From 33228019037b833f9d043e3d06db5948e91264e8 Mon Sep 17 00:00:00 2001 From: orklah Date: Sun, 7 Nov 2021 10:17:25 +0100 Subject: [PATCH] ignore comments after taint-sink --- .../Reflector/FunctionLikeDocblockParser.php | 6 +++--- tests/TaintTest.php | 11 +++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/Psalm/Internal/PhpVisitor/Reflector/FunctionLikeDocblockParser.php b/src/Psalm/Internal/PhpVisitor/Reflector/FunctionLikeDocblockParser.php index 95c11e8f2..39709369c 100644 --- a/src/Psalm/Internal/PhpVisitor/Reflector/FunctionLikeDocblockParser.php +++ b/src/Psalm/Internal/PhpVisitor/Reflector/FunctionLikeDocblockParser.php @@ -160,10 +160,10 @@ class FunctionLikeDocblockParser if (isset($parsed_docblock->tags[$alias])) { foreach ($parsed_docblock->tags[$alias] as $offset => $param) { $line_parts = CommentAnalyzer::splitDocLine($param); - + if (count($line_parts) > 0) { $line_parts[0] = str_replace("\n", '', preg_replace('@^[ \t]*\*@m', '', $line_parts[0])); - + $info->self_out = [ 'type' => str_replace("\n", '', $line_parts[0]), 'line_number' => $comment->getStartLine() + substr_count( @@ -207,7 +207,7 @@ class FunctionLikeDocblockParser foreach ($parsed_docblock->tags['psalm-taint-sink'] as $param) { $param_parts = preg_split('/\s+/', trim($param)); - if (count($param_parts) === 2) { + if (count($param_parts) >= 2) { $info->taint_sink_params[] = ['name' => $param_parts[1], 'taint' => $param_parts[0]]; } } diff --git a/tests/TaintTest.php b/tests/TaintTest.php index cdad661d1..21a1a3be7 100644 --- a/tests/TaintTest.php +++ b/tests/TaintTest.php @@ -2237,6 +2237,17 @@ class TaintTest extends TestCase ', 'error_message' => 'TaintedSql', ], + 'taintSinkWithComments' => [ + ' 'TaintedHtml', + ], ]; }