You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The root of this problem is in Psalm itself as apparently its creators don't intend to implement it into the language server (see vimeo/psalm#4869 ), closing this.
Taint analysis could be configurated separately for the language server (for example with an argument like languageServerTaintAnalysis or forceTaintAnalysis). This way taint analysis could be enabled for language server only if the codebase is small enough while enabled separately for CLI. If I proposed a pull request with this feature would you merge it?
In
psalm.xml
I have enabled therunTaintAnalysis
parameter to enable SAST:If I run
psalm
from CLI I get various taint alerts, for example:If I visit this file with VSCode and the psalm plugin enabled, however, I see other alerts from Psalm but not the taint/security ones.
The text was updated successfully, but these errors were encountered: