psalm icon indicating copy to clipboard operation
psalm copied to clipboard
verified publisher icon vimeo

Allow to implement custom taint type classes

Open ohader opened this issue 1 year ago • 1 comments

Instead of just having a generic TaintedCustom for custom taint - this change allows plugins/extensions to register their own custom taint type classes.

Examples

$registry = Config::getInstance()->taint_kind_registry;

$registry->defineKinds([
  'mine' => \Example\Package\TaintedMine::class,
  'yours' => \Example\Package\TaintedYours::class,
], TaintKindGroup::GROUP_INPUT);

$registry->defineGroup('my-input', 'html', 'sql', 'shell');

$registry->defineGroupProxy('input-sql', 'input', [
  'sql' => \Example\Package\TaintedSqlSecondOrder::class,
]);

$registry->getKind('html'); // returns TaintedHtml::class;
$registry->getGroupKinds('input'); // returns ['html', 'sql', ...]

Fixes: #9186

TODO

  • [x] Extend input in TaintKindGroup
  • [x] Add documentation & examples for custom taint type classes

ohader avatar Feb 22 '24 18:02 ohader

The failing BC tests are handled code-wise in those methods

  • Psalm\Codebase#addTaintSource()
  • Psalm\Codebase#addTaintSink()

ohader avatar Feb 22 '24 22:02 ohader