From f41deeab0a45f80c80ebc7c6666b4a12fef6e923 Mon Sep 17 00:00:00 2001 From: Matt Brown Date: Sun, 28 Mar 2021 13:14:35 -0400 Subject: [PATCH] Taint through reset call --- .../ArrayPointerAdjustmentReturnTypeProvider.php | 9 +++++++++ tests/TaintTest.php | 11 +++++++++++ 2 files changed, 20 insertions(+) diff --git a/src/Psalm/Internal/Provider/ReturnTypeProvider/ArrayPointerAdjustmentReturnTypeProvider.php b/src/Psalm/Internal/Provider/ReturnTypeProvider/ArrayPointerAdjustmentReturnTypeProvider.php index 407d675b669..ecaae2f24fd 100644 --- a/src/Psalm/Internal/Provider/ReturnTypeProvider/ArrayPointerAdjustmentReturnTypeProvider.php +++ b/src/Psalm/Internal/Provider/ReturnTypeProvider/ArrayPointerAdjustmentReturnTypeProvider.php @@ -3,6 +3,7 @@ use PhpParser; use Psalm\Plugin\EventHandler\Event\FunctionReturnTypeProviderEvent; +use Psalm\Internal\Analyzer\Statements\Expression\Fetch\ArrayFetchAnalyzer; use Psalm\Type; class ArrayPointerAdjustmentReturnTypeProvider implements \Psalm\Plugin\EventHandler\FunctionReturnTypeProviderInterface @@ -77,6 +78,14 @@ public static function getFunctionReturnType(FunctionReturnTypeProviderEvent $ev } } + ArrayFetchAnalyzer::taintArrayFetch( + $statements_source, + $first_arg, + null, + $value_type, + Type::getMixed() + ); + return $value_type; } } diff --git a/tests/TaintTest.php b/tests/TaintTest.php index 5a9d0b47710..d8624b3efd6 100644 --- a/tests/TaintTest.php +++ b/tests/TaintTest.php @@ -2122,6 +2122,17 @@ function doTheMagic(array $values) {} doTheMagic([(string)$_GET["bad"] => "foo"]);', 'error_message' => 'TaintedHtml', ], + 'taintThroughReset' => [ + ' 'TaintedHtml', + ], /* // TODO: Stubs do not support this type of inference even with $this->message = $message. // Most uses of getMessage() would be with caught exceptions, so this is not representative of real code.