Skip to content

Commit

Permalink
New sinks for TaintedCallable vimeo#10117
Browse files Browse the repository at this point in the history
  • Loading branch information
@cgocast
cgocast committed Aug 26, 2023
1 parent 4e177bf commit ec717f3
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
6 changes: 6 additions & 0 deletions stubs/Reflection.phpstub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ class ReflectionClass implements Reflector {

/**
* @param T|class-string<T>|interface-string<T>|trait-string|enum-string<T> $argument
* @psalm-taint-sink callable $argument
*/
public function __construct($argument) {}

Expand Down Expand Up @@ -58,6 +59,11 @@ class ReflectionClass implements Reflector {

class ReflectionFunction implements Reflector
{
/**
* @psalm-taint-sink callable $function
*/
public function __construct(callable $function) {}

/**
* @since 8.0
* @template TClass as object
Expand Down
14 changes: 14 additions & 0 deletions tests/TaintTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2373,6 +2373,20 @@ public static function getPrevious(string $s): string {
new $a($b);',
'error_message' => 'TaintedCallable',
],
'taintedReflectionClass' => [
'code' => '<?php
$name = $_GET["name"];
$reflector = new ReflectionClass($name);
$reflector->newInstance();',
'error_message' => 'TaintedCallable',
],
'taintedReflectionFunction' => [
'code' => '<?php
$name = $_GET["name"];
$function = new ReflectionFunction($name);
$function->invoke();',
'error_message' => 'TaintedCallable',
],
];
}

Expand Down

0 comments on commit ec717f3

Please sign in to comment.