Fix #4620 - reconciled literal strings cannot carry taints

2024-11-27 12:55:26 +01:00 · 2020-11-19 09:06:15 -05:00 · 2020-11-19 09:06:15 -05:00 · 7c02fa76d1
commit 7c02fa76d1
parent 20c78ae29b
2 changed files with 15 additions and 1 deletions
--- a/src/Psalm/Type/Reconciler.php
+++ b/src/Psalm/Type/Reconciler.php
@ -309,7 +309,8 @@ class Reconciler
            }

            if (($statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\TaintFlowGraph
-                    && (!$result_type->hasScalarType()) || $result_type->hasString())
+                    && (!$result_type->hasScalarType())
+                        || ($result_type->hasString() && !$result_type->hasLiteralString()))
                || $statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\VariableUseGraph
            ) {
                if ($before_adjustment && $before_adjustment->parent_nodes) {
--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@ -544,6 +544,19 @@ class TaintTest extends TestCase
                    $a = new A("bar");
                    echo $a->getTaint();',
            ],
+            'literalStringCannotCarryTaint' => [
+                '<?php
+                    $file = $_GET["foo"];
+
+                    if ($file !== "") {
+                        /**
+                         * @psalm-taint-escape input
+                         */
+                        $file = basename($file);
+                    }
+
+                    echo $file;'
+            ],
        ];
    }