Psalm: Tainting with filter_vars and array_map
<?php
$get = $_GET;
echo $get["test"];
gives an error (OK):
ERROR: TaintedInput - src/index.php:5:6 - Detected tainted html in path: $_GET -> $get (src/index.php:3:1) -> $get['test'] (src/index.php:5:6) -> call to echo (src/index.php:5:6) -> echo#1 (see https://psalm.dev/205)
echo $get["test"];
<?php
$get = array_map('trim', $_GET);
echo $get["test"];
gives no tainting error (FAIL)
version used: psalm 3.12.1
bug
thomasbley
All 5 comments
Hey @thomasbley, can you reproduce the issue on https://psalm.dev ?
![psalm-github-bot[bot] picture](https://avatars0.githubusercontent.com/in/48546?v=4&s=40)
psalm-github-bot[bot]
on 25 Jun 2020
can you reproduce the issue on https://psalm.dev ?
No, seems taint-analysis is not enabled there and settings have no option to enable it.
thomasbley
on 25 Jun 2020
also:
<?php
$get = filter_var($_GET, FILTER_CALLBACK, ['options' => 'trim']);
echo $get["test"];
gives no tainting error (FAIL)
thomasbley
on 25 Jun 2020
FYI you can append a comment to the header on psalm.dev: https://psalm.dev/r/cb40a74129
muglug
on 25 Jun 2020
👍2
I found these snippets:
https://psalm.dev/r/cb40a74129
<?php // --taint-analysis
$get = array_map('trim', $_GET);
echo $get["test"];
Psalm output (using commit f458959):
No issues!
Was this page helpful?
0 / 5 - 0 ratings
Related issues
muglug
路
3Comments
tux-rampage
路
3Comments
greg0ire
路
3Comments
roukmoute
路
3Comments
SignpostMarv
路
3Comments
Most helpful comment
FYI you can append a comment to the header on psalm.dev: https://psalm.dev/r/cb40a74129