Navigation Menu

Skip to content

Commit

Permalink
Add a bit more accuracy
Browse files Browse the repository at this point in the history
  • Loading branch information
@muglug
muglug committed Jun 25, 2020
1 parent e269220 commit b8ebed0
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/Psalm/Internal/Codebase/Taint.php
View file
Expand Up @@ -245,11 +245,16 @@ private function getChildNodes(
$fetch_nesting--;
}

if ($previous_path_type === 'array-fetch') {
if (substr($previous_path_type, 0, 11) === 'array-fetch') {
$fetch_nesting++;
}

if (strpos($previous_path_type, 'array-assignment-') === 0) {
if ($fetch_nesting > 0) {
$fetch_nesting--;
continue;
}

if (substr($previous_path_type, 17) === substr($path_type, 12)) {
break;
}
Expand Down
25 changes: 25 additions & 0 deletions tests/TaintTest.php
View file
Expand Up @@ -427,6 +427,13 @@ public static function slugify(string $url) : string {
echo $m["b"];
}'
],
'taintFreeNestedArrayWithOffsetAccessedExplicitly' => [
'<?php
$a = [];
$a[] = ["a" => $_GET["name"], "b" => "foo"];
echo $a[0]["b"];',
],
];
}

Expand Down Expand Up @@ -1267,6 +1274,24 @@ public function __set(string $a, $value) {
echo $m->taint;',
'error_message' => 'TaintedInput',
],
'taintNestedArrayWithOffsetAccessedInForeach' => [
'<?php
$a = [];
$a[0] = ["a" => $_GET["name"], "b" => "foo"];
foreach ($a as $m) {
echo $m["a"];
}',
'error_message' => 'TaintedInput',
],
'taintNestedArrayWithOffsetAccessedExplicitly' => [
'<?php
$a = [];
$a[] = ["a" => $_GET["name"], "b" => "foo"];
echo $a[0]["a"];',
'error_message' => 'TaintedInput',
],
];
}
}

0 comments on commit b8ebed0

Please sign in to comment.