Skip to content

Commit

Permalink
#10117 New sinks for TaintedCallable
Browse files Browse the repository at this point in the history
  • Loading branch information
cgocast committed Aug 22, 2023
1 parent 948dd1a commit cab2379
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
3 changes: 2 additions & 1 deletion stubs/Reflection.phpstub
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ class ReflectionClass implements Reflector {

/**
* @param T|class-string<T>|interface-string<T>|trait-string|enum-string<T> $argument
* @psalm-taint-sink callable $argument
* @psalm-pure
*/
public function __construct($argument) {}
Expand Down Expand Up @@ -424,7 +425,7 @@ class ReflectionFunction extends ReflectionFunctionAbstract
{
/**
* @param callable-string|Closure $function
*
* @psalm-taint-sink callable $function
* @psalm-pure
*/
public function __construct(callable $function) {}
Expand Down
14 changes: 14 additions & 0 deletions tests/TaintTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -2489,6 +2489,20 @@ public static function getPrevious(string $s): string {
echo pg_escape_string($conn, $_GET["a"]);',
'error_message' => 'TaintedHtml',
],
'taintedReflectionClass' => [
'code' => '<?php
$name = $_GET["name"];
$reflector = new ReflectionClass($name);
$reflector->newInstance();',
'error_message' => 'TaintedCallable',
],
'taintedReflectionFunction' => [
'code' => '<?php
$name = $_GET["name"];
$function = new ReflectionFunction($name);
$function->invoke();',
'error_message' => 'TaintedCallable',
],
];
}

Expand Down

0 comments on commit cab2379

Please sign in to comment.