Detection of Method Calls on Variables Created by Other Prior Method Calls #4446
-
I'm working on improving some security static analysis on Enlightn. A lot of the rules check whether there is any request input in a certain method call. Is it possible in PHPStan to detect method calls on primitive variables (such as strings, arrays) that were created by some specific method calls? For instance, this code is currently detected by my Rule using Model::forceCreate($request->all()); But I am currently unable to detect this: $x = $request->all();
Model::forceCreate($x); Note: Is this possible using PHPStan? If so, I would really appreciate if you could point me in the right direction. Thanks for the awesome package! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
Hi, you need to express this somehow using types. That way the built-in type inference in PHPStan will pick it up and you'll be able to track that across calls. The best way would be the |
Beta Was this translation helpful? Give feedback.
Hi, you need to express this somehow using types. That way the built-in type inference in PHPStan will pick it up and you'll be able to track that across calls. The best way would be the
Request::all()
method to have some specific@return
PHPDoc tag. Maybe generics would also help?