danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-11-26 20:34:47 +01:00
Code Issues Projects Releases Wiki Activity

Fix #4769 – don’t use unique ids for new generated nodes

Browse Source
This commit is contained in:
Matt Brown 2020-12-04 15:43:12 -05:00 committed by Daniil Gentili
parent ca26acd31e
commit 309c13700d
Signed by: danog
GPG Key ID: 8C1BE3B34B230CA7
2 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Psalm/Internal/Codebase/TaintFlowGraph.php
View File

@ -222,7 +222,7 @@ class TaintFlowGraph extends DataFlowGraph
/** /**
* @param array<string> $source_taints * @param array<string> $source_taints
* @param array<DataFlowNode> $sinks * @param array<DataFlowNode> $sinks
* @return array<string, DataFlowNode> * @return list<DataFlowNode>
*/ */
private function getChildNodes( private function getChildNodes(
DataFlowNode $generated_source, DataFlowNode $generated_source,
@ -441,7 +441,7 @@ class TaintFlowGraph extends DataFlowGraph
$new_destination->specialized_calls = $generated_source->specialized_calls; $new_destination->specialized_calls = $generated_source->specialized_calls;
$new_destination->path_types = array_merge($generated_source->path_types, [$path_type]); $new_destination->path_types = array_merge($generated_source->path_types, [$path_type]);
$new_sources[$to_id] = $new_destination; $new_sources[] = $new_destination;
} }
return $new_sources; return $new_sources;
@ -459,11 +459,10 @@ class TaintFlowGraph extends DataFlowGraph
if ($source->specialization_key && isset($this->specialized_calls[$source->specialization_key])) { if ($source->specialization_key && isset($this->specialized_calls[$source->specialization_key])) {
$generated_source = clone $source; $generated_source = clone $source;
$generated_source->specialized_calls[$source->specialization_key]
= $this->specialized_calls[$source->specialization_key];
$generated_source->id = substr($source->id, 0, -strlen($source->specialization_key) - 1); $generated_source->id = substr($source->id, 0, -strlen($source->specialization_key) - 1);
$generated_source->specialized_calls[$source->specialization_key][$generated_source->id] = true;
$generated_sources[] = $generated_source; $generated_sources[] = $generated_source;
} elseif (isset($this->specializations[$source->id])) { } elseif (isset($this->specializations[$source->id])) {
foreach ($this->specializations[$source->id] as $specialization => $_) { foreach ($this->specializations[$source->id] as $specialization => $_) {

20
tests/TaintTest.php
View File

@ -1940,6 +1940,26 @@ class TaintTest extends TestCase
echo foo($_GET["foo"], false);', echo foo($_GET["foo"], false);',
'error_message' => 'TaintedHtml', 'error_message' => 'TaintedHtml',
], ],
'suppressOneCatchAnother' => [
'<?php
/** @psalm-taint-specialize */
function data(array $data, string $key) {
return $data[$key];
}
function get(string $key) {
return data($_GET, $key);
}
function post(string $key) {
return data($_POST, $key);
}
echo get("x");
/** @psalm-suppress TaintedInput */
echo post("x");',
'error_message' => 'TaintedHtml',
],
/* /*
// TODO: Stubs do not support this type of inference even with $this->message = $message. // TODO: Stubs do not support this type of inference even with $this->message = $message.
// Most uses of getMessage() would be with caught exceptions, so this is not representative of real code. // Most uses of getMessage() would be with caught exceptions, so this is not representative of real code.