Skip to content
Permalink
Browse files

Fix taint records

  • Loading branch information...
muglug committed Aug 14, 2019
1 parent 01c876e commit e92896f14501e79d7e20f9b682f8ac62455be1f2
@@ -967,18 +967,18 @@ private static function taintProperty(
$method_sink->taint = $assignment_value_type->tainted;
}
if ($codebase->taint->hasPreviousSink($method_sink)) {
if ($child_sink = $codebase->taint->hasPreviousSink($method_sink)) {
if ($assignment_value_type->sources) {
$codebase->taint->addSinks(
$statements_analyzer,
\array_map(
function (Source $assignment_source) use ($method_sink) {
function (Source $assignment_source) use ($child_sink) {
$new_sink = new Sink(
$assignment_source->id,
$assignment_source->code_location
);
$new_sink->children = [$method_sink];
$new_sink->children = [$child_sink];
return $new_sink;
},
@@ -2792,9 +2792,9 @@ private static function processTaintedness(
$code_location
);
$found_sink = null;
$child_sink = null;
if (($function_param->sink || ($found_sink = $codebase->taint->hasPreviousSink($method_sink)))
if (($function_param->sink || ($child_sink = $codebase->taint->hasPreviousSink($method_sink)))
&& $input_type->sources
) {
$all_possible_sinks = [];
@@ -2809,7 +2809,7 @@ private static function processTaintedness(
$source->code_location
);
$base_sink->children = [$method_sink];
$base_sink->children = [$child_sink ?: $method_sink];
$all_possible_sinks[] = $base_sink;
@@ -2830,9 +2830,9 @@ private static function processTaintedness(
null
);
$new_sink->children = [$method_sink];
$new_sink->children = [$child_sink ?: $method_sink];
$new_sink->taint = $found_sink ? $found_sink->taint : $function_param->sink;
$new_sink->taint = $child_sink ? $child_sink->taint : $function_param->sink;
$all_possible_sinks[] = $new_sink;
}
@@ -2846,8 +2846,8 @@ private static function processTaintedness(
null
);
$new_sink->taint = $found_sink ? $found_sink->taint : $function_param->sink;
$new_sink->children = [$method_sink];
$new_sink->taint = $child_sink ? $child_sink->taint : $function_param->sink;
$new_sink->children = [$child_sink ?: $method_sink];
$all_possible_sinks[] = $new_sink;
}
@@ -2893,7 +2893,7 @@ private static function processTaintedness(
}
foreach ($input_type->sources as $type_source) {
if ($codebase->taint->hasPreviousSource($type_source) || $input_type->tainted) {
if (($previous_source = $codebase->taint->hasPreviousSource($type_source)) || $input_type->tainted) {
if ($function_is_pure) {
$method_source = Source::getForMethodArgument(
$cased_method_id,
@@ -2909,7 +2909,7 @@ private static function processTaintedness(
);
}
$method_source->parents = [$type_source];
$method_source->parents = [$previous_source ?: $type_source];
$codebase->taint->addSources(
$statements_analyzer,
@@ -187,14 +187,14 @@ public function getPredecessorPath(Source $source, array $visited_paths = []) :
if ($source->code_location) {
$location_summary = $source->code_location->getQuickSummary();
}
if (isset($visited_paths[$location_summary])) {
return '';
}
$visited_paths[$location_summary] = true;
if (isset($visited_paths[$source->id])) {
return '';
}
$visited_paths[$source->id] = true;
$source_descriptor = $source->id . ($location_summary ? ' (' . $location_summary . ')' : '');
$previous_source = $source->parents[0] ?? null;
@@ -219,14 +219,14 @@ public function getSuccessorPath(Sink $sink, array $visited_paths = []) : string
if ($sink->code_location) {
$location_summary = $sink->code_location->getQuickSummary();
}
if (isset($visited_paths[$location_summary])) {
return '';
}
$visited_paths[$location_summary] = true;
if (isset($visited_paths[$sink->id])) {
return '';
}
$visited_paths[$sink->id] = true;
$sink_descriptor = $sink->id . ($location_summary ? ' (' . $location_summary . ')' : '');
$next_sink = $sink->children[0] ?? null;
@@ -239,7 +239,7 @@ public function exec(string $sql) : void {}
public function testTaintedInputFromParam()
{
$this->expectException(\Psalm\Exception\CodeException::class);
$this->expectExceptionMessage('TaintedInput');
$this->expectExceptionMessage('TaintedInput - somefile.php:8:48 - in path $_GET (somefile.php:4) -> a::getuserid (somefile.php:3) out path a::getuserid (somefile.php:8) -> a::getappendeduserid (somefile.php:12) -> a::deleteuser#2 (somefile.php:16) -> pdo::exec#1 (somefile.php:17)');
$this->project_analyzer->trackTaintedInputs();
@@ -376,7 +376,7 @@ public function deleteUser(PDO $pdo, string $userId) : void {
public function testTaintedInputToParamAlternatePath()
{
$this->expectException(\Psalm\Exception\CodeException::class);
$this->expectExceptionMessage('TaintedInput');
$this->expectExceptionMessage('TaintedInput - somefile.php:7:29 - in path $_GET (somefile.php:7) -> a::getappendeduserid#1 (somefile.php:7) -> a::getappendeduserid (somefile.php:11) -> a::deleteuser#3 (somefile.php:7) out path a::deleteuser#3 (somefile.php:19) -> pdo::exec#1 (somefile.php:23)');
$this->project_analyzer->trackTaintedInputs();
@@ -419,7 +419,7 @@ public function deleteUser(PDO $pdo, string $userId, string $userId2) : void {
public function testTaintedInParentLoader()
{
$this->expectException(\Psalm\Exception\CodeException::class);
$this->expectExceptionMessage('TaintedInput');
$this->expectExceptionMessage('TaintedInput - somefile.php:23:48 - in path $_GET (somefile.php:28) -> c::foo#1 (somefile.php:28) out path c::foo#1 (somefile.php:23) -> agrandchild::loadfull#1 (somefile.php:6) -> a::loadpartial#1 (somefile.php:16) -> pdo::exec#1 (somefile.php:16)');
$this->project_analyzer->trackTaintedInputs();

0 comments on commit e92896f

Please sign in to comment.
You can’t perform that action at this time.