Skip to content

Commit 78d644d

Browse files
muglugmuglug
committed
Change TaintedText to TaintedCallable
1 parent 4c315ec commit 78d644d

File tree

9 files changed

+47
-50
lines changed

9 files changed

+47
-50
lines changed

config.xsd

+1-1
Original file line numberDiff line numberDiff line change
@@ -371,6 +371,7 @@
371371
<xs:element name="ReferenceConstraintViolation" type="IssueHandlerType" minOccurs="0" />
372372
<xs:element name="ReservedWord" type="IssueHandlerType" minOccurs="0" />
373373
<xs:element name="StringIncrement" type="IssueHandlerType" minOccurs="0" />
374+
<xs:element name="TaintedCallable" type="IssueHandlerType" minOccurs="0" />
374375
<xs:element name="TaintedCookie" type="IssueHandlerType" minOccurs="0" />
375376
<xs:element name="TaintedCustom" type="IssueHandlerType" minOccurs="0" />
376377
<xs:element name="TaintedEval" type="IssueHandlerType" minOccurs="0" />
@@ -384,7 +385,6 @@
384385
<xs:element name="TaintedSSRF" type="IssueHandlerType" minOccurs="0" />
385386
<xs:element name="TaintedLdap" type="IssueHandlerType" minOccurs="0" />
386387
<xs:element name="TaintedSystemSecret" type="IssueHandlerType" minOccurs="0" />
387-
<xs:element name="TaintedText" type="IssueHandlerType" minOccurs="0" />
388388
<xs:element name="TaintedUnserialize" type="IssueHandlerType" minOccurs="0" />
389389
<xs:element name="TaintedUserSecret" type="IssueHandlerType" minOccurs="0" />
390390
<xs:element name="TooFewArguments" type="ArgumentIssueHandlerType" minOccurs="0" />

docs/running_psalm/issues/TaintedText.md docs/running_psalm/issues/TaintedCallable.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
# TaintedText
1+
# TaintedCallable
22

3-
Emitted when tainted text is detected somewhere unexpected.
3+
Emitted when tainted text is used in an aribtary function call.
44

55
This can lead to dangerous situations, like running arbitrary functions.
66

src/Psalm/Internal/Analyzer/Statements/Expression/Call/FunctionCallAnalyzer.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -757,7 +757,7 @@ private static function getAnalyzeNamedExpression(
757757
$arg_location
758758
);
759759

760-
$custom_call_sink->taints = [\Psalm\Type\TaintKind::INPUT_TEXT];
760+
$custom_call_sink->taints = [\Psalm\Type\TaintKind::INPUT_CALLABLE];
761761

762762
$statements_analyzer->data_flow_graph->addSink($custom_call_sink);
763763

src/Psalm/Internal/Codebase/TaintFlowGraph.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
use Psalm\Internal\DataFlow\DataFlowNode;
77
use Psalm\Internal\DataFlow\TaintSink;
88
use Psalm\Internal\DataFlow\TaintSource;
9+
use Psalm\Issue\TaintedCallable;
910
use Psalm\Issue\TaintedCookie;
1011
use Psalm\Issue\TaintedCustom;
1112
use Psalm\Issue\TaintedEval;
@@ -18,7 +19,6 @@
1819
use Psalm\Issue\TaintedSSRF;
1920
use Psalm\Issue\TaintedSql;
2021
use Psalm\Issue\TaintedSystemSecret;
21-
use Psalm\Issue\TaintedText;
2222
use Psalm\Issue\TaintedUnserialize;
2323
use Psalm\Issue\TaintedUserSecret;
2424
use Psalm\IssueBuffer;
@@ -279,8 +279,8 @@ private function getChildNodes(
279279

280280
foreach ($matching_taints as $matching_taint) {
281281
switch ($matching_taint) {
282-
case TaintKind::INPUT_TEXT:
283-
$issue = new TaintedText(
282+
case TaintKind::INPUT_CALLABLE:
283+
$issue = new TaintedCallable(
284284
'Detected tainted text',
285285
$issue_location,
286286
$issue_trace,

src/Psalm/Issue/TaintedText.php src/Psalm/Issue/TaintedCallable.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<?php
22
namespace Psalm\Issue;
33

