vimeo/psalm

Global type not respected during taint analysis

Open

#8,359 创建于 2022年8月2日

在 GitHub 查看
 (3 评论) (0 反应) (0 负责人)PHP (668 fork)batch import
Help wantedbugtaint analysis

仓库指标

Star
 (5,369 star)
PR 合并指标
 (平均合并 3天 12小时) (30 天内合并 5 个 PR)

描述

With the following psalm.xml:

<?xml version="1.0"?>
<psalm>
	<projectFiles>
		<directory name="." />
	</projectFiles>
	<globals>
		<var name="connection" type="mysqli" />
	</globals>
</psalm>

...and the following file.php:

<?php
$connection->query($_GET['injection']);
// function a(mysqli $b){}

A taint is not reported, even though it should be. Strangely, if you uncomment the function a... line, the taint is reported correctly. It's like psalm doesn't become aware of the mysqli type unless it is referenced in an unrelated location.

This example was distilled from an actual use case in a much larger code base. Let me know if there is any more information I can provide, or if you have a hunch that it's related to a particular part of the psalm source that I could look into.

贡献者指南