[TAINT] report invalid `psalm-taint-sink` #7046

staabm · 2021-12-02T14:20:34Z

would be great, psalm would error when using psalm-taint-sink without providing the param name.

this should error

/**
 * @psalm-taint-sink sql
 */
fuction query($query) {
}

because it is missing the $query:

done right it would be:

/**
 * @psalm-taint-sink sql $query
 */
fuction query($query) {
}

I feel from a DX perspective it should be handled similar to forgetting the parameter reference in a @param

The text was updated successfully, but these errors were encountered:

orklah · 2021-12-02T18:14:34Z

That should be easy to change here:

Line 210 in a2d6861

if (count($param_parts) >= 2) {

You should be able to throw a IncorrectDocblockException here to make sure this case doesn't happen

staabm · 2021-12-02T19:14:36Z

Will send a PR tomorrow

weirdan · 2024-02-12T03:00:37Z

Will send a PR tomorrow

@staabm It must have been lost somewhere; feel free to resend 😁

staabm · 2024-02-12T09:47:47Z

thanks for the reminder

;-)

weirdan added enhancement taint analysis labels Dec 2, 2021

orklah added the Help wanted label Dec 2, 2021

staabm mentioned this issue Feb 12, 2024

Report invalid number of arguments for psalm-taint-* #10699

Merged

weirdan closed this as completed in #10699 Feb 13, 2024

Provide feedback