4-
class TaintedText extends TaintedInput
4+
class TaintedCallable extends TaintedInput
55
{
66
public const SHORTCODE = 243;
77
}

src/Psalm/Type/TaintKind.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*/
88
class TaintKind
99
{
10-
public const INPUT_TEXT = 'text';
10+
public const INPUT_CALLABLE = 'callable';
1111
public const INPUT_UNSERIALIZE = 'unserialize';
1212
public const INPUT_INCLUDE = 'include';
1313
public const INPUT_EVAL = 'eval';

src/Psalm/Type/TaintKindGroup.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ class TaintKindGroup
1111
TaintKind::INPUT_HTML,
1212
TaintKind::INPUT_SHELL,
1313
TaintKind::INPUT_SQL,
14-
TaintKind::INPUT_TEXT,
14+
TaintKind::INPUT_CALLABLE,
1515
TaintKind::INPUT_EVAL,
1616
TaintKind::INPUT_UNSERIALIZE,
1717
TaintKind::INPUT_INCLUDE,

src/Psalm/Type/Union.php

+1
Original file line numberDiff line numberDiff line change
@@ -736,6 +736,7 @@ public function hasString(): bool
736736
|| isset($this->types['class-string'])
737737
|| isset($this->types['trait-string'])
738738
|| isset($this->types['numeric-string'])
739+
|| isset($this->types['callable-string'])
739740
|| $this->literal_string_types
740741
|| $this->typed_class_strings;
741742
}

tests/TaintTest.php

+36-40
Original file line numberDiff line numberDiff line change
@@ -1621,69 +1621,65 @@ function processParams(array $params) : array {
16211621
],
16221622
'taintFlow' => [
16231623
'<?php
1624+
/**
1625+
* @psalm-flow ($r) -> return
1626+
*/
1627+
function some_stub(string $r): string {}
16241628
1625-
/**
1626-
* @psalm-flow ($r) -> return
1627-
*/
1628-
function some_stub(string $r): string {}
1629-
1630-
$r = $_GET["untrusted"];
1629+
$r = $_GET["untrusted"];
16311630
1632-
echo some_stub($r);',
1631+
echo some_stub($r);',
16331632
'error_message' => 'TaintedHtml',
16341633
],
16351634
'taintFlowProxy' => [
16361635
'<?php
1636+
/**
1637+
* @psalm-taint-sink callable $in
1638+
*/
1639+
function dummy_taint_sink(string $in): void {}
16371640
1638-
/**
1639-
* @psalm-taint-sink text $in
1640-
*/
1641-
function dummy_taint_sink(string $in): void {}
1642-
1643-
/**
1644-
* @psalm-flow proxy dummy_taint_sink($r)
1645-
*/
1646-
function some_stub(string $r): string {}
1641+
/**
1642+
* @psalm-flow proxy dummy_taint_sink($r)
1643+
*/
1644+
function some_stub(string $r): string {}
16471645
1648-
$r = $_GET["untrusted"];
1646+
$r = $_GET["untrusted"];
16491647
1650-
some_stub($r);',
1651-
'error_message' => 'TaintedText',
1648+
some_stub($r);',
1649+
'error_message' => 'TaintedCallable',
16521650
],
16531651
'taintFlowProxyAndReturn' => [
16541652
'<?php
1653+
function dummy_taintable(string $in): string {
1654+
return $in;
1655+
}
16551656
1656-
function dummy_taintable(string $in): string {
1657-
return $in;
1658-
}
1659-
1660-
/**
1661-
* @psalm-flow proxy dummy_taintable($r) -> return
1662-
*/
1663-
function some_stub(string $r): string {}
1657+
/**
1658+
* @psalm-flow proxy dummy_taintable($r) -> return
1659+
*/
1660+
function some_stub(string $r): string {}
16641661
1665-
$r = $_GET["untrusted"];
1662+
$r = $_GET["untrusted"];
16661663
1667-
echo some_stub($r);',
1664+
echo some_stub($r);',
16681665
'error_message' => 'TaintedHtml',
16691666
],
16701667
'taintFlowMethodProxyAndReturn' => [
16711668
'<?php
1672-
1673-
class dummy {
1674-
public function taintable(string $in): string {
1675-
return $in;
1669+
class dummy {
1670+
public function taintable(string $in): string {
1671+
return $in;
1672+
}
16761673
}
1677-
}
16781674
1679-
/**
1680-
* @psalm-flow proxy dummy::taintable($r) -> return
1681-
*/
1682-
function some_stub(string $r): string {}
1675+
/**
1676+
* @psalm-flow proxy dummy::taintable($r) -> return
1677+
*/
1678+
function some_stub(string $r): string {}
16831679
1684-
$r = $_GET["untrusted"];
1680+
$r = $_GET["untrusted"];
16851681
1686-
echo some_stub($r);',
1682+
echo some_stub($r);',
16871683
'error_message' => 'TaintedHtml',
16881684
],
16891685
'taintPopen' => [

0 commit comments

Comments
 (0)