Skip to content

Commit

Permalink
Merge pull request #10154 from cgocast/5.x
Browse files Browse the repository at this point in the history
  • Loading branch information
@weirdan
weirdan committed Aug 27, 2023
2 parents 55fb269 + bb90299 commit 77436b1
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
3 changes: 2 additions & 1 deletion stubs/Reflection.phpstub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ class ReflectionClass implements Reflector {
/**
* @param T|class-string<T>|interface-string<T>|trait-string|enum-string<T> $argument
* @psalm-pure
* @psalm-taint-sink callable $argument
*/
public function __construct($argument) {}

Expand Down Expand Up @@ -424,7 +425,7 @@ class ReflectionFunction extends ReflectionFunctionAbstract
{
/**
* @param callable-string|Closure $function
*
* @psalm-taint-sink callable $function
* @psalm-pure
*/
public function __construct(callable $function) {}
Expand Down
14 changes: 14 additions & 0 deletions tests/TaintTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2489,6 +2489,20 @@ public static function getPrevious(string $s): string {
echo pg_escape_string($conn, $_GET["a"]);',
'error_message' => 'TaintedHtml',
],
'taintedReflectionClass' => [
'code' => '<?php
$name = $_GET["name"];
$reflector = new ReflectionClass($name);
$reflector->newInstance();',
'error_message' => 'TaintedCallable',
],
'taintedReflectionFunction' => [
'code' => '<?php
$name = $_GET["name"];
$function = new ReflectionFunction($name);
$function->invoke();',
'error_message' => 'TaintedCallable',
],
];
}

Expand Down

0 comments on commit 77436b1

Please sign in to comment.