danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-02 09:37:59 +01:00
Code Issues Projects Releases Wiki Activity

Improve docs

Browse Source
This commit is contained in:
Brown 2020-06-21 01:02:00 -04:00
parent dc83c2e2fc
commit 5e9dc9520e
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
docs/security_analysis/custom_taint_sources.md
View File

@ -1,6 +1,21 @@
# Custom Taint Sources # Custom Taint Sources
You can define your own taint sources with a plugin. You can define your own taint sources with an annotation or a plugin.
## Custom taint sourcce annotation
You can use the annotation `@psalm-taint-source <taint-type>` to indicate a function or method that provides user input.
In the below example the `input` taint type is specified as a standin for the four input taints `text`, `html`, `sql` and `shell`.
```php
/**
* @psalm-taint-source input
*/
function getQueryParam(string $name) : string {}
```
## Custom taint plugin
For example this plugin treats all variables named `$bad_data` as taint sources. For example this plugin treats all variables named `$bad_data` as taint sources.