Taintedness of function return values is only tracked if function has a declared return type

[TysonAndre]

<?php

// Edit: adding @return string or even @return mixed will make Psalm properly warn about this
function rawinput() {
    return $_GET['rawinput'];
}

echo rawinput();

Observed: Does not emit TaintedInput for the echo
Expected: Should have some way to warn. function identity($x) { return $x; } has the same issue.

Also, it seems like labels for functions in namespaces may have issues - at a glance, they may be called ns\foo in one label but foo in another

[TysonAndre]

It seems like src/Psalm/Internal/Analyzer/Statements/ReturnAnalyzer.php handleTaints() ends up getting called. I wonder if $inferred_type->parent_nodes is somehow different due to early return or due to some other issue

EDIT: it gets called whether or not there's a return type, the issue's probably elsewhere