danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-11-30 04:39:00 +01:00
Code Issues Projects Releases Wiki Activity

Improve file-based suppression of taints

Browse Source
This commit is contained in:
Brown 2020-09-20 19:37:25 -04:00 committed by Daniil Gentili
parent dbe4b4c708
commit b9c33aaa03
Signed by: danog
GPG Key ID: 8C1BE3B34B230CA7
21 changed files with 15 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Psalm/Internal/Analyzer/Statements/EchoAnalyzer.php
View File

@ -46,9 +46,7 @@ class EchoAnalyzer
); );
} }
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph) {
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) {
$call_location = new CodeLocation($statements_analyzer->getSource(), $stmt); $call_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
$echo_param_sink = Sink::getForMethodArgument( $echo_param_sink = Sink::getForMethodArgument(

1
src/Psalm/Internal/Analyzer/Statements/Expression/ArrayAnalyzer.php
View File

@ -203,7 +203,6 @@ class ArrayAnalyzer
} }
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
if ($item_value_type = $statements_analyzer->node_data->getType($item->value)) { if ($item_value_type = $statements_analyzer->node_data->getType($item->value)) {

6
src/Psalm/Internal/Analyzer/Statements/Expression/Assignment/InstancePropertyAssignmentAnalyzer.php
View File

@ -1147,11 +1147,7 @@ class InstancePropertyAssignmentAnalyzer
Type\Union $assignment_value_type, Type\Union $assignment_value_type,
Context $context Context $context
) : void { ) : void {
$codebase = $statements_analyzer->getCodebase(); if (!$statements_analyzer->taint_graph) {
if (!$statements_analyzer->taint_graph
|| !$codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) {
return; return;
} }

5
src/Psalm/Internal/Analyzer/Statements/Expression/AssignmentAnalyzer.php
View File

@ -878,9 +878,7 @@ class AssignmentAnalyzer
return $context->vars_in_scope[$var_id]; return $context->vars_in_scope[$var_id];
} }
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph) {
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) {
$taint_graph = $statements_analyzer->taint_graph; $taint_graph = $statements_analyzer->taint_graph;
if ($context->vars_in_scope[$var_id]->parent_nodes) { if ($context->vars_in_scope[$var_id]->parent_nodes) {
@ -1200,7 +1198,6 @@ class AssignmentAnalyzer
$statements_analyzer->node_data->setType($stmt, clone $context->vars_in_scope[$array_var_id]); $statements_analyzer->node_data->setType($stmt, clone $context->vars_in_scope[$array_var_id]);
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
$stmt_left_type = $statements_analyzer->node_data->getType($stmt->var); $stmt_left_type = $statements_analyzer->node_data->getType($stmt->var);

3
src/Psalm/Internal/Analyzer/Statements/Expression/BinaryOpAnalyzer.php
View File

@ -104,10 +104,7 @@ class BinaryOpAnalyzer
$stmt_type = $result_type; $stmt_type = $result_type;
} }
$codebase = $statements_analyzer->getCodebase();
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
$stmt_left_type = $statements_analyzer->node_data->getType($stmt->left); $stmt_left_type = $statements_analyzer->node_data->getType($stmt->left);

1
src/Psalm/Internal/Analyzer/Statements/Expression/Call/ArgumentAnalyzer.php
View File

@ -1220,7 +1220,6 @@ class ArgumentAnalyzer
$codebase = $statements_analyzer->getCodebase(); $codebase = $statements_analyzer->getCodebase();
if (!$statements_analyzer->taint_graph if (!$statements_analyzer->taint_graph
|| !$codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
|| \in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) || \in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
return $input_type; return $input_type;

3
src/Psalm/Internal/Analyzer/Statements/Expression/Call/FunctionCallAnalyzer.php
View File

@ -1059,10 +1059,7 @@ class FunctionCallAnalyzer extends CallAnalyzer
FunctionLikeStorage $function_storage, FunctionLikeStorage $function_storage,
Type\Union $stmt_type Type\Union $stmt_type
) : void { ) : void {
$codebase = $statements_analyzer->getCodebase();
if (!$statements_analyzer->taint_graph if (!$statements_analyzer->taint_graph
|| !$codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
|| \in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) || \in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
return; return;

