mirror of
https://github.com/danog/psalm.git
synced 2024-11-26 20:34:47 +01:00
21 lines
501 B
Markdown
21 lines
501 B
Markdown
# Custom Taint Sinks
|
|
|
|
The `@psalm-taint-sink <taint-type> <param-name>` annotation allows you to define a taint sink.
|
|
|
|
Any tainted value matching the given [taint type](index.md#taint-types) will be reported as an error by Psalm.
|
|
|
|
### Example
|
|
|
|
Here the `PDOWrapper` class has an `exec` method that should not receive tainted SQL, so we can prevent its insertion:
|
|
|
|
```php
|
|
<?php
|
|
|
|
class PDOWrapper {
|
|
/**
|
|
* @psalm-taint-sink sql $sql
|
|
*/
|
|
public function exec(string $sql) : void {}
|
|
}
|
|
```
|