How to add taint source for objects?

vimeo / psalm

A static analysis tool for finding errors in PHP applications

https://psalm.dev

MIT License

5.57k stars 660 forks source link

How to add taint source for objects? #3745

Open thbley opened 4 years ago

thbley commented 4 years ago

given: https://psalm.dev/r/1a0c4d8202

I tried:

/**
 * @psalm-taint-source input
 */
function getLogs(): Task

/**
 * @psalm-taint-source input
 */
class Task {

/**
 * @psalm-taint-source input
 */
public $test;

but echo getLogs()->test; was not detected as tainted html

psalm-github-bot[bot] commented 4 years ago

I found these snippets:

https://psalm.dev/r/1a0c4d8202

```php test = 'test'; return $result; } echo getLogs()->test; ``` ``` Psalm output (using commit 7c7ebd0): No issues! ```

weirdan commented 4 years ago

https://psalm.dev/r/ba49a9d5c5, however, is detected.

psalm-github-bot[bot] commented 4 years ago

I found these snippets:

https://psalm.dev/r/ba49a9d5c5

```php test = getHtml(); return $result; } /** @psalm-taint-source html */ function getHtml(): string { return 'test'; } echo getLogs()->test; ``` ``` Psalm output (using commit 7c7ebd0): ERROR: TaintedInput - 20:6 - Detected tainted html ```

muglug commented 4 years ago

You can currently do it via a plugin, but I’ll add support for that annotation on properties too

ohader commented 3 years ago

Just stumbled over this as well - current snippet: https://psalm.dev/r/e90cced713

psalm-github-bot[bot] commented 3 years ago

I found these snippets:

https://psalm.dev/r/e90cced713

```php getInject()); // correctly detected exec($this->inject); // property not detected } } ``` ``` Psalm output (using commit 40bc7cf): ERROR: TaintedShell - 17:14 - Detected tainted shell code ```