mirror of
https://github.com/danog/psalm.git
synced 2024-11-27 04:45:20 +01:00
Fix #4769 – don’t use unique ids for new generated nodes
This commit is contained in:
parent
9f9b090f6a
commit
fd67d41120
@ -222,7 +222,7 @@ class TaintFlowGraph extends DataFlowGraph
|
||||
/**
|
||||
* @param array<string> $source_taints
|
||||
* @param array<DataFlowNode> $sinks
|
||||
* @return array<string, DataFlowNode>
|
||||
* @return list<DataFlowNode>
|
||||
*/
|
||||
private function getChildNodes(
|
||||
DataFlowNode $generated_source,
|
||||
@ -441,7 +441,7 @@ class TaintFlowGraph extends DataFlowGraph
|
||||
$new_destination->specialized_calls = $generated_source->specialized_calls;
|
||||
$new_destination->path_types = array_merge($generated_source->path_types, [$path_type]);
|
||||
|
||||
$new_sources[$to_id] = $new_destination;
|
||||
$new_sources[] = $new_destination;
|
||||
}
|
||||
|
||||
return $new_sources;
|
||||
@ -459,11 +459,10 @@ class TaintFlowGraph extends DataFlowGraph
|
||||
if ($source->specialization_key && isset($this->specialized_calls[$source->specialization_key])) {
|
||||
$generated_source = clone $source;
|
||||
|
||||
$generated_source->specialized_calls[$source->specialization_key]
|
||||
= $this->specialized_calls[$source->specialization_key];
|
||||
|
||||
$generated_source->id = substr($source->id, 0, -strlen($source->specialization_key) - 1);
|
||||
|
||||
$generated_source->specialized_calls[$source->specialization_key][$generated_source->id] = true;
|
||||
|
||||
$generated_sources[] = $generated_source;
|
||||
} elseif (isset($this->specializations[$source->id])) {
|
||||
foreach ($this->specializations[$source->id] as $specialization => $_) {
|
||||
|
@ -1940,6 +1940,26 @@ class TaintTest extends TestCase
|
||||
echo foo($_GET["foo"], false);',
|
||||
'error_message' => 'TaintedHtml',
|
||||
],
|
||||
'suppressOneCatchAnother' => [
|
||||
'<?php
|
||||
/** @psalm-taint-specialize */
|
||||
function data(array $data, string $key) {
|
||||
return $data[$key];
|
||||
}
|
||||
|
||||
function get(string $key) {
|
||||
return data($_GET, $key);
|
||||
}
|
||||
|
||||
function post(string $key) {
|
||||
return data($_POST, $key);
|
||||
}
|
||||
|
||||
echo get("x");
|
||||
/** @psalm-suppress TaintedInput */
|
||||
echo post("x");',
|
||||
'error_message' => 'TaintedHtml',
|
||||
],
|
||||
/*
|
||||
// TODO: Stubs do not support this type of inference even with $this->message = $message.
|
||||
// Most uses of getMessage() would be with caught exceptions, so this is not representative of real code.
|
||||
|
Loading…
Reference in New Issue
Block a user