Closed danog closed 6 months ago
michnovka
commented
2 years ago @danog you should also fix https://github.com/psalm/psalm-plugin-symfony/actions/runs/3596019841/jobs/6062735638 , i.e. remove
use ReflectionClass;
use ReflectionException;and escape them in code with leading \ in src/Handler/DoctrineRepositoryHandler.php
danog
commented
2 years ago Or I could also just run cs-fix, but there's still some work to be done on the psalm side :)
michnovka
commented
1 year ago @danog thank you very much for taking time to work on this. Do you have any time estimate when you can finish? Thanks!
danog
commented
1 year ago I'm afraid the taint issues are caused by the same stubs issue caused by this plugin, that's causing issues upstream with user_defined classes.
danog
commented
1 year ago In fact, analyzing this standalone code returns the taint issues as expected, but running psalm with the plugin enabled on the same file but without the class declarations doesn't:
<?php
class Response
{
/**
* @var array<int, string>
*/
public static $statusTexts;
/**
* @throws \InvalidArgumentException When the HTTP status code is not valid
* @psalm-taint-sink html $content
*/
public function __construct(?string $content = '', int $status = 200, array $headers = []) {}
}
/**
* HeaderBag is a container for HTTP headers.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class HeaderBag implements \IteratorAggregate, \Countable
{
/**
* Returns the headers as a string.
*
* @return string The headers
*
* @psalm-taint-source input
*/
public function __toString() {}
/**
* @psalm-taint-source input
* @psalm-mutation-free
*/
public function get(string $key, string $default = null): ?string {}
}
/** @var HeaderBag */
$a = null;
new Response($a->get('test'));
This would very much tick this issue: https://github.com/psalm/psalm-plugin-symfony/issues/285