1
src/Psalm/Internal/Analyzer/Statements/Expression/Call/Method/MethodCallReturnTypeFetcher.php
View File

@ -228,7 +228,6 @@ class MethodCallReturnTypeFetcher
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph
&& $declaring_method_id && $declaring_method_id
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
$method_storage = $codebase->methods->getStorage( $method_storage = $codebase->methods->getStorage(

1
src/Psalm/Internal/Analyzer/Statements/Expression/Call/NewAnalyzer.php
View File

@ -641,7 +641,6 @@ class NewAnalyzer extends \Psalm\Internal\Analyzer\Statements\Expression\CallAna
} }
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
&& ($stmt_type = $statements_analyzer->node_data->getType($stmt)) && ($stmt_type = $statements_analyzer->node_data->getType($stmt))
) { ) {

3
src/Psalm/Internal/Analyzer/Statements/Expression/Call/StaticCallAnalyzer.php
View File

@ -1423,10 +1423,7 @@ class StaticCallAnalyzer extends CallAnalyzer
Type\Union $return_type_candidate, Type\Union $return_type_candidate,
?\Psalm\Storage\MethodStorage $method_storage ?\Psalm\Storage\MethodStorage $method_storage
) : void { ) : void {
$codebase = $statements_analyzer->getCodebase();
if (!$statements_analyzer->taint_graph if (!$statements_analyzer->taint_graph
|| !$codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
|| \in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) || \in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
return; return;

3
src/Psalm/Internal/Analyzer/Statements/Expression/EncapsulatedStringAnalyzer.php
View File

@ -15,8 +15,6 @@ class EncapsulatedStringAnalyzer
PhpParser\Node\Scalar\Encapsed $stmt, PhpParser\Node\Scalar\Encapsed $stmt,
Context $context Context $context
) : bool { ) : bool {
$codebase = $statements_analyzer->getCodebase();
$stmt_type = Type::getString(); $stmt_type = Type::getString();
foreach ($stmt->parts as $part) { foreach ($stmt->parts as $part) {
@ -35,7 +33,6 @@ class EncapsulatedStringAnalyzer
); );
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
$var_location = new CodeLocation($statements_analyzer, $part); $var_location = new CodeLocation($statements_analyzer, $part);

3
src/Psalm/Internal/Analyzer/Statements/Expression/EvalAnalyzer.php
View File

@ -23,11 +23,8 @@ class EvalAnalyzer
$expr_type = $statements_analyzer->node_data->getType($stmt->expr); $expr_type = $statements_analyzer->node_data->getType($stmt->expr);
if ($expr_type) { if ($expr_type) {
$codebase = $statements_analyzer->getCodebase();
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph
&& $expr_type->parent_nodes && $expr_type->parent_nodes
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
$arg_location = new CodeLocation($statements_analyzer->getSource(), $stmt->expr); $arg_location = new CodeLocation($statements_analyzer->getSource(), $stmt->expr);

6
src/Psalm/Internal/Analyzer/Statements/Expression/ExitAnalyzer.php
View File

@ -27,11 +27,7 @@ class ExitAnalyzer
return false; return false;
} }
$codebase = $statements_analyzer->getCodebase(); if ($statements_analyzer->taint_graph) {
if ($statements_analyzer->taint_graph
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) {
$call_location = new CodeLocation($statements_analyzer->getSource(), $stmt); $call_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
$echo_param_sink = Sink::getForMethodArgument( $echo_param_sink = Sink::getForMethodArgument(

3
src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/ArrayFetchAnalyzer.php
View File

@ -312,12 +312,9 @@ class ArrayFetchAnalyzer
Type\Union $stmt_type, Type\Union $stmt_type,
Type\Union $offset_type Type\Union $offset_type
) : void { ) : void {
$codebase = $statements_analyzer->getCodebase();
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph
&& ($stmt_var_type = $statements_analyzer->node_data->getType($var)) && ($stmt_var_type = $statements_analyzer->node_data->getType($var))
&& $stmt_var_type->parent_nodes && $stmt_var_type->parent_nodes
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) { ) {
if (\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())) { if (\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())) {
$stmt_var_type->parent_nodes = []; $stmt_var_type->parent_nodes = [];

6
src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/InstancePropertyFetchAnalyzer.php
View File

