Detect known tainted callable variables

vimeo / psalm

A static analysis tool for finding errors in PHP applications

https://psalm.dev

MIT License

5.57k stars 660 forks source link

Open ohader opened 2 years ago

ohader commented 2 years ago

$e = 'exec'; $e(...) should be handled the same as exec(...), which is a known tainted sink.

psalm-github-bot[bot] commented 2 years ago

I found these snippets:

https://psalm.dev/r/f6c52d7684

```php