From a6c7a483875c33f8e674dfea8df0b40bb09fcf8b Mon Sep 17 00:00:00 2001
From: Brown <github@muglug.com>
Date: Wed, 24 Jun 2020 18:43:15 -0400
Subject: [PATCH] Add support for argument unpacking

Ref #3670
---
 .../Expression/Call/ArgumentAnalyzer.php          | 15 +++++++++++++++
 tests/TaintTest.php                               |  8 ++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/Psalm/Internal/Analyzer/Statements/Expression/Call/ArgumentAnalyzer.php b/src/Psalm/Internal/Analyzer/Statements/Expression/Call/ArgumentAnalyzer.php
index 286406746..ce7d04302 100644
--- a/src/Psalm/Internal/Analyzer/Statements/Expression/Call/ArgumentAnalyzer.php
+++ b/src/Psalm/Internal/Analyzer/Statements/Expression/Call/ArgumentAnalyzer.php
@@ -343,6 +343,21 @@ class ArgumentAnalyzer
                     // fall through
                 }
 
+                if ($cased_method_id) {
+                    $arg_location = new CodeLocation($statements_analyzer->getSource(), $arg->value);
+
+                    self::processTaintedness(
+                        $statements_analyzer,
+                        $cased_method_id,
+                        $argument_offset,
+                        $arg_location,
+                        $function_call_location,
+                        $function_param,
+                        $arg_type,
+                        $specialize_taint
+                    );
+                }
+
                 return;
             }
 
diff --git a/tests/TaintTest.php b/tests/TaintTest.php
index 6f550e551..b725b9421 100644
--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@@ -1222,6 +1222,14 @@ class TaintTest extends TestCase
                     print($_GET["name"]);',
                 'error_message' => 'TaintedInput - src/somefile.php:2:27 - Detected tainted html in path: $_GET -> $_GET[\'name\'] (src/somefile.php:2:27) -> call to print (src/somefile.php:2:27) -> print#1',
             ],
+            'unpackArgs' => [
+                '<?php
+                    function test(...$args) {
+                        echo $args[0];
+                    }
+                    test(...$_GET["other"]);',
+                'error_message' => 'TaintedInput',
+            ],
         ];
     }
 }