Taint not passed from parent to child class

vimeo / psalm

A static analysis tool for finding errors in PHP applications

https://psalm.dev

MIT License

5.54k stars 659 forks source link

Taint not passed from parent to child class #4608

Open LukasReschke opened 3 years ago

LukasReschke commented 3 years ago

This is currently not found: https://psalm.dev/r/664f7b7006

<?php //--taint-analysis    

class TemplateResponse {
    public $taint = '';

    public function setTaint(string $taint) {
        $this->taint = $taint;
    }
}

class StandaloneTemplateResponse extends TemplateResponse {
    public function getTaint() : string {
        return $this->taint;
    }
}

$extended_response = new StandAloneTemplateResponse();
$extended_response->setTaint($_GET['bar']);
echo $extended_response->getTaint();

psalm-github-bot[bot] commented 3 years ago

I found these snippets:

https://psalm.dev/r/664f7b7006

```php taint = $taint; } } class StandaloneTemplateResponse extends TemplateResponse { public function getTaint() : string { return $this->taint; } } $extended_response = new StandAloneTemplateResponse(); $extended_response->setTaint($_GET['bar']); echo $extended_response->getTaint(); ``` ``` Psalm output (using commit be275ae): No issues! ```