mirror of
https://github.com/danog/psalm.git
synced 2025-01-22 05:41:20 +01:00
78f4a0691c
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie' * Add documentation * Add mapping for taint flows * Add tests * Fix test
1.4 KiB
1.4 KiB
TaintedFile
This rule is emitted when user-controlled input can be passed into a sensitive file operation.
Risk
The risk here depends on the actual operation that contains user-controlled input, and how it is later on processed.
It could range from:
- Creating files
- Example:
file_put_contents
- Risk: Depending on the server configuration this may result in remote code execution. (e.g. writing a file in the web root)
- Example:
- Modifying files
- Example:
file_put_contents
- Risk: Depending on the server configuration this may result in remote code execution. (e.g. modifying a PHP file)
- Example:
- Reading files
- Example:
file_get_contents
- Risk: Sensitive data could be exposed from the filesystem. (e.g. config values, source code, user-submitted files)
- Example:
- Deleting files
- Example:
unlink
- Risk: Denial of Service or potentially RCE. (e.g. deleting application code, removing a .htaccess file)
- Example:
Example
<?php
$content = file_get_contents($_GET['header']);
echo $content;
Mitigations
Use an allowlist approach where possible to verify names on file operations.
Sanitize user-controlled filenames by stripping ..
, \
and /
.