Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibility mark all public method parameters of a class as taint source #5186

Open
ArtemGoutsoul opened this issue Feb 10, 2021 · 6 comments
Open

Possibility mark all public method parameters of a class as taint source #5186

ArtemGoutsoul opened this issue Feb 10, 2021 · 6 comments
Labels
enhancement taint analysis

Comments

@ArtemGoutsoul
Copy link
Contributor

Use case: a method is exposed as an API endpoint, i.e. all params are input taint sources.

Example suggestion:

/**
 * @psalm-taint-source input
 **/
class ApiEndpoints extends Some_Api_Abstract
{
	public funciton endPointA($param1, $param2) {}
	public funciton endPointB($param2, $param3) {}
	public funciton endPointC($param4, $param5) {}
}

This would be equivalent to marking each individual method.

Would be even better if one could mark Some_Api_Abstract as a taint source, and all child class method parameters would become taint sources.
@psalm-github-bot
Copy link

Hey @ArtemGoutsoul, can you reproduce the issue on https://psalm.dev ?

@ohader
Copy link
Contributor

ohader commented May 12, 2021

https://psalm.dev/r/fceb4efe6b

@psalm-github-bot
Copy link

I found these snippets:

https://psalm.dev/r/fceb4efe6b 
<?php // --taint-analysis

/**
 * @psalm-taint-source input
 */
class ApiEndpoints
{
	public function endPointA($param1, $param2): string {}
	public function endPointB($param2, $param3): string {}
	public function endPointC($param4, $param5): string {}
}

$subject = new ApiEndpoints();
exec($subject->endPointA('a', 'b'));
Psalm output (using commit 40bc7cf):

No issues!

@ArtemGoutsoul
Copy link
Contributor Author

I could try to write a custom plugin, but so far I was not able to find a way to start.

One could take a few approaches:

  • add input taint all params of all methods of classes extending class X - where X could be hard coded or a plugin config
  • add input taint to all params of all methods of classes marked with @psalm-taint-source input

So far I checked the following:

Should one create a class implementing \Psalm\Plugin\EventHandler\MethodParamsProviderInterface ?

Would anyone have a closer example or some more hints?

Thank you!

@orklah
Copy link
Collaborator

orklah commented May 22, 2023

I'd try to use one of those two plugin interfaces:

  • AfterClassLikeVisitInterface This one will be called after the class has been parsed. It should allow you to go change the taints in each FunctionLikeStorage created when parsing the class
  • DynamicFunctionStorageProviderInterface That one was added recently in Dynamic function storage provider #7471. It should allow you to create entire FunctionLikeStorage out of the blue with what you want

The first one will probably be simpler, but I think there's one disadvantage with the first: it's called before the cache is created (so whatever the plugin does will end up cached). That means your plugin won't be able to change things between runs that uses the cache (but it may not be an issue if you just want to add taints to every method)

@orklah
Copy link
Collaborator

orklah commented May 25, 2023

Seems like https://github.com/2e3s/psalm/blob/f70b375da3a06346d21bef8950753810b640dbb9/src/Psalm/Internal/Provider/AddRemoveTaints/HtmlFunctionTainter.php#L19

Is a better example on how to add taints

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement taint analysis
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ohader @ArtemGoutsoul @orklah