Taint detection hiding other taint detections #11177
Comments
|
I found these snippets: https://psalm.dev/r/d1aadc9fc2<?php // --taint-analysis
/**
* @psalm-taint-source input
*/
function get_query_parameters() {}
/**
* @psalm-taint-sink sql $query
*/
function db_query($query) {}
function db_query_using_get_query_parameters() {
$params = get_query_parameters();
db_query('SELECT * FROM table where id=' . $params['id']);
}
db_query_with_arg($_GET['foo']);
function db_query_with_arg($arg) {
db_query('SELECT * FROM table where id=' . $arg);
}https://psalm.dev/r/6bd082120b<?php // --taint-analysis
/**
* @psalm-taint-source input
*/
function get_query_parameters() {}
/**
* @psalm-taint-sink sql $query
*/
function db_query($query) {}
db_query_with_arg($_GET['foo']);
function db_query_with_arg($arg) {
db_query('SELECT * FROM table where id=' . $arg);
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Given this code: https://psalm.dev/r/d1aadc9fc2. Only the issue with taint source get_query_parameters() inside db_query_using_get_query_parameters() is detected, the one with db_query_with_arg($_GET['foo']); is not.
When you remove the whole db_query_using_get_query_parameters() function, it suddenly detects the issue with db_query_with_arg($_GET['foo']); See https://psalm.dev/r/6bd082120b.
The text was updated successfully, but these errors were encountered: