danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2025-01-22 22:01:48 +01:00
Code Issues Projects Releases Wiki Activity

Fix #4620 - reconciled literal strings cannot carry taints

Browse Source
This commit is contained in:
Matt Brown 2020-11-19 09:06:15 -05:00 committed by Daniil Gentili
parent f969b01db4
commit 43187a0e19
Signed by: danog
GPG Key ID: 8C1BE3B34B230CA7
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Psalm/Type/Reconciler.php
View File

@ -309,7 +309,8 @@ class Reconciler
} }
if (($statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\TaintFlowGraph if (($statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\TaintFlowGraph
&& (!$result_type->hasScalarType()) || $result_type->hasString()) && (!$result_type->hasScalarType())
|| ($result_type->hasString() && !$result_type->hasLiteralString()))
|| $statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\VariableUseGraph || $statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\VariableUseGraph
) { ) {
if ($before_adjustment && $before_adjustment->parent_nodes) { if ($before_adjustment && $before_adjustment->parent_nodes) {

13
tests/TaintTest.php
View File

@ -544,6 +544,19 @@ class TaintTest extends TestCase
$a = new A("bar"); $a = new A("bar");
echo $a->getTaint();', echo $a->getTaint();',
], ],
'literalStringCannotCarryTaint' => [
'<?php
$file = $_GET["foo"];
if ($file !== "") {
/**
* @psalm-taint-escape input
*/
$file = basename($file);
}
echo $file;'
],
]; ];
} }