects=0}
-    // Compliant: `log_errors` is set to `'0'`, PHP will log errors to the error log file.
+    // Compliant: `log_errors` is set to `'1'`, PHP will log errors to the error log file.
     ini_set('log_errors', '1');
     // {/fact}
     
diff --git a/php/src/detectors/sensitive-information-leak/compliant.php b/php/src/detectors/sensitive-information-leak/compliant.php
index 952aa2c..23051c7 100644
--- a/php/src/detectors/sensitive-information-leak/compliant.php
+++ b/php/src/detectors/sensitive-information-leak/compliant.php
@@ -7,6 +7,6 @@
 
 // {fact rule=sensitive-information-leak@v1.0 defects=0}
 // Compliant: fsockopen() is used to connect to a remote host.
-$abc->fsockopen($hostname); 
+fsockopen($hostname, 80, $errno, $errstr, 20); 
 // {/fact}
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/sensitive-information-leak/non-compliant.php b/php/src/detectors/sensitive-information-leak/non-compliant.php
index 2c3e9d2..9e2227b 100644
--- a/php/src/detectors/sensitive-information-leak/non-compliant.php
+++ b/php/src/detectors/sensitive-information-leak/non-compliant.php
@@ -6,7 +6,7 @@
 */
 
 // {fact rule=isensitive-information-leak@v1.0 defects=1}
-// Noncomplaint: socket_create() is considered for connection
+// Noncompliant: socket_create() is considered for connection
 socket_create($domain, $type, $protocol); 
 // {/fact}
 ?>
\ No newline at end of file
diff --git a/php/src/detectors/sql-injection/non-compliant.php b/php/src/detectors/sql-injection/non-compliant.php
index 11fc0d0..7b5a7d0 100644
--- a/php/src/detectors/sql-injection/non-compliant.php
+++ b/php/src/detectors/sql-injection/non-compliant.php
@@ -5,7 +5,7 @@
 */
 	
     //{fact rule=sql-injection@v1.0 defects=1}
-    // Noncomplaint: tainted column name
+    // Noncompliant: tainted column name
     $tainted = $_GET['userinput'];
     $user = DB::table('users')->where($tainted, 'John')->first();
     // {/fact}
diff --git a/php/src/detectors/static-initialization-vector/non-compliant.php b/php/src/detectors/static-initialization-vector/non-compliant.php
index 3447c22..c64b7f8 100644
--- a/php/src/detectors/static-initialization-vector/non-compliant.php
+++ b/php/src/detectors/static-initialization-vector/non-compliant.php
@@ -9,7 +9,7 @@
 function nonCompliant2($plaintext, $password) {
     $key = hash('sha256', $password, true);
     $iv = "4c25ecc95c8816db753cba44a3b56aca";
-// Noncompliant : Hardcoded `vi` value in initialization vector.   
+    // Noncompliant: Hardcoded `vi` value in initialization vector.   
     $ciphertext = openssl_encrypt($plaintext, "AES-256-CBC", $key, OPENSSL_RAW_DATA, $iv);
     $hash = hash_hmac('sha256', $ciphertext . $iv, $key, true);
     return $iv . $hash . $ciphertext;
diff --git a/php/src/detectors/zip-bomb-attack/non-compliant.php b/php/src/detectors/zip-bomb-attack/non-compliant.php
index 7ef484c..d3050a8 100644
--- a/php/src/detectors/zip-bomb-attack/non-compliant.php
+++ b/php/src/detectors/zip-bomb-attack/non-compliant.php
@@ -6,7 +6,7 @@
 */
 
  //{fact rule=zip-bomb-attack@v1.0 defects=1}
- // Noncomplaint: The entire content of the zip entry is read and returned by `zip_entry_read`
+ // Noncompliant: The entire content of the zip entry is read and returned by `zip_entry_read`
  zip_entry_read($zip_entry, zip_entry_filesize($zip_entry)); 
 // {/fact}
 ?>
\ No newline at end of file