@ -1193,11 +1193,7 @@ class InstancePropertyFetchAnalyzer
\Psalm\Storage\ClassLikeStorage $class_storage, \Psalm\Storage\ClassLikeStorage $class_storage,
bool $in_assignment bool $in_assignment
) : void { ) : void {
$codebase = $statements_analyzer->getCodebase(); if (!$statements_analyzer->taint_graph) {
if (!$statements_analyzer->taint_graph
|| !$codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) {
return; return;
} }

3
src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/VariableFetchAnalyzer.php
View File

@ -393,10 +393,7 @@ class VariableFetchAnalyzer
Type\Union $type, Type\Union $type,
PhpParser\Node\Expr\Variable $stmt PhpParser\Node\Expr\Variable $stmt
) : void { ) : void {
$codebase = $statements_analyzer->getCodebase();
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
if ($var_name === '$_GET' if ($var_name === '$_GET'

1
src/Psalm/Internal/Analyzer/Statements/Expression/IncludeAnalyzer.php
View File

@ -104,7 +104,6 @@ class IncludeAnalyzer
if ($stmt_expr_type if ($stmt_expr_type
&& $statements_analyzer->taint_graph && $statements_analyzer->taint_graph
&& $stmt_expr_type->parent_nodes && $stmt_expr_type->parent_nodes
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) { ) {
$arg_location = new CodeLocation($statements_analyzer->getSource(), $stmt->expr); $arg_location = new CodeLocation($statements_analyzer->getSource(), $stmt->expr);

4
src/Psalm/Internal/Analyzer/Statements/Expression/PrintAnalyzer.php
View File

@ -25,9 +25,7 @@ class PrintAnalyzer
return false; return false;
} }
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph) {
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) {
$call_location = new CodeLocation($statements_analyzer->getSource(), $stmt); $call_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
$print_param_sink = Sink::getForMethodArgument( $print_param_sink = Sink::getForMethodArgument(

4
src/Psalm/Internal/Analyzer/Statements/ReturnAnalyzer.php
View File

@ -189,9 +189,7 @@ class ReturnAnalyzer
$source->getParentFQCLN() $source->getParentFQCLN()
); );
if ($statements_analyzer->taint_graph if ($statements_analyzer->taint_graph) {
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) {
self::handleTaints( self::handleTaints(
$statements_analyzer, $statements_analyzer,
$stmt, $stmt,

10
src/Psalm/Internal/Analyzer/StatementsAnalyzer.php
View File

@ -135,7 +135,9 @@ class StatementsAnalyzer extends SourceAnalyzer implements StatementsSource
$this->file_analyzer = $source->getFileAnalyzer(); $this->file_analyzer = $source->getFileAnalyzer();
$this->codebase = $source->getCodebase(); $this->codebase = $source->getCodebase();
$this->node_data = $node_data; $this->node_data = $node_data;
$this->taint_graph = $this->codebase->taint_graph ? new TaintGraph() : null; $this->taint_graph = $this->codebase->taint_graph
? new TaintGraph()
: null;
} }
/** /**
@ -191,7 +193,11 @@ class StatementsAnalyzer extends SourceAnalyzer implements StatementsSource
} }
} }
if ($root_scope && $this->taint_graph && $this->codebase->taint_graph) { if ($root_scope
&& $this->taint_graph
&& $this->codebase->taint_graph
&& $codebase->config->trackTaintsInPath($this->getFilePath())
) {
$this->codebase->taint_graph->addGraph($this->taint_graph); $this->codebase->taint_graph->addGraph($this->taint_graph);
} }

3
src/Psalm/Internal/Provider/ReturnTypeProvider/FilterVarReturnTypeProvider.php
View File

@ -118,10 +118,7 @@ class FilterVarReturnTypeProvider implements \Psalm\Plugin\Hook\FunctionReturnTy
$filter_type = Type::getMixed(); $filter_type = Type::getMixed();
} }
$codebase = $statements_source->getCodebase();
if ($statements_source->taint_graph if ($statements_source->taint_graph
&& $codebase->config->trackTaintsInPath($statements_source->getFilePath())
&& !\in_array('TaintedInput', $statements_source->getSuppressedIssues()) && !\in_array('TaintedInput', $statements_source->getSuppressedIssues())
) { ) {
$function_return_sink = TaintNode::getForMethodReturn( $function_return_sink = TaintNode::getForMethodReturn(