vimeo/psalm

Global type not respected during taint analysis

Open

#8,359 opened on 2022年8月2日

GitHub で見る
 (3 comments) (0 reactions) (0 assignees)PHP (668 forks)batch import
Help wantedbugtaint analysis

Repository metrics

Stars
 (5,369 stars)
PR merge metrics
 (平均マージ 3d 12h) (30d で 5 merged PRs)

説明

With the following psalm.xml:

<?xml version="1.0"?>
<psalm>
	<projectFiles>
		<directory name="." />
	</projectFiles>
	<globals>
		<var name="connection" type="mysqli" />
	</globals>
</psalm>

...and the following file.php:

<?php
$connection->query($_GET['injection']);
// function a(mysqli $b){}

A taint is not reported, even though it should be. Strangely, if you uncomment the function a... line, the taint is reported correctly. It's like psalm doesn't become aware of the mysqli type unless it is referenced in an unrelated location.

This example was distilled from an actual use case in a much larger code base. Let me know if there is any more information I can provide, or if you have a hunch that it's related to a particular part of the psalm source that I could look into.

コントリビューターガイド