Open ArtemGoutsoul opened 3 years ago
Hey @ArtemGoutsoul, can you reproduce the issue on https://psalm.dev ?
I found these snippets:
I could try to write a custom plugin, but so far I was not able to find a way to start.
One could take a few approaches:
@psalm-taint-source input
So far I checked the following:
Should one create a class implementing \Psalm\Plugin\EventHandler\MethodParamsProviderInterface ?
Would anyone have a closer example or some more hints?
Thank you!
I'd try to use one of those two plugin interfaces:
The first one will probably be simpler, but I think there's one disadvantage with the first: it's called before the cache is created (so whatever the plugin does will end up cached). That means your plugin won't be able to change things between runs that uses the cache (but it may not be an issue if you just want to add taints to every method)
Is a better example on how to add taints
Use case: a method is exposed as an API endpoint, i.e. all params are input taint sources.
Example suggestion:
This would be equivalent to marking each individual method.
Would be even better if one could mark Some_Api_Abstract as a taint source, and all child class method parameters would become taint sources.