Add $_REQUEST as a taint source

Ref #3636
vimeo · Jun 22, 2020 · 7f05b3c · 7f05b3c
1 parent f2f5606
commit 7f05b3c
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/VariableFetchAnalyzer.php b/src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/VariableFetchAnalyzer.php
@@ -361,7 +361,11 @@ private static function taintVariable(
         $codebase = $statements_analyzer->getCodebase();
 
         if ($codebase->taint && $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())) {
-            if ($var_name === '$_GET' || $var_name === '$_POST' || $var_name === '$_COOKIE') {
+            if ($var_name === '$_GET'
+                || $var_name === '$_POST'
+                || $var_name === '$_COOKIE'
+                || $var_name === '$_REQUEST'
+            ) {
                 $taint_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
 
                 $server_taint_source = new Source(