New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
taint on empty strings #4620
Comments
I found these snippets: https://psalm.dev/r/a020e4ddc2<?php // --taint-analysis
function importScript(string $filename)
{
if (is_file($filename)) {
$c = file_get_contents($filename);
}
}
$file = $_GET['filename'];
if ($file != '') {
/**
* @psalm-taint-escape text
*/
$file = basename($file);
}
importScript($file);
|
the initially reported taint error is still reproducible |
I found these snippets: https://psalm.dev/r/a020e4ddc2<?php // --taint-analysis
function importScript(string $filename)
{
if (is_file($filename)) {
$c = file_get_contents($filename);
}
}
$file = $_GET['filename'];
if ($file != '') {
/**
* @psalm-taint-escape text
*/
$file = basename($file);
}
importScript($file);
|
At the very least it's titled misleadingly - there's no guarantee that If you make sure it's a string (e.g. by using strict comparison) the taint is gone: https://psalm.dev/r/3fd7e9379c |
I found these snippets: https://psalm.dev/r/d25318bfb9<?php // --no-taint-analysis
function importScript(string $filename): void
{
if (is_file($filename)) {
$c = file_get_contents($filename);
}
}
if (!isset($_GET['filename'])) throw new RuntimeException('missing');
$file = $_GET['filename'];
if ($file != '') {
/**
* @psalm-taint-escape text
*/
$file = basename($file);
}
importScript($file);
https://psalm.dev/r/3fd7e9379c<?php // --taint-analysis
function importScript(string $filename): void
{
if (is_file($filename)) {
$c = file_get_contents($filename);
}
}
if (!isset($_GET['filename'])) throw new RuntimeException('missing');
$file = $_GET['filename'];
if ($file !== '') {
/**
* @psalm-taint-escape text
*/
$file = basename($file);
}
importScript($file);
|
I dont expect a error in this case
https://psalm.dev/r/a020e4ddc2
as soon as I drop the
if ($file) {
it works like expected.The text was updated successfully, but these errors were encountered: