2020-05-25 19:10:06 +02:00
|
|
|
|
<?php
|
|
|
|
|
|
2021-12-13 16:28:14 +01:00
|
|
|
|
use Psalm\Type\TaintKind;
|
|
|
|
|
|
2020-05-25 19:10:06 +02:00
|
|
|
|
// This maps internal function names to sink types that we don’t want to end up there
|
|
|
|
|
|
2020-11-20 01:27:40 +01:00
|
|
|
|
/**
|
2021-12-13 16:28:14 +01:00
|
|
|
|
* @var array<string, list<list<TaintKind::*>>>
|
2020-11-20 01:27:40 +01:00
|
|
|
|
*/
|
2020-05-25 19:10:06 +02:00
|
|
|
|
return [
|
|
|
|
|
'exec' => [['shell']],
|
2020-11-20 15:56:45 +01:00
|
|
|
|
'create_function' => [[], ['eval']],
|
2020-11-19 23:47:29 +01:00
|
|
|
|
'file_get_contents' => [['file']],
|
|
|
|
|
'file_put_contents' => [['file']],
|
|
|
|
|
'fopen' => [['file']],
|
|
|
|
|
'unlink' => [['file']],
|
|
|
|
|
'copy' => [['file'], ['file']],
|
|
|
|
|
'file' => [['file']],
|
|
|
|
|
'link' => [['file'], ['file']],
|
|
|
|
|
'mkdir' => [['file']],
|
|
|
|
|
'move_uploaded_file' => [['file'], ['file']],
|
|
|
|
|
'parse_ini_file' => [['file']],
|
|
|
|
|
'chown' => [['file']],
|
|
|
|
|
'lchown' => [['file']],
|
|
|
|
|
'readfile' => [['file']],
|
|
|
|
|
'rename' => [['file'], ['file']],
|
2020-11-25 22:45:53 +01:00
|
|
|
|
'rmdir' => [['file']],
|
2020-11-19 23:47:29 +01:00
|
|
|
|
'header' => [['header']],
|
|
|
|
|
'symlink' => [['file']],
|
|
|
|
|
'tempnam' => [['file']],
|
2020-11-17 18:44:31 +01:00
|
|
|
|
'igbinary_unserialize' => [['unserialize']],
|
2020-11-18 17:39:36 +01:00
|
|
|
|
'ldap_search' => [[], ['ldap'], ['ldap']],
|
2020-05-29 06:24:07 +02:00
|
|
|
|
'mysqli_query' => [[], ['sql']],
|
2020-09-08 17:54:23 +02:00
|
|
|
|
'mysqli::query' => [['sql']],
|
|
|
|
|
'mysqli_real_query' => [[], ['sql']],
|
|
|
|
|
'mysqli::real_query' => [['sql']],
|
|
|
|
|
'mysqli_multi_query' => [[], ['sql']],
|
|
|
|
|
'mysqli::multi_query' => [['sql']],
|
|
|
|
|
'mysqli_prepare' => [[], ['sql']],
|
|
|
|
|
'mysqli::prepare' => [['sql']],
|
|
|
|
|
'mysqli_stmt::__construct' => [[], ['sql']],
|
|
|
|
|
'mysqli_stmt_prepare' => [[], ['sql']],
|
|
|
|
|
'mysqli_stmt::prepare' => [['sql']],
|
2020-05-25 19:10:06 +02:00
|
|
|
|
'passthru' => [['shell']],
|
|
|
|
|
'pcntl_exec' => [['shell']],
|
|
|
|
|
'PDO::prepare' => [['sql']],
|
|
|
|
|
'PDO::query' => [['sql']],
|
|
|
|
|
'PDO::exec' => [['sql']],
|
2020-08-19 16:41:02 +02:00
|
|
|
|
'pg_exec' => [[], ['sql']],
|
|
|
|
|
'pg_prepare' => [[], [], ['sql']],
|
|
|
|
|
'pg_put_line' => [[], ['sql']],
|
|
|
|
|
'pg_query' => [[], ['sql']],
|
|
|
|
|
'pg_query_params' => [[], ['sql']],
|
|
|
|
|
'pg_send_prepare' => [[], [], ['sql']],
|
|
|
|
|
'pg_send_query' => [[], ['sql']],
|
|
|
|
|
'pg_send_query_params' => [[], ['sql'], []],
|
2020-11-19 23:47:29 +01:00
|
|
|
|
'setcookie' => [['cookie'], ['cookie']],
|
2020-05-25 19:10:06 +02:00
|
|
|
|
'shell_exec' => [['shell']],
|
|
|
|
|
'system' => [['shell']],
|
2020-11-17 18:44:31 +01:00
|
|
|
|
'unserialize' => [['unserialize']],
|
2020-11-16 21:04:22 +01:00
|
|
|
|
'popen' => [['shell']],
|
|
|
|
|
'proc_open' => [['shell']],
|
2020-11-18 06:52:48 +01:00
|
|
|
|
'curl_init' => [['ssrf']],
|
|
|
|
|
'curl_setopt' => [[], [], ['ssrf']],
|
2020-05-25 19:10:06 +02:00
|
|
|
|
];
|