Improve backtrace of property-involved issues

vimeo · Aug 14, 2019 · 3d01708 · 3d01708
1 parent e92896f
commit 3d01708
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/src/Psalm/Internal/Analyzer/Statements/Expression/CallAnalyzer.php b/src/Psalm/Internal/Analyzer/Statements/Expression/CallAnalyzer.php
@@ -2872,11 +2872,15 @@ private static function processTaintedness(
                 $code_location
             );
 
+            $existing_sink = $codebase->taint->hasExistingSink($method_sink);
+
             foreach ($input_type->sources as $input_source) {
+                $existing_source = $codebase->taint->hasExistingSource($input_source);
+
                 if (IssueBuffer::accepts(
                     new TaintedInput(
-                        'in path ' . $codebase->taint->getPredecessorPath($input_source)
-                            . ' out path ' . $codebase->taint->getSuccessorPath($method_sink),
+                        'in path ' . $codebase->taint->getPredecessorPath($existing_source ?: $input_source)
+                            . ' out path ' . $codebase->taint->getSuccessorPath($existing_sink ?: $method_sink),
                         $code_location
                     ),
                     $statements_analyzer->getSuppressedIssues()

diff --git a/src/Psalm/Internal/Codebase/Taint.php b/src/Psalm/Internal/Codebase/Taint.php
@@ -189,11 +189,11 @@ public function getPredecessorPath(Source $source, array $visited_paths = []) :
             $location_summary = $source->code_location->getQuickSummary();
         }
 
-        if (isset($visited_paths[$source->id])) {
+        if (isset($visited_paths[$source->id . ' ' . $location_summary])) {
             return '';
         }
 
-        $visited_paths[$source->id] = true;
+        $visited_paths[$source->id . ' ' . $location_summary] = true;
 
         $source_descriptor = $source->id . ($location_summary ? ' (' . $location_summary . ')' : '');
 
@@ -221,11 +221,11 @@ public function getSuccessorPath(Sink $sink, array $visited_paths = []) : string
             $location_summary = $sink->code_location->getQuickSummary();
         }
 
-        if (isset($visited_paths[$sink->id])) {
+        if (isset($visited_paths[$sink->id . ' ' . $location_summary])) {
             return '';
         }
 
-        $visited_paths[$sink->id] = true;
+        $visited_paths[$sink->id . ' ' . $location_summary] = true;
 
         $sink_descriptor = $sink->id . ($location_summary ? ' (' . $location_summary . ')' : '');