ignore comments after taint-sink

2024-11-27 04:45:20 +01:00 · 2021-11-07 10:17:25 +01:00 · 2021-11-07 10:17:25 +01:00 · 3322801903
commit 3322801903
parent f327c986d0
2 changed files with 14 additions and 3 deletions
--- a/src/Psalm/Internal/PhpVisitor/Reflector/FunctionLikeDocblockParser.php
+++ b/src/Psalm/Internal/PhpVisitor/Reflector/FunctionLikeDocblockParser.php
@ -160,10 +160,10 @@ class FunctionLikeDocblockParser
            if (isset($parsed_docblock->tags[$alias])) {
                foreach ($parsed_docblock->tags[$alias] as $offset => $param) {
                    $line_parts = CommentAnalyzer::splitDocLine($param);
-    
+
                    if (count($line_parts) > 0) {
                        $line_parts[0] = str_replace("\n", '', preg_replace('@^[ \t]*\*@m', '', $line_parts[0]));
-    
+
                        $info->self_out = [
                            'type' => str_replace("\n", '', $line_parts[0]),
                            'line_number' => $comment->getStartLine() + substr_count(
@ -207,7 +207,7 @@ class FunctionLikeDocblockParser
            foreach ($parsed_docblock->tags['psalm-taint-sink'] as $param) {
                $param_parts = preg_split('/\s+/', trim($param));

-                if (count($param_parts) === 2) {
+                if (count($param_parts) >= 2) {
                    $info->taint_sink_params[] = ['name' => $param_parts[1], 'taint' => $param_parts[0]];
                }
            }
--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@ -2237,6 +2237,17 @@ class TaintTest extends TestCase
                    ',
                'error_message' => 'TaintedSql',
            ],
+            'taintSinkWithComments' => [
+                '<?php
+
+                    /**
+                     * @psalm-taint-sink html $sink
+                     *
+                     * Not working
+                     */
+                    function sinkNotWorking($sink) : string {}',
+                'error_message' => 'TaintedHtml',
+            ],
        ];
    }