Skip to content

Commit

Permalink
New sinks for TaintedCallable vimeo#10117
Browse files Browse the repository at this point in the history
  • Loading branch information
@cgocast
cgocast committed Aug 26, 2023
1 parent 8bfcf47 commit 72c9bf8
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
6 changes: 6 additions & 0 deletions stubs/Reflection.phpstub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ class ReflectionClass implements Reflector {
/**
* @param T|class-string<T>|interface-string<T>|trait-string|enum-string<T> $argument
* @psalm-pure
* @psalm-taint-sink callable $argument
*/
public function __construct($argument) {}

Expand Down Expand Up @@ -411,6 +412,11 @@ abstract class ReflectionFunctionAbstract implements Reflector
/** @psalm-pure */
public function getClosure(): Closure {}

/**
* @psalm-taint-sink callable $function
*/
public function __construct(callable $function) {}

/**
* @since 8.0
* @template TClass as object
Expand Down
13 changes: 13 additions & 0 deletions tests/TaintTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2488,6 +2488,19 @@ public static function getPrevious(string $s): string {
'code' => '<?php
echo pg_escape_string($conn, $_GET["a"]);',
'error_message' => 'TaintedHtml',
'taintedReflectionClass' => [
'code' => '<?php
$name = $_GET["name"];
$reflector = new ReflectionClass($name);
$reflector->newInstance();',
'error_message' => 'TaintedCallable',
],
'taintedReflectionFunction' => [
'code' => '<?php
$name = $_GET["name"];
$function = new ReflectionFunction($name);
$function->invoke();',
'error_message' => 'TaintedCallable',
],
];
}
Expand Down

0 comments on commit 72c9bf8

Please sign in to comment.