mirror of
https://github.com/danog/psalm-plugin-laravel.git
synced 2024-12-03 18:17:53 +01:00
37 lines
1.2 KiB
Gherkin
37 lines
1.2 KiB
Gherkin
|
Feature: taint
|
||
|
|
Want to check that taint analysis works properly
|
||
|
|
|
||
|
|
Background:
|
||
|
|
Given I have the following config
|
||
|
|
"""
|
||
|
|
<?xml version="1.0"?>
|
||
|
|
<psalm totallyTyped="false">
|
||
|
|
<projectFiles>
|
||
|
|
<directory name="."/>
|
||
|
|
<ignoreFiles> <directory name="../../vendor"/> </ignoreFiles>
|
||
|
|
</projectFiles>
|
||
|
|
<plugins>
|
||
|
|
<pluginClass class="Psalm\LaravelPlugin\Plugin"/>
|
||
|
|
</plugins>
|
||
|
|
</psalm>
|
||
|
|
"""
|
||
|
|
|
||
|
|
Scenario: input returns various types
|
||
|
|
Given I have the following code
|
||
|
|
"""
|
||
|
|
<?php declare(strict_types=1);
|
||
|
|
|
||
|
|
namespace Tests\Psalm\LaravelPlugin\Sandbox;
|
||
|
|
|
||
|
|
use \Illuminate\Http\Request;
|
||
|
|
use Illuminate\Support\Facades\DB;
|
||
|
|
|
||
|
|
function test(Request $request): void {
|
||
|
|
$input = $request->input('foo', false);
|
||
|
|
DB::raw($input);
|
||
|
|
}
|
||
|
|
"""
|
||
|
|
When I run Psalm with taint analysis
|
||
|
|
Then I see these errors
|
||
|
|
| TaintedInput | Detected tainted sql in path: Illuminate\Http\Request::input (/Users/brownma/Desktop/git/laravel-psalm-plugin/src/Stubs/InteractsWithInput.stubphp:22:21) -> $input (somefile.php:9:3) -> Illuminate\Support\Facades\DB::raw#1 (/Users/brownma/Desktop/git/laravel-psalm-plugin/src/Stubs/DBFacade.stubphp:15:25) |
|