Fix #3715 - unserialize is a taint sink

2024-11-27 04:45:20 +01:00 · 2020-06-29 17:54:47 -04:00 · 2020-06-29 17:54:47 -04:00 · 7288dfc620
commit 7288dfc620
parent 7253e01000
1 changed files with 2 additions and 0 deletions
--- a/src/Psalm/Internal/InternalTaintSinkMap.php
+++ b/src/Psalm/Internal/InternalTaintSinkMap.php
@ -8,6 +8,7 @@ return [
 'file_put_contents' => [['shell']],
 'fopen' => [['shell']],
 'header' => [['text']],
+'igbinary_unserialize' => [['text']],
 'ldap_search' => [['text']],
 'mysqli_query' => [[], ['sql']],
 'passthru' => [['shell']],
@ -19,4 +20,5 @@ return [
 'setcookie' => [['text'], ['text']],
 'shell_exec' => [['shell']],
 'system' => [['shell']],
+'unserialize' => [['text']],
 ];