1
0
mirror of https://github.com/danog/psalm.git synced 2024-11-30 04:39:00 +01:00

Mark print() statement as the same sink type as echo (#3669)

This commit is contained in:
Tyson Andre 2020-06-24 17:23:16 -04:00 committed by GitHub
parent de85e7c539
commit 1670848267
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 0 deletions

View File

@ -4,6 +4,7 @@ namespace Psalm\Internal\Analyzer\Statements\Expression;
use PhpParser;
use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
use Psalm\Internal\Analyzer\StatementsAnalyzer;
use Psalm\Internal\Taint\Sink;
use Psalm\CodeLocation;
use Psalm\Context;
use Psalm\Issue\ForbiddenCode;
@ -24,6 +25,28 @@ class PrintAnalyzer
return false;
}
if ($codebase->taint
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) {
$call_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
$print_param_sink = Sink::getForMethodArgument(
'print',
'print',
0,
null,
$call_location
);
$print_param_sink->taints = [
Type\TaintKind::INPUT_HTML,
Type\TaintKind::USER_SECRET,
Type\TaintKind::SYSTEM_SECRET
];
$codebase->taint->addSink($print_param_sink);
}
if ($stmt_expr_type = $statements_analyzer->node_data->getType($stmt->expr)) {
if (Call\ArgumentAnalyzer::verifyType(
$statements_analyzer,

View File

@ -1878,4 +1878,20 @@ class TaintTest extends TestCase
$this->analyzeFile('somefile.php', new Context());
}
public function testTaintedInstancePrint() : void
{
$this->expectException(\Psalm\Exception\CodeException::class);
$this->expectExceptionMessage('TaintedInput - somefile.php:2:23 - Detected tainted html in path: $_GET -> $_GET[\'name\'] (somefile.php:2:23) -> call to print (somefile.php:2:23) -> print#1');
$this->project_analyzer->trackTaintedInputs();
$this->addFile(
'somefile.php',
'<?php
print($_GET["name"]);'
);
$this->analyzeFile('somefile.php', new Context());
}
}