Member variables set in child class ignored for taint flow #4605

LukasReschke · 2020-11-18T15:33:46Z

This is currently not detected.

<?php //--taint-analysis	

class TemplateResponse {
    public $taint = '';

    public function getTaint() : string {
        return $this->taint;
    }
}

class StandaloneTemplateResponse extends TemplateResponse {
    public function __construct($taint) {
        $this->taint = $taint; 
    }
}

$extended_response = new StandAloneTemplateResponse($_GET['bar']);
echo $extended_response->getTaint();

psalm-github-bot · 2020-11-18T15:33:49Z

I found these snippets:

https://psalm.dev/r/0b40f43f27

<?php //--taint-analysis	

class TemplateResponse {
    public $taint = '';

    public function getTaint() : string {
        return $this->taint;
    }
}

class StandaloneTemplateResponse extends TemplateResponse {
    public function __construct($taint) {
        $this->taint = $taint; 
    }
}

$extended_response = new StandAloneTemplateResponse($_GET['bar']);
echo $extended_response->getTaint();

Psalm output (using commit 4bb84f7):

No issues!

muglug closed this as completed in be275ae Nov 18, 2020

danog pushed a commit to danog/psalm that referenced this issue Jan 29, 2021

Fix vimeo#4605 - taint parent-declared property

c3658e2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Member variables set in child class ignored for taint flow #4605

Member variables set in child class ignored for taint flow #4605

LukasReschke commented Nov 18, 2020

psalm-github-bot bot commented Nov 18, 2020

Member variables set in child class ignored for taint flow #4605

Member variables set in child class ignored for taint flow #4605

Comments

LukasReschke commented Nov 18, 2020

psalm-github-bot bot commented Nov 18, 2020