mirror of
https://github.com/danog/psalm.git
synced 2025-01-22 05:41:20 +01:00
Add sinks for popen and proc_open (#4572)
User input in those two functions could lead to a RCE. popen: https://www.php.net/manual/en/function.popen.php proc_open: https://www.php.net/manual/en/function.proc-open.php
This commit is contained in:
parent
f9adf26ae9
commit
ff55dba130
@ -39,4 +39,6 @@ return [
|
||||
'shell_exec' => [['shell']],
|
||||
'system' => [['shell']],
|
||||
'unserialize' => [['text']],
|
||||
'popen' => [['shell']],
|
||||
'proc_open' => [['shell']],
|
||||
];
|
||||
|
@ -1615,7 +1615,17 @@ class TaintTest extends TestCase
|
||||
|
||||
echo some_stub($r);',
|
||||
'error_message' => 'TaintedInput',
|
||||
]
|
||||
],
|
||||
'taintPopen' => [
|
||||
'<?php
|
||||
$cb = popen($_POST[\'x\'], \'r\');',
|
||||
'error_message' => 'TaintedInput',
|
||||
],
|
||||
'taintProcOpen' => [
|
||||
'<?php
|
||||
$cb = proc_open($_POST[\'x\'], [], []);',
|
||||
'error_message' => 'TaintedInput',
|
||||
],
|
||||
/*
|
||||
// TODO: Stubs do not support this type of inference even with $this->message = $message.
|
||||
// Most uses of getMessage() would be with caught exceptions, so this is not representative of real code.
|
||||
|
Loading…
x
Reference in New Issue
Block a user