1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-15 10:57:08 +01:00
psalm/examples/plugins/SafeArrayKeyChecker.php
Samuel Mortenson 4aabb411a8
Added event to prevent tainting. (#5398)
* Added event to prevent tainting.

* Remove optional codebase parameter.

* Removed falsy check for codebase.

* Use two separate hooks for adding and removing taints

* Add slashes

* Update add/remove taint test name.

* Cleaned up SafeArrayKeyChecker example plugin.

* Added more AddRemoveTaintsEvent calls to codebase.

* Fix type check error with $added_taints param.

* Added AddRemoveTaintsEvent to remaining classes.

* Fix post-merge error.

* Add comma

* Remove $int_offset that never existed

Co-authored-by: Matt Brown <github@muglug.com>
2021-03-19 22:41:41 -04:00

39 lines
1.2 KiB
PHP

<?php
namespace Psalm\Example\Plugin;
use PhpParser\Node\Expr\ArrayItem;
use Psalm\Internal\Analyzer\StatementsAnalyzer;
use Psalm\Plugin\EventHandler\Event\AddRemoveTaintsEvent;
use Psalm\Plugin\EventHandler\RemoveTaintsInterface;
class SafeArrayKeyChecker implements RemoveTaintsInterface
{
/**
* Called to see what taints should be removed
*
* @return list<string>
*/
public static function removeTaints(AddRemoveTaintsEvent $event): array {
$item = $event->getExpr();
$statements_analyzer = $event->getStatementsSource();
if (!($item instanceof ArrayItem) || !($statements_analyzer instanceof StatementsAnalyzer)) {
return [];
}
$item_key_value = '';
if ($item->key) {
if ($item_key_type = $statements_analyzer->node_data->getType($item->key)) {
$key_type = $item_key_type;
if ($key_type->isSingleStringLiteral()) {
$item_key_value = $key_type->getSingleStringLiteral()->value;
}
}
}
if ($item_key_value === 'safe_key') {
return ['html'];
}
return [];
}
}