mirror of
https://github.com/danog/psalm.git
synced 2025-01-22 05:41:20 +01:00
Handle flows into arguments a little better
This commit is contained in:
parent
1d17c02fba
commit
92a9a7efdf
@ -1146,6 +1146,43 @@ class ArgumentAnalyzer
|
|||||||
$argument_offset,
|
$argument_offset,
|
||||||
$code_location
|
$code_location
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if (strpos($cased_method_id, '::')) {
|
||||||
|
list($fq_classlike_name, $cased_method_name) = explode('::', $cased_method_id);
|
||||||
|
$method_name = strtolower($cased_method_name);
|
||||||
|
$class_storage = $codebase->classlike_storage_provider->get($fq_classlike_name);
|
||||||
|
|
||||||
|
foreach ($class_storage->dependent_classlikes as $dependent_classlike_lc => $_) {
|
||||||
|
$dependent_classlike_storage = $codebase->classlike_storage_provider->get(
|
||||||
|
$dependent_classlike_lc
|
||||||
|
);
|
||||||
|
$new_sink = TaintNode::getForMethodArgument(
|
||||||
|
$dependent_classlike_lc . '::' . $method_name,
|
||||||
|
$dependent_classlike_storage->name . '::' . $cased_method_name,
|
||||||
|
$argument_offset,
|
||||||
|
$code_location,
|
||||||
|
null
|
||||||
|
);
|
||||||
|
|
||||||
|
$codebase->taint->addTaintNode($new_sink);
|
||||||
|
$codebase->taint->addPath($method_node, $new_sink);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($class_storage->overridden_method_ids[$method_name])) {
|
||||||
|
foreach ($class_storage->overridden_method_ids[$method_name] as $parent_method_id) {
|
||||||
|
$new_sink = TaintNode::getForMethodArgument(
|
||||||
|
(string) $parent_method_id,
|
||||||
|
$codebase->methods->getCasedMethodId($parent_method_id),
|
||||||
|
$argument_offset,
|
||||||
|
$code_location,
|
||||||
|
null
|
||||||
|
);
|
||||||
|
|
||||||
|
$codebase->taint->addTaintNode($new_sink);
|
||||||
|
$codebase->taint->addPath($method_node, $new_sink);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($function_param->sinks) {
|
if ($function_param->sinks) {
|
||||||
@ -1173,55 +1210,6 @@ class ArgumentAnalyzer
|
|||||||
|
|
||||||
$codebase->taint->addTaintNode($method_node);
|
$codebase->taint->addTaintNode($method_node);
|
||||||
|
|
||||||
if (!in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
|
|
||||||
&& $input_type->parent_nodes
|
|
||||||
) {
|
|
||||||
foreach ($input_type->parent_nodes as $parent_node) {
|
|
||||||
if (strpos($parent_node->id, '::') && strpos($parent_node->id, '#')) {
|
|
||||||
list($fq_classlike_name, $method_name) = explode('::', $parent_node->id);
|
|
||||||
list(, $cased_method_name) = explode('::', $parent_node->label);
|
|
||||||
|
|
||||||
$method_name_parts = explode('#', $method_name);
|
|
||||||
list($cased_method_name) = explode('#', $cased_method_name);
|
|
||||||
|
|
||||||
$method_name = strtolower($method_name_parts[0]);
|
|
||||||
|
|
||||||
$class_storage = $codebase->classlike_storage_provider->get($fq_classlike_name);
|
|
||||||
|
|
||||||
foreach ($class_storage->dependent_classlikes as $dependent_classlike_lc => $_) {
|
|
||||||
$dependent_classlike_storage = $codebase->classlike_storage_provider->get(
|
|
||||||
$dependent_classlike_lc
|
|
||||||
);
|
|
||||||
$new_sink = TaintNode::getForMethodArgument(
|
|
||||||
$dependent_classlike_lc . '::' . $method_name,
|
|
||||||
$dependent_classlike_storage->name . '::' . $cased_method_name,
|
|
||||||
(int) $method_name_parts[1] - 1,
|
|
||||||
$code_location,
|
|
||||||
null
|
|
||||||
);
|
|
||||||
|
|
||||||
$codebase->taint->addTaintNode($new_sink);
|
|
||||||
$codebase->taint->addPath($new_sink, $method_node);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($class_storage->overridden_method_ids[$method_name])) {
|
|
||||||
foreach ($class_storage->overridden_method_ids[$method_name] as $parent_method_id) {
|
|
||||||
$new_sink = TaintNode::getForMethodArgument(
|
|
||||||
(string) $parent_method_id,
|
|
||||||
$codebase->methods->getCasedMethodId($parent_method_id),
|
|
||||||
(int) $method_name_parts[1] - 1,
|
|
||||||
$code_location,
|
|
||||||
null
|
|
||||||
);
|
|
||||||
|
|
||||||
$codebase->taint->addTaintNode($new_sink);
|
|
||||||
$codebase->taint->addPath($new_sink, $method_node);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($input_type->parent_nodes) {
|
if ($input_type->parent_nodes) {
|
||||||
foreach ($input_type->parent_nodes as $parent_node) {
|
foreach ($input_type->parent_nodes as $parent_node) {
|
||||||
$codebase->taint->addTaintNode($method_node);
|
$codebase->taint->addTaintNode($method_node);
|
||||||
|
@ -462,7 +462,7 @@ class TaintTest extends TestCase
|
|||||||
public function testTaintedInParentLoader()
|
public function testTaintedInParentLoader()
|
||||||
{
|
{
|
||||||
$this->expectException(\Psalm\Exception\CodeException::class);
|
$this->expectException(\Psalm\Exception\CodeException::class);
|
||||||
$this->expectExceptionMessage('TaintedInput - somefile.php:16:40 - Detected tainted sql in path: $_GET (somefile.php:28:39) -> C::foo#1 (somefile.php:28:30) -> AGrandChild::loadFull#1 (somefile.php:24:47) -> A::loadPartial#1 (somefile.php:16:40) -> PDO::exec#1 (somefile.php:16:40)');
|
$this->expectExceptionMessage('TaintedInput - somefile.php:16:40 - Detected tainted sql in path: $_GET (somefile.php:28:39) -> C::foo#1 (somefile.php:28:30) -> AGrandChild::loadFull#1 (somefile.php:24:47) -> A::loadFull#1 (somefile.php:24:47) -> A::loadPartial#1 (somefile.php:6:45) -> AChild::loadPartial#1 (somefile.php:6:45) -> concat (somefile.php:16:40) -> PDO::exec#1 (somefile.php:16:40)');
|
||||||
|
|
||||||
$this->project_analyzer->trackTaintedInputs();
|
$this->project_analyzer->trackTaintedInputs();
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user