Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add mysqli::query as a taint sink #4155

Closed
craigfrancis opened this issue Sep 8, 2020 · 4 comments
Closed

Add mysqli::query as a taint sink #4155

craigfrancis opened this issue Sep 8, 2020 · 4 comments

Comments

@craigfrancis
Copy link
Contributor

While this issue is detected:

<?php
$mysqli = new mysqli('localhost', 'test', '???', 'test');
$result = mysqli_query($mysqli, 'SELECT * FROM user WHERE id = ' . $_GET['id']);
?>

This one is not:

<?php
$mysqli = new mysqli('localhost', 'test', '???', 'test');
$result = $mysqli->query('SELECT * FROM user WHERE id = ' . $_GET['id']);
?>
@psalm-github-bot
Copy link

Hey @craigfrancis, can you reproduce the issue on https://psalm.dev ?

@craigfrancis
Copy link
Contributor Author

https://psalm.dev/r/a92254e11d
https://psalm.dev/r/fcf2f09014

@psalm-github-bot
Copy link

I found these snippets:

https://psalm.dev/r/a92254e11d 
<?php // --taint-analysis
$mysqli = new mysqli('localhost', 'test', '???', 'test');
$result = mysqli_query($mysqli, 'SELECT * FROM user WHERE id = ' . $_GET['id']);
?>
Psalm output (using commit 29efab5):

ERROR: TaintedInput - 3:33 - Detected tainted sql
https://psalm.dev/r/fcf2f09014 
<?php // --taint-analysis
$mysqli = new mysqli('localhost', 'test', '???', 'test');
$result = $mysqli->query('SELECT * FROM user WHERE id = ' . $_GET['id']);
?>
Psalm output (using commit 29efab5):

No issues!

@muglug
Copy link
Collaborator

muglug commented Sep 8, 2020

@craigfrancis you should be able to PR this, making a change to InternalTaintSinkMap.php

craigfrancis added a commit to craigfrancis/psalm that referenced this issue Sep 8, 2020
@craigfrancis
Additional MySQL sinks, ref Issue vimeo#4155
d43bfc1
muglug pushed a commit that referenced this issue Sep 8, 2020
@craigfrancis
Additional MySQL sinks, ref Issue #4155 (#4158)
993e112
@muglug muglug closed this as completed Sep 8, 2020
muglug pushed a commit that referenced this issue Sep 10, 2020
@craigfrancis @muglug
Additional MySQL sinks, ref Issue #4155 (#4158)
2122e4a
danog pushed a commit to danog/psalm that referenced this issue Jan 29, 2021
@craigfrancis @danog
Additional MySQL sinks, ref Issue vimeo#4155 (vimeo#4158)
a1ee5e6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@craigfrancis @muglug