We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://psalm.dev/r/8fa14c18fc
Related aspects:
The text was updated successfully, but these errors were encountered:
I found these snippets:
<?php // --taint-analysis function main() { $value = $_GET['value']; // using `(int)$_GET['value']` works, avoids "tainted SQL" $result = fetch($value); } // `int` type not considered, still "tainted SQL" function fetch(int $id): string { // `(int)` cast not considered, still "tainted SQL" return query('SELECT ... FROM ... WHERE id=' . (int)$id); } /** * @return string * @psalm-taint-sink sql $sql * @psalm-taint-specialize */ function query(string $sql) {}
Psalm output (using commit 55b2b6b): ERROR: TaintedSql - 19:23 - Detected tainted SQL
Sorry, something went wrong.
I've just added some tests to reproduce this behavior in #6992:
function fetch(int $id): string { return query("SELECT * FROM table WHERE id=" . $id); }
function fetch($id): string { return query("SELECT * FROM table WHERE id=" . (int)$id); }
Successfully merging a pull request may close this issue.
https://psalm.dev/r/8fa14c18fc
Related aspects:
The text was updated successfully, but these errors were encountered: