mirror of
https://github.com/danog/psalm.git
synced 2024-11-26 12:24:49 +01:00
Document more taint types (#4704)
* Document more taint types Taken from the TaintKind enum * Add more of a description Co-authored-by: Matthew Brown <github@muglug.com>
This commit is contained in:
Markus Staab
parent
2a56a3a0c9
commit
86af28aa31
GPG Key ID:
8C1BE3B34B230CA7
@ -24,9 +24,17 @@ Example sinks:
|
||||
Psalm recognises a number of taint types by default, defined in the [Psalm\Type\TaintKind](https://github.com/vimeo/psalm/blob/master/src/Psalm/Type/TaintKind.php) class:
|
||||
|
||||
- `sql` - used for strings that could contain SQL
|
||||
- `ldap` - used for strings that could contain a ldap DN or filter
|
||||
- `html` - used for strings that could contain angle brackets or unquoted strings
|
||||
- `shell` - used for strings that could contain shell commands
|
||||
- `callable` - used for callable strings that could be user-controlled
|
||||
- `unserialize` - used for strings that could contain a serialized string
|
||||
- `include` - used for strings that could contain a path beeing included
|
||||
- `eval` - used for strings that could contain code
|
||||
- `ssrf` - used for strings that could contain text passed to Curl or similar
|
||||
- `file` - used for strings that could contain a path
|
||||
- `cookie` - used for strings that could contain a http cookie
|
||||
- `header` - used for strings that could contain a http header
|
||||
- `user_secret` - used for strings that could contain user-supplied secrets
|
||||
- `system_secret` - used for strings that could contain system secrets
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user