1
0
mirror of https://github.com/danog/psalm.git synced 2024-11-30 04:39:00 +01:00
psalm/docs/security_analysis/custom_taint_sinks.md

21 lines
501 B
Markdown
Raw Normal View History

2020-06-19 17:56:04 +02:00
# Custom Taint Sinks
2020-06-19 17:57:34 +02:00
The `@psalm-taint-sink <taint-type> <param-name>` annotation allows you to define a taint sink.
Any tainted value matching the given [taint type](index.md#taint-types) will be reported as an error by Psalm.
### Example
Here the `PDOWrapper` class has an `exec` method that should not receive tainted SQL, so we can prevent its insertion:
2020-06-19 17:56:04 +02:00
```php
<?php
class PDOWrapper {
/**
* @psalm-taint-sink sql $sql
*/
public function exec(string $sql) : void {}
}
```