-
Notifications
You must be signed in to change notification settings - Fork 653
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Taint detection does not work for encapsulated strings (echo "$unsafe";) #3655
Comments
src/Psalm/Internal/Analyzer/Statements/Expression/BinaryOpAnalyzer.php src/Psalm/Internal/Analyzer/Statements/Expression/EncapsulatedStringAnalyzer.php is a candidate of where to add this taint tracking for encapsulated strings? |
just FYI you can reproduce in psalm.dev by having |
Does it work for other switches / settings? |
That’s a negative (but feel free to add support for individual ones over at psalm.dev’s repo) |
Observed: No TaintedInput is emitted, but it would be emitted if the quotes are removed
Expected: TaintedInput is emitted
$pdo->exec("select * from users where name='" . $name . "'")
in https://psalm.dev/docs/security_analysis/ suggests taint detection already works for concatenation but not encapsulationThe text was updated successfully, but these errors were encountered: