Merge pull request #6810 from orklah/castArrayTaints

Array cast pass taints
vimeo · Nov 4, 2021 · bf99345 · bf99345
2 parents c2b14e2 + 24137bd
commit bf99345
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/src/Psalm/Internal/Analyzer/Statements/Expression/CastAnalyzer.php b/src/Psalm/Internal/Analyzer/Statements/Expression/CastAnalyzer.php
@@ -232,8 +232,7 @@ public static function analyze(
                 $type = Type::getArray();
             }
 
-            if ($statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\VariableUseGraph
-            ) {
+            if ($statements_analyzer->data_flow_graph) {
                 $type->parent_nodes = $stmt_expr_type->parent_nodes ?? [];
             }
 

diff --git a/tests/TaintTest.php b/tests/TaintTest.php
@@ -2190,6 +2190,16 @@ function foo(array $arr) : void {
                 'error_message' => 'TaintedHtml',
             ],
             */
+            'castToArrayPassTaints' => [
+                '<?php
+                    $args = $_POST;
+
+                    $args = (array) $args;
+
+                    pg_query($connection, "SELECT * FROM tableA where key = " .$args["key"]);
+                    ',
+                'error_message' => 'TaintedSql',
+            ],
         ];
     }