Skip to content

Commit

Permalink
Fix vimeo#4620 - reconciled literal strings cannot carry taints
Browse files Browse the repository at this point in the history
  • Loading branch information
@muglug @danog
muglug authored and danog committed Jan 29, 2021
1 parent f969b01 commit 43187a0
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/Psalm/Type/Reconciler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,7 +309,8 @@ public static function reconcileKeyedTypes(
}

if (($statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\TaintFlowGraph
&& (!$result_type->hasScalarType()) || $result_type->hasString())
&& (!$result_type->hasScalarType())
|| ($result_type->hasString() && !$result_type->hasLiteralString()))
|| $statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\VariableUseGraph
) {
if ($before_adjustment && $before_adjustment->parent_nodes) {
Expand Down
13 changes: 13 additions & 0 deletions tests/TaintTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -544,6 +544,19 @@ public function getTaint() : string {
$a = new A("bar");
echo $a->getTaint();',
],
'literalStringCannotCarryTaint' => [
'<?php
$file = $_GET["foo"];
if ($file !== "") {
/**
* @psalm-taint-escape input
*/
$file = basename($file);
}
echo $file;'
],
];
}

Expand Down

0 comments on commit 43187a0

Please sign in to comment.