Merge pull request #6810 from orklah/castArrayTaints

Array cast pass taints
2024-11-27 04:45:20 +01:00 · 2021-11-04 13:17:20 +01:00 · 2021-11-04 13:17:20 +01:00 · bf993452a8
commit bf993452a8
parent c2b14e2f39 24137bdbad
2 changed files with 11 additions and 2 deletions
--- a/src/Psalm/Internal/Analyzer/Statements/Expression/CastAnalyzer.php
+++ b/src/Psalm/Internal/Analyzer/Statements/Expression/CastAnalyzer.php
@ -232,8 +232,7 @@ class CastAnalyzer
                $type = Type::getArray();
            }

-            if ($statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\VariableUseGraph
-            ) {
+            if ($statements_analyzer->data_flow_graph) {
                $type->parent_nodes = $stmt_expr_type->parent_nodes ?? [];
            }

--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@ -2190,6 +2190,16 @@ class TaintTest extends TestCase
                'error_message' => 'TaintedHtml',
            ],
            */
+            'castToArrayPassTaints' => [
+                '<?php
+                    $args = $_POST;
+
+                    $args = (array) $args;
+
+                    pg_query($connection, "SELECT * FROM tableA where key = " .$args["key"]);
+                    ',
+                'error_message' => 'TaintedSql',
+            ],
        ];
    }