danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2025-01-21 21:31:13 +01:00
Code Issues Projects Releases Wiki Activity

Taint all when conditional return is used

Browse Source 
Ref #4792
This commit is contained in:
Matt Brown 2020-12-06 11:24:48 -05:00
parent 4d1aae43f9
commit 9c0e9a3d7e
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Psalm/Internal/Analyzer/Statements/Expression/Call/FunctionCallReturnTypeFetcher.php
View File

@ -512,8 +512,10 @@ class FunctionCallReturnTypeFetcher
true
);
foreach ($expanded_type->getLiteralStrings() as $literal_string) {
$conditionally_removed_taints[] = $literal_string->value;
if (!$expanded_type->isNullable()) {
foreach ($expanded_type->getLiteralStrings() as $literal_string) {
$conditionally_removed_taints[] = $literal_string->value;
}
}
}

21
tests/TaintTest.php
View File

@ -1975,6 +1975,27 @@ class TaintTest extends TestCase
echo get("x");',
'error_message' => 'TaintedHtml',
],
'conditionallyEscapedTaintsAll' => [
'<?php
/** @psalm-taint-escape ($type is "int" ? "html" : null) */
function cast(mixed $value, string $type): mixed
{
if ("int" === $type) {
return (int) $value;
}
return (string) $value;
}
/** @psalm-taint-specialize */
function data(array $data, string $key, string $type) {
return cast($data[$key], $type);
}
// technically a false-positive, but desired behaviour in lieu
// of better information
echo data($_GET, "x", "int");',
'error_message' => 'TaintedHtml',
],
/*
// TODO: Stubs do not support this type of inference even with $this->message = $message.
// Most uses of getMessage() would be with caught exceptions, so this is not representative of real code.