Help wantedbugtaint analysis
Repository-Metriken
- Stars
- (5.369 Stars)
- PR-Merge-Metriken
- (Durchschn. Merge 3T 12h) (5 gemergte PRs in 30 T)
Beschreibung
With the following psalm.xml:
<?xml version="1.0"?>
<psalm>
<projectFiles>
<directory name="." />
</projectFiles>
<globals>
<var name="connection" type="mysqli" />
</globals>
</psalm>
...and the following file.php:
<?php
$connection->query($_GET['injection']);
// function a(mysqli $b){}
A taint is not reported, even though it should be. Strangely, if you uncomment the function a... line, the taint is reported correctly. It's like psalm doesn't become aware of the mysqli type unless it is referenced in an unrelated location.
This example was distilled from an actual use case in a much larger code base. Let me know if there is any more information I can provide, or if you have a hunch that it's related to a particular part of the psalm source that I could look into.