search

mortenson / psalm-plugin-drupal

A project to add Psalm support for Drupal for security testing, focused only on taint analysis.
Other
43 stars 7 forks source link

PHP Warning in RenderArrayTainter #7

Closed FlorentTorregrosa closed 1 year ago

FlorentTorregrosa commented 1 year ago

Depending on the code base I execute Psalm. I have a huge number of similar warnings like the following.

</pre><em class="placeholder">Warning</em>: Uninitialized string offset 0 in <em class="placeholder">mortenson\PsalmPluginDrupal\RenderArrayTainter::removeTaints()</em> (line <em class="placeholder">52</em> of <em class="placeholder">/project/vendor/mortenson/psalm-plugin-drupal/RenderArrayTainter.php</em>). <pre class="backtrace">mortenson\PsalmPluginDrupal\RenderArrayTainter::removeTaints(Object) (Line: 616)
Psalm\Internal\EventDispatcher-&gt;dispatchRemoveTaints(Object) (Line: 409)
Psalm\Internal\Analyzer\Statements\Expression\ArrayAnalyzer::analyzeArrayItem(Object, Object, Object, Object, Object) (Line: 88)
Psalm\Internal\Analyzer\Statements\Expression\ArrayAnalyzer::analyze(Object, Object, Object) (Line: 287)
Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer::handleExpression(Object, Object, Object, , NULL, ) (Line: 78)
Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer::analyze(Object, Object, Object) (Line: 240)
Psalm\Internal\Analyzer\Statements\Expression\AssignmentAnalyzer::analyze(Object, Object, Object, NULL, Object, NULL) (Line: 167)
Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer::handleExpression(Object, Object, Object, , NULL, 1) (Line: 78)
Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer::analyze(Object, Object, Object, , NULL, 1) (Line: 572)
Psalm\Internal\Analyzer\StatementsAnalyzer::analyzeStatement(Object, Object, Object, NULL) (Line: 207)
Psalm\Internal\Analyzer\StatementsAnalyzer-&gt;analyze(Array, Object) (Line: 387)
Psalm\Internal\Analyzer\Statements\Block\LoopAnalyzer::analyze(Object, Array, Array, Array, Object, Object, , 1) (Line: 340)
Psalm\Internal\Analyzer\Statements\Block\ForeachAnalyzer::analyze(Object, Object, Object) (Line: 530)
Psalm\Internal\Analyzer\StatementsAnalyzer::analyzeStatement(Object, Object, Object, Object) (Line: 207)
Psalm\Internal\Analyzer\StatementsAnalyzer-&gt;analyze(Array, Object, Object, 1) (Line: 476)
Psalm\Internal\Analyzer\FunctionLikeAnalyzer-&gt;analyze(Object, Object, Object) (Line: 1798)
Psalm\Internal\Analyzer\ClassAnalyzer-&gt;analyzeClassMethod(Object, Object, Object, Object, Object) (Line: 425)
Psalm\Internal\Analyzer\ClassAnalyzer-&gt;analyze(Object, Object) (Line: 229)
Psalm\Internal\Analyzer\FileAnalyzer-&gt;analyze() (Line: 362)
Psalm\Internal\Codebase\Analyzer-&gt;Psalm\Internal\Codebase\{closure}(17, &#039;/project/app/modules/custom/&#039;) (Line: 211)
Psalm\Internal\Fork\Pool-&gt;__construct(Object, Array, Object, Object, Object, Object) (Line: 428)
Psalm\Internal\Codebase\Analyzer-&gt;doAnalysis(Object, 7) (Line: 291)
Psalm\Internal\Codebase\Analyzer-&gt;analyzeFiles(Object, 7, , 1) (Line: 691)
Psalm\Internal\Analyzer\ProjectAnalyzer-&gt;check(&#039;/project/app/&#039;, ) (Line: 373)
Psalm\Internal\Cli\Psalm::run(Array) (Line: 7)
include(&#039;/project/vendor/vimeo/psalm/psalm&#039;) (Line: 120)
</pre>

My Psalm config: https://gitlab.com/florenttorregrosa-drupal/docker-drupal-project/-/blob/9.x/scripts/quality/psalm/psalm.xml

I will create a PR.

FlorentTorregrosa commented 1 year ago

PR #8 created.