Skip to content

Latest commit

 

History

History
20 lines (16 loc) · 390 Bytes

TaintedUserSecret.md

File metadata and controls

20 lines (16 loc) · 390 Bytes

TaintedUserSecret

Emitted when tainted input detection is turned on and data marked as a user secret is detected somewhere it shouldn’t be.

<?php

class User {
    /**
     * @psalm-taint-source user_secret
     */
    public function getPassword() : string {
        return "$omePa$$word";
    }
}

function showUserPassword(User $user) {
    echo $user->getPassword();
}