1
0
mirror of https://github.com/danog/psalm.git synced 2024-11-30 04:39:00 +01:00
psalm/docs/security_analysis/custom_taint_sinks.md
Tom Klingenberg ea52b9d23a
Fix minor typos in docs (#3956)
While I was searching for some code, ran across these.
2020-08-08 08:09:41 -04:00

21 lines
501 B
Markdown

# Custom Taint Sinks
The `@psalm-taint-sink <taint-type> <param-name>` annotation allows you to define a taint sink.
Any tainted value matching the given [taint type](index.md#taint-types) will be reported as an error by Psalm.
### Example
Here the `PDOWrapper` class has an `exec` method that should not receive tainted SQL, so we can prevent its insertion:
```php
<?php
class PDOWrapper {
/**
* @psalm-taint-sink sql $sql
*/
public function exec(string $sql) : void {}
}
```