Skip to content

Commit

Permalink
Prefer inference-placeholder over taint-escape sql (#536)
Browse files Browse the repository at this point in the history
  • Loading branch information
staabm authored Feb 22, 2023
1 parent ffb14f3 commit 2524090
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/QueryReflection/QueryReflection.php
Original file line number Diff line number Diff line change
Expand Up @@ -337,14 +337,14 @@ private function resolveQueryStringExpr(Expr $queryExpr, Scope $scope, bool $res
}

if ($queryExpr instanceof Expr\CallLike) {
if ('sql' === PhpDocUtil::matchTaintEscape($queryExpr, $scope)) {
return '1';
}

$placeholder = PhpDocUtil::matchInferencePlaceholder($queryExpr, $scope);
if (null !== $placeholder) {
return $placeholder;
}

if ('sql' === PhpDocUtil::matchTaintEscape($queryExpr, $scope)) {
return '1';
}
}

if ($queryExpr instanceof Concat) {
Expand Down
7 changes: 7 additions & 0 deletions tests/rules/UnresolvableQueryMethodRuleTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -65,4 +65,11 @@ public function testSyntaxErrorInQueryRule(): void
],
]);
}

public function testBug536(): void
{
require_once __DIR__ . '/data/bug-536.php';

$this->analyse([__DIR__ . '/data/bug-536.php'], []);
}
}
26 changes: 26 additions & 0 deletions tests/rules/data/bug-536.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
<?php

namespace Bug536;

use PDO;

function taintEscapedAndInferencePlaceholder(PDO $pdo, string $s)
{
$pdo->query('SELECT email, adaid FROM '. X::getTablePrefix('ada'), PDO::FETCH_ASSOC);
}

class X {
/**
* Returns the table prefix.
*
* @return non-empty-string
*
* @phpstandba-inference-placeholder 'ada'
* @psalm-taint-escape sql
*/
public static function getTablePrefix()
{

}

}

0 comments on commit 2524090

Please sign in to comment.