Potentially suspicious code found in a Cornerstone file

JvP · March 4, 2020, 2:16pm

My security plugin picked up a suspicious function in wp-content/themes/pro/cornerstone/includes/views/admin/home-box-templates.php

This is the part:

  <?php $box_class = '.tco-box-templates';
  include( $this->locate_view( 'admin/home-validate-overlay' ) );
else : ?>
<div class="tco-box-bg" style="background-image: url(<?php cs_tco()->admin_image( 'box-templates-unlocked-tco-box-bg.jpg' ); ?>);"></div>
  <?php endif; ?>
  </footer>
</div>

I assume it’s a false positive but thought I’d bring it up just to be sure.

alexander · March 6, 2020, 8:22pm

Looks ok to me. Did they indicate what was suspicious about it? Might be the use of an include statement.

JvP · March 9, 2020, 1:03pm

No specifics on which part exactly they found suspicious. They too think it’s just a false positive. I’ll just ignore it.

alexander · March 9, 2020, 4:16pm

Sounds good. Just let me know if there’s any more info you come across. We’ve had false positives before and sometimes we can just move something around to “dislodge” how it’s getting detected.

JvP · March 9, 2020, 7:31pm

The plugin that detected this changed how it displays suspicious code a little while ago. It used to display the entire file with the suspicious code highlighted in red and the repaired bit of code highlighted in green. It no longer does that and instead now just shows the affected bit of code. So what I shared above is the code they flagged suspicious. There’s not a specific line of code in that snippet, it’s all of it. Doesn’t help much, right?