Skip to content
Permalink
Browse files

Only register taints on known magic properties

  • Loading branch information...
muglug committed Aug 6, 2019
1 parent 0dc6b74 commit 37d93141c4abb747eb3b1190f3400f3a4027fcb2
@@ -361,6 +361,8 @@ public static function analyzeInstance(
$has_regular_setter = true;
$property_exists = true;
self::taintProperty($statements_analyzer, $stmt, $property_id, $assignment_value_type);
continue;
}
}
@@ -408,8 +410,6 @@ public static function analyzeInstance(
if (!in_array('PossiblyNullReference', $suppressed_issues, true)) {
$statements_analyzer->removeSuppressedIssues(['PossiblyNullReference']);
}
self::taintProperty($statements_analyzer, $stmt, $property_id, $assignment_value_type);
}
/*
@@ -537,8 +537,6 @@ public static function analyzeInstance(
$property_id = $lhs_type_part->value . '::$' . $prop_name;
self::processTaints($statements_analyzer, $stmt, $stmt->inferredType, $property_id);
/*
* If we have an explicit list of all allowed magic properties on the class, and we're
* not in that list, fall through
@@ -668,6 +668,9 @@ public function testTaintedInputFromMagicProperty() : void
$this->addFile(
'somefile.php',
'<?php
/**
* @property string $userId
*/
class A {
/** @var array<string, string> */
private $vars = [];

0 comments on commit 37d9314

Please sign in to comment.
You can’t perform that action at this time.