|
1
|
|
|
<?php |
|
2
|
|
|
namespace Psalm\Issue; |
|
3
|
|
|
|
|
4
|
|
|
use Psalm\Internal\Analyzer\TaintNodeData; |
|
5
|
|
|
use Psalm\CodeLocation; |
|
6
|
|
|
|
|
7
|
|
|
class TaintedInput extends CodeIssue |
|
8
|
|
|
{ |
|
9
|
|
|
const ERROR_LEVEL = -2; |
|
10
|
|
|
const SHORTCODE = 205; |
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* @var string |
|
14
|
|
|
* @readonly |
|
15
|
|
|
*/ |
|
16
|
|
|
public $journey_text; |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* @var list<array{location: ?CodeLocation, label: string, entry_path_type: string}> |
|
20
|
|
|
* @readonly |
|
21
|
|
|
*/ |
|
22
|
|
|
public $journey = []; |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* @param string $message |
|
26
|
|
|
* @param CodeLocation $code_location |
|
27
|
|
|
* @param list<array{location: ?CodeLocation, label: string, entry_path_type: string}> $journey |
|
28
|
|
|
*/ |
|
29
|
|
|
public function __construct( |
|
30
|
|
|
$message, |
|
31
|
|
|
CodeLocation $code_location, |
|
32
|
|
|
array $journey, |
|
33
|
|
|
string $journey_text |
|
34
|
|
|
) { |
|
35
|
|
|
parent::__construct($message, $code_location); |
|
36
|
|
|
|
|
37
|
|
|
$this->journey = $journey; |
|
38
|
|
|
$this->journey_text = $journey_text; |
|
39
|
|
|
} |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* @return list<TaintNodeData|array{label: string, entry_path_type: string}> |
|
|
|
|
|
|
43
|
|
|
*/ |
|
44
|
|
|
public function getTaintTrace() |
|
45
|
|
|
{ |
|
46
|
|
|
$nodes = []; |
|
47
|
|
|
|
|
48
|
|
|
foreach ($this->journey as ['location' => $location, 'label' => $label, 'entry_path_type' => $path_type]) { |
|
49
|
|
|
if ($location) { |
|
50
|
|
|
$nodes[] = self::nodeToTaintNodeData($location, $label, $path_type); |
|
|
|
|
|
|
51
|
|
|
} else { |
|
52
|
|
|
$nodes[] = ['label' => $label, 'entry_path_type' => $path_type]; |
|
53
|
|
|
} |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
return $nodes; |
|
57
|
|
|
} |
|
58
|
|
|
|
|
59
|
|
|
private static function nodeToTaintNodeData( |
|
60
|
|
|
CodeLocation $location, |
|
61
|
|
|
string $label, |
|
62
|
|
|
string $entry_path_type |
|
63
|
|
|
) : TaintNodeData { |
|
64
|
|
|
$selection_bounds = $location->getSelectionBounds(); |
|
65
|
|
|
$snippet_bounds = $location->getSnippetBounds(); |
|
66
|
|
|
|
|
67
|
|
|
return new TaintNodeData( |
|
68
|
|
|
$label, |
|
69
|
|
|
$entry_path_type, |
|
70
|
|
|
null, |
|
71
|
|
|
$location->getLineNumber(), |
|
72
|
|
|
$location->getEndLineNumber(), |
|
73
|
|
|
$location->file_name, |
|
74
|
|
|
$location->file_path, |
|
75
|
|
|
$location->getSnippet(), |
|
76
|
|
|
$location->getSelectedText(), |
|
77
|
|
|
$selection_bounds[0], |
|
78
|
|
|
$selection_bounds[1], |
|
79
|
|
|
$snippet_bounds[0], |
|
80
|
|
|
$snippet_bounds[1], |
|
81
|
|
|
$location->getColumn(), |
|
82
|
|
|
$location->getEndColumn() |
|
83
|
|
|
); |
|
84
|
|
|
} |
|
85
|
|
|
|
|
86
|
|
|
public function getJourneyMessage() : string |
|
87
|
|
|
{ |
|
88
|
|
|
return $this->message . ' in path: ' . $this->journey_text; |
|
89
|
|
|
} |
|
90
|
|
|
} |
|
91
|
|
|
|
vimeo /
psalm
Loading history...
This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types.