I use NeoPI to scan my site for possible security vulnerabilities. Several files in the Mailchimp library come up in the test. This does not necessarily mean that there´s something wrong, but it advises to investigate these files.

These files show up. Could there be something wrong with these? Are they necessary for MailChimp to work correctly?

all/libraries/mailchimp/vendor/phpunit/phpunit/build/phar-manifest.php
sites/all/libraries/mailchimp/vendor/doctrine/instantiator/tests/DoctrineTest/InstantiatorTest/Exception/UnexpectedValueExceptionTest.php
sites/all/libraries/mailchimp/tests/MailchimpTest.php
sites/all/libraries/mailchimp/vendor/phpunit/phpunit/tests/Regression/GitHub/1216/bootstrap1216.php
sites/all/libraries/mailchimp/vendor/phpunit/php-code-coverage/scripts/auto_prepend.php
sites/all/libraries/mailchimp/vendor/composer/autoload_files.php
sites/all/libraries/mailchimp/vendor/autoload.php
sites/all/libraries/mailchimp/vendor/phpunit/phpunit-mock-objects/tests/bootstrap.php
sites/all/libraries/mailchimp/vendor/guzzlehttp/psr7/tests/ServerRequestTest.php
sites/all/libraries/mailchimp/vendor/sebastian/exporter/tests/ExporterTest.php
sites/all/libraries/mailchimp/vendor/guzzlehttp/psr7/tests/UriTest.php
sites/all/libraries/mailchimp/vendor/symfony/yaml/Yaml.php
sites/all/libraries/mailchimp/vendor/doctrine/instantiator/src/Doctrine/Instantiator/Exception/InvalidArgumentException.php

Comments

Jelmer85 created an issue. See original summary.

samuel.mortenson’s picture

samuel.mortenson
he/him
Primary language English
CreditAttribution: samuel.mortenson commented
Status: Active » Closed (won't fix)

@Jelmer85 From your summary none of that code is covered by the Mailchimp module, as it's all test or vendor code. If you have other security concerns about Mailchimp please go through the official channels for reporting a security issue: https://www.drupal.org/security-team/report-issue