danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2025-01-22 05:41:20 +01:00
Code Issues Projects Releases Wiki Activity

Add sinks for popen and proc_open (#4572)

Browse Source 
User input in those two functions could lead to a RCE.

popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
This commit is contained in:
Lukas Reschke 2020-11-16 21:04:22 +01:00 committed by Daniil Gentili
parent f9adf26ae9
commit ff55dba130
Signed by: danog
GPG Key ID: 8C1BE3B34B230CA7
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dictionaries/InternalTaintSinkMap.php
View File

@ -39,4 +39,6 @@ return [
'shell_exec' => [['shell']], 'shell_exec' => [['shell']],
'system' => [['shell']], 'system' => [['shell']],
'unserialize' => [['text']], 'unserialize' => [['text']],
'popen' => [['shell']],
'proc_open' => [['shell']],
]; ];

12
tests/TaintTest.php
View File

@ -1615,7 +1615,17 @@ class TaintTest extends TestCase
echo some_stub($r);', echo some_stub($r);',
'error_message' => 'TaintedInput', 'error_message' => 'TaintedInput',
] ],
'taintPopen' => [
'<?php
$cb = popen($_POST[\'x\'], \'r\');',
'error_message' => 'TaintedInput',
],
'taintProcOpen' => [
'<?php
$cb = proc_open($_POST[\'x\'], [], []);',
'error_message' => 'TaintedInput',
],
/* /*
// TODO: Stubs do not support this type of inference even with $this->message = $message. // TODO: Stubs do not support this type of inference even with $this->message = $message.
// Most uses of getMessage() would be with caught exceptions, so this is not representative of real code. // Most uses of getMessage() would be with caught exceptions, so this is not representative of real code.