Help wantedbugtaint analysis
Metriche repository
- Star
- (5369 star)
- Metriche merge PR
- (Merge medio 3g 12h) (5 PR mergiate in 30 g)
Descrizione
With the following psalm.xml:
<?xml version="1.0"?>
<psalm>
<projectFiles>
<directory name="." />
</projectFiles>
<globals>
<var name="connection" type="mysqli" />
</globals>
</psalm>
...and the following file.php:
<?php
$connection->query($_GET['injection']);
// function a(mysqli $b){}
A taint is not reported, even though it should be. Strangely, if you uncomment the function a... line, the taint is reported correctly. It's like psalm doesn't become aware of the mysqli type unless it is referenced in an unrelated location.
This example was distilled from an actual use case in a much larger code base. Let me know if there is any more information I can provide, or if you have a hunch that it's related to a particular part of the psalm source that I could look into.