Allow to define custom taint types classes

vimeo / psalm

A static analysis tool for finding errors in PHP applications

https://psalm.dev

MIT License

5.54k stars 660 forks source link

Allow to define custom taint types classes #9186

Open ohader opened 1 year ago

ohader commented 1 year ago

Currently custom taint types are plain strings like "anything" and wrapped in class generic TaintedCustom. To add more semantics and better taint graph handling, those types should be regular classes like AnythingTaint and optionally be "connected" to existing groups like TaintKindGroup::ALL_INPUT. In case no specific class is defined, it still falls back to current TaintedCustom behavior.

Example: https://psalm.dev/r/b0cf89613b

psalm-github-bot[bot] commented 1 year ago

I found these snippets:

https://psalm.dev/r/b0cf89613b

```php