Add more steps for clearer output

vimeo · Jun 22, 2020 · 36f1630 · 36f1630
1 parent 07a3870
commit 36f1630
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 7 deletions.
diff --git a/src/Psalm/Internal/Analyzer/Statements/Expression/Call/ArgumentAnalyzer.php b/src/Psalm/Internal/Analyzer/Statements/Expression/Call/ArgumentAnalyzer.php
@@ -1179,6 +1179,17 @@ private static function processTaintedness(
             }
         }
 
+        $codebase->taint->addTaintNode($method_node);
+
+        $argument_value_node = TaintNode::getForAssignment(
+            'call to ' . $cased_method_id,
+            $arg_location
+        );
+
+        $codebase->taint->addTaintNode($argument_value_node);
+
+        $codebase->taint->addPath($argument_value_node, $method_node, 'arg');
+
         if ($function_param->sinks) {
             if ($specialize_taint) {
                 $sink = Sink::getForMethodArgument(
@@ -1202,12 +1213,10 @@ private static function processTaintedness(
             $codebase->taint->addSink($sink);
         }
 
-        $codebase->taint->addTaintNode($method_node);
-
         if ($input_type->parent_nodes) {
             foreach ($input_type->parent_nodes as $parent_node) {
                 $codebase->taint->addTaintNode($method_node);
-                $codebase->taint->addPath($parent_node, $method_node, 'arg');
+                $codebase->taint->addPath($parent_node, $argument_value_node, 'arg');
             }
         }
 

diff --git a/src/Psalm/Internal/Codebase/Taint.php b/src/Psalm/Internal/Codebase/Taint.php
@@ -166,7 +166,7 @@ public function connectSinksAndSources() : void
         $sources = $this->sources;
         $sinks = $this->sinks;
 
-        for ($i = 0; count($sinks) && count($sources) && $i < 25; $i++) {
+        for ($i = 0; count($sinks) && count($sources) && $i < 30; $i++) {
             $new_sources = [];
 
             foreach ($sources as $source) {

diff --git a/tests/TaintTest.php b/tests/TaintTest.php
@@ -478,7 +478,7 @@ public function exec(string $sql) : void {}
     public function testTaintedInputFromParam()
     {
         $this->expectException(\Psalm\Exception\CodeException::class);
-        $this->expectExceptionMessage('TaintedInput - somefile.php:17:36 - Detected tainted sql in path: $_GET -> $_GET[\'user_id\'] (somefile.php:4:41) -> A::getUserId (somefile.php:3:51) -> concat (somefile.php:8:32) -> A::getAppendedUserId (somefile.php:7:59) -> $userId (somefile.php:12:25) -> A::deleteUser#2 (somefile.php:16:65) -> concat (somefile.php:17:36) -> PDO::exec#1');
+        $this->expectExceptionMessage('TaintedInput - somefile.php:17:36 - Detected tainted sql in path: $_GET -> $_GET[\'user_id\'] (somefile.php:4:41) -> A::getUserId (somefile.php:3:51) -> concat (somefile.php:8:32) -> A::getAppendedUserId (somefile.php:7:59) -> $userId (somefile.php:12:25) -> call to A::deleteUser (somefile.php:13:49) -> A::deleteUser#2 (somefile.php:16:65) -> concat (somefile.php:17:36) -> call to PDO::exec (somefile.php:17:36) -> PDO::exec#1');
 
         $this->project_analyzer->trackTaintedInputs();
 
@@ -615,7 +615,7 @@ public function deleteUser(PDO $pdo, string $userId) : void {
     public function testTaintedInputToParamAlternatePath()
     {
         $this->expectException(\Psalm\Exception\CodeException::class);
-        $this->expectExceptionMessage('TaintedInput - somefile.php:23:40 - Detected tainted sql in path: $_GET -> $_GET[\'user_id\'] (somefile.php:7:63) -> A::getAppendedUserId#1 (somefile.php:11:62) -> concat (somefile.php:12:32) -> A::getAppendedUserId (somefile.php:11:37) -> A::deleteUser#3 (somefile.php:19:81) -> concat (somefile.php:23:40) -> PDO::exec#1');
+        $this->expectExceptionMessage('TaintedInput - somefile.php:23:40 - Detected tainted sql in path: $_GET -> $_GET[\'user_id\'] (somefile.php:7:63) -> call to A::getAppendedUserId (somefile.php:7:54) -> A::getAppendedUserId#1 (somefile.php:11:62) -> concat (somefile.php:12:32) -> A::getAppendedUserId (somefile.php:11:37) -> call to A::deleteUser (somefile.php:7:29) -> A::deleteUser#3 (somefile.php:19:81) -> concat (somefile.php:23:40) -> call to PDO::exec (somefile.php:23:40) -> PDO::exec#1');
 
         $this->project_analyzer->trackTaintedInputs();
 
@@ -658,7 +658,7 @@ public function deleteUser(PDO $pdo, string $userId, string $userId2) : void {
     public function testTaintedInParentLoader()
     {
         $this->expectException(\Psalm\Exception\CodeException::class);
-        $this->expectExceptionMessage('TaintedInput - somefile.php:16:40 - Detected tainted sql in path: $_GET -> $_GET[\'user_id\'] (somefile.php:28:39) -> C::foo#1 (somefile.php:23:48) -> AGrandChild::loadFull#1 (somefile.php:5:60) -> A::loadFull#1 (somefile.php:24:47) -> A::loadPartial#1 (somefile.php:3:72) -> AChild::loadPartial#1 (somefile.php:6:45) -> concat (somefile.php:16:40) -> PDO::exec#1');
+        $this->expectExceptionMessage('TaintedInput - somefile.php:16:40 - Detected tainted sql in path: $_GET -> $_GET[\'user_id\'] (somefile.php:28:39) -> call to C::foo (somefile.php:28:30) -> C::foo#1 (somefile.php:23:48) -> call to AGrandChild::loadFull (somefile.php:24:47) -> AGrandChild::loadFull#1 (somefile.php:5:60) -> A::loadFull#1 (somefile.php:24:47) -> call to A::loadPartial (somefile.php:6:45) -> A::loadPartial#1 (somefile.php:3:72) -> AChild::loadPartial#1 (somefile.php:6:45) -> concat (somefile.php:16:40) -> call to PDO::exec (somefile.php:16:40) -> PDO::exec#1');
 
         $this->project_analyzer->trackTaintedInputs();