danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2025-01-21 21:31:13 +01:00
Code Issues Projects Releases Wiki Activity

Add intermediary concat op node

Browse Source
This commit is contained in:
Brown 2020-05-23 21:38:09 -04:00
parent f5a0622ad2
commit a198b09eb7
3 changed files with 30 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/Psalm/Internal/Analyzer/Statements/Expression/AssignmentAnalyzer.php
View File

@ -1121,18 +1121,23 @@ class AssignmentAnalyzer
$stmt_left_type = $statements_analyzer->node_data->getType($stmt->var);
$stmt_right_type = $statements_analyzer->node_data->getType($stmt->expr);
$sources = [];
$var_location = new CodeLocation($statements_analyzer, $stmt);
if ($stmt_left_type) {
$sources = $stmt_left_type->parent_nodes ?: [];
$new_parent_node = \Psalm\Internal\Taint\TaintNode::getForAssignment($array_var_id, $var_location);
$codebase->taint->addTaintNode($new_parent_node);
$result_type->parent_nodes = [$new_parent_node];
if ($stmt_left_type && $stmt_left_type->parent_nodes) {
foreach ($stmt_left_type->parent_nodes as $parent_node) {
$codebase->taint->addPath($parent_node, $new_parent_node);
}
}
if ($stmt_right_type) {
$sources = array_merge($sources, $stmt_right_type->parent_nodes ?: []);
}
if ($sources) {
$result_type->parent_nodes = $sources;
if ($stmt_right_type && $stmt_right_type->parent_nodes) {
foreach ($stmt_right_type->parent_nodes as $parent_node) {
$codebase->taint->addPath($parent_node, $new_parent_node);
}
}
}
}

23
src/Psalm/Internal/Analyzer/Statements/Expression/BinaryOpAnalyzer.php
View File

@ -110,18 +110,23 @@ class BinaryOpAnalyzer
$stmt_left_type = $statements_analyzer->node_data->getType($stmt->left);
$stmt_right_type = $statements_analyzer->node_data->getType($stmt->right);
$sources = [];
$var_location = new CodeLocation($statements_analyzer, $stmt);
if ($stmt_left_type) {
$sources = $stmt_left_type->parent_nodes ?: [];
$new_parent_node = \Psalm\Internal\Taint\TaintNode::getForAssignment('concat', $var_location);
$codebase->taint->addTaintNode($new_parent_node);
$stmt_type->parent_nodes = [$new_parent_node];
if ($stmt_left_type && $stmt_left_type->parent_nodes) {
foreach ($stmt_left_type->parent_nodes as $parent_node) {
$codebase->taint->addPath($parent_node, $new_parent_node);
}
}
if ($stmt_right_type) {
$sources = array_merge($sources, $stmt_right_type->parent_nodes ?: []);
}
if ($sources) {
$stmt_type->parent_nodes = $sources;
if ($stmt_right_type && $stmt_right_type->parent_nodes) {
foreach ($stmt_right_type->parent_nodes as $parent_node) {
$codebase->taint->addPath($parent_node, $new_parent_node);
}
}
}

4
tests/TaintTest.php
View File

@ -282,7 +282,7 @@ class TaintTest extends TestCase
public function testTaintedInputFromParam()
{
$this->expectException(\Psalm\Exception\CodeException::class);
$this->expectExceptionMessage('TaintedInput - somefile.php:17:36 - Detected tainted sql in path: $_GET (somefile.php:4:41) -> A::getUserId (somefile.php:8:41) -> A::getAppendedUserId (somefile.php:12:35) -> $userId (somefile.php:12:25) -> A::deleteUser#2 (somefile.php:13:49) -> PDO::exec#1 (somefile.php:17:36)');
$this->expectExceptionMessage('TaintedInput - somefile.php:17:36 - Detected tainted sql in path: $_GET (somefile.php:4:41) -> A::getUserId (somefile.php:8:41) -> concat (somefile.php:8:32) -> A::getAppendedUserId (somefile.php:12:35) -> $userId (somefile.php:12:25) -> A::deleteUser#2 (somefile.php:13:49) -> concat (somefile.php:17:36) -> PDO::exec#1 (somefile.php:17:36)');
$this->project_analyzer->trackTaintedInputs();
@ -419,7 +419,7 @@ class TaintTest extends TestCase
public function testTaintedInputToParamAlternatePath()
{
$this->expectException(\Psalm\Exception\CodeException::class);
$this->expectExceptionMessage('TaintedInput - somefile.php:23:40 - Detected tainted sql in path: $_GET (somefile.php:7:63) -> A::getAppendedUserId#1 (somefile.php:7:54) -> A::getAppendedUserId (somefile.php:11:37) -> A::deleteUser#3 (somefile.php:7:29) -> PDO::exec#1 (somefile.php:23:40)');
$this->expectExceptionMessage('TaintedInput - somefile.php:23:40 - Detected tainted sql in path: $_GET (somefile.php:7:63) -> A::getAppendedUserId#1 (somefile.php:7:54) -> concat (somefile.php:12:32) -> A::getAppendedUserId (somefile.php:11:37) -> A::deleteUser#3 (somefile.php:7:29) -> concat (somefile.php:23:40) -> PDO::exec#1 (somefile.php:23:40)');
$this->project_analyzer->trackTaintedInputs();