danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-11-26 20:34:47 +01:00
Code Issues Projects Releases Wiki Activity
f969b01db4
psalm/docs/security_analysis/custom_taint_sinks.md
Tom Klingenberg ea52b9d23a
Fix minor typos in docs (#3956) 
While I was searching for some code, ran across these.
2020-08-08 08:09:41 -04:00

501 B
Raw Blame History

Custom Taint Sinks

The @psalm-taint-sink <taint-type> <param-name> annotation allows you to define a taint sink.

Any tainted value matching the given taint type will be reported as an error by Psalm.

Example

Here the PDOWrapper class has an exec method that should not receive tainted SQL, so we can prevent its insertion:

<?php

class PDOWrapper {
    /**
     * @psalm-taint-sink sql $sql
     */
    public function exec(string $sql) : void {}
}