1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-17 11:56:59 +01:00
psalm/docs/running_psalm/issues/TaintedFile.md
Lukas Reschke 78f4a0691c
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
2020-11-19 17:47:29 -05:00

1.4 KiB

TaintedFile

This rule is emitted when user-controlled input can be passed into a sensitive file operation.

Risk

The risk here depends on the actual operation that contains user-controlled input, and how it is later on processed.

It could range from:

  • Creating files
    • Example: file_put_contents
    • Risk: Depending on the server configuration this may result in remote code execution. (e.g. writing a file in the web root)
  • Modifying files
    • Example: file_put_contents
    • Risk: Depending on the server configuration this may result in remote code execution. (e.g. modifying a PHP file)
  • Reading files
    • Example: file_get_contents
    • Risk: Sensitive data could be exposed from the filesystem. (e.g. config values, source code, user-submitted files)
  • Deleting files
    • Example: unlink
    • Risk: Denial of Service or potentially RCE. (e.g. deleting application code, removing a .htaccess file)

Example

<?php

$content = file_get_contents($_GET['header']);
echo $content;

Mitigations

Use an allowlist approach where possible to verify names on file operations.

Sanitize user-controlled filenames by stripping .., \ and /.

Further resources