14 Commits

Author	SHA1	Message	Date
Bruce Weirdan	e743cd9e8d	Taint map is non-empty as well	2023-02-26 03:17:13 -04:00
orklah	2966f1c9d4	Merge pull request #7107 from AndrolGenhald/feature/5482-load-extensions-based-on-composer-config ... Enable extensions based on composer.json instead of those loaded at runtime (fixes #5482).	2022-01-28 18:45:52 +01:00
mal-tee	ee990ebff6	InternalTaintSinkMap: Add getimagesize as SSRF sink	2022-01-28 12:29:26 +01:00
AndrolGenhald	2fe4fc397c	Enable extensions based on composer.json instead of those loaded at runtime (fixes #5482).	2022-01-27 16:30:14 -06:00
rarila	1c298c4605	Conversion of Psalm\Type	2021-12-14 02:31:22 +01:00
LeSuisse	e32ed43253	Fix incorrect taint sink map for \rmdir (#4703) ... Closes #4690	2020-11-25 16:45:53 -05:00
Matt Brown	ea9cb72143	First creation_function param isnÆt really a sink	2020-11-20 09:56:53 -05:00
Markus Staab	acb4bb42e1	documented type in InternalTaintSinkMap (#4627)	2020-11-19 19:27:40 -05:00
Lukas Reschke	78f4a0691c	Add dedicated types for 'file', 'header' and 'cookie' (#4630) ... * [WIP] Add dedicated sinks for 'file', 'header' and 'cookie' * Add documentation * Add mapping for taint flows * Add tests * Fix test	2020-11-19 17:47:29 -05:00
Lukas Reschke	ddbfbb28e6	Split LDAP into custom category (#4604) ... - Adds ldap_escape as sanitizer - Defines the right parameters to ldap_search as sink - Wrote documentation - Added tests	2020-11-18 11:39:36 -05:00
Lukas Reschke	5ba4681c17	Add SSRF sinks (#4592)	2020-11-18 00:52:48 -05:00
Matt Brown	43af3b1a57	Break out TaintedInput issues into a lot of separate ones	2020-11-17 12:44:31 -05:00
Lukas Reschke	09abcfb650	Add sinks for popen and proc_open (#4572) ... User input in those two functions could lead to a RCE. popen: https://www.php.net/manual/en/function.popen.php proc_open: https://www.php.net/manual/en/function.proc-open.php	2020-11-16 15:04:22 -05:00
Matt Brown	f3b05f5ab5	Move static code out of src	2020-10-12 00:59:19 -04:00