New sinks for TaintedCallable #10117

2024-11-26 20:34:47 +01:00 · 2023-08-22 13:41:47 +02:00 · 2023-08-22 13:41:47 +02:00 · 72c9bf8575
commit 72c9bf8575
parent 8bfcf473b9
2 changed files with 19 additions and 0 deletions
--- a/stubs/Reflection.phpstub
+++ b/stubs/Reflection.phpstub
@ -15,6 +15,7 @@ class ReflectionClass implements Reflector {
    /**
     * @param T|class-string<T>|interface-string<T>|trait-string|enum-string<T> $argument
     * @psalm-pure
+     * @psalm-taint-sink callable $argument
     */
    public function __construct($argument) {}

@ -411,6 +412,11 @@ abstract class ReflectionFunctionAbstract implements Reflector
    /** @psalm-pure */
    public function getClosure(): Closure {}

+    /**
+     * @psalm-taint-sink callable $function
+     */
+    public function __construct(callable $function) {}
+
    /**
     * @since 8.0
     * @template TClass as object
--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@ -2488,6 +2488,19 @@ class TaintTest extends TestCase
                'code' => '<?php
                    echo pg_escape_string($conn, $_GET["a"]);',
                'error_message' => 'TaintedHtml',
+            'taintedReflectionClass' => [
+                'code' => '<?php
+                    $name = $_GET["name"];
+                    $reflector = new ReflectionClass($name);
+                    $reflector->newInstance();',
+                'error_message' => 'TaintedCallable',
+            ],
+            'taintedReflectionFunction' => [
+                'code' => '<?php
+                    $name = $_GET["name"];
+                    $function = new ReflectionFunction($name);
+                    $function->invoke();',
+                'error_message' => 'TaintedCallable',
            ],
        ];
    }