https://psalm.dev/r/39fff64acc
```php
`
*/
class Custom {}
$payload = $_GET['payload']
// tainted as expected
unserialize($payload);
// actually is safe
// 2nd parameter to `unserialize` available since PHP 7.0 (=> still unsafe for PHP 5.x)
unserialize($payload, ['allowed_classes' => false]);
// either some new annotation at class, or custom plugin could decide
unserialize($payload, ['allowed_classes' => [Custom::class]]);
```
```
Psalm output (using commit ae172b2):
ERROR: ParseError - 16:1 - Syntax error, unexpected T_STRING on line 16
ERROR: TaintedUnserialize - 16:13 - Detected tainted code passed to unserialize or similar
ERROR: TaintedUnserialize - 19:13 - Detected tainted code passed to unserialize or similar
ERROR: TaintedUnserialize - 21:13 - Detected tainted code passed to unserialize or similar
```
unserialize($payload)
unserialize($payload, ['allowed_classes' => false])
unserialize($payload, ['allowed_classes' => [Custom::class]])
@psalm-taint-config unserialize allowed_classes
https://psalm.dev/r/39fff64acc