Skip to content

Commit

Permalink
Remove taint annotation as it could confuse
Browse files Browse the repository at this point in the history
  • Loading branch information
@muglug
muglug committed Jun 22, 2020
1 parent d462830 commit 29eb830
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions docs/security_analysis/avoiding_false_positives.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Some operations remove taints from data – for example, wrapping `$_GET['name']
Psalm allows you to remove taints via a `@psalm-taint-escape <taint-type>` annotation:

```php
<?php // trackTaints
<?php

function echoVar(string $str) : void {
/**
Expand All @@ -31,7 +31,7 @@ echoVar($_GET["text"]);
For functions, methods and classes you can use the `@psalm-taint-specialize` annotation.

```php
<?php // trackTaints
<?php

function takesInput(string $s) : string {
return $s;
Expand All @@ -44,7 +44,7 @@ echo takesInput("hello"); // Psalm detects tainted HTML here
Adding a `@psalm-taint-specialize` annotation solves the problem, by telling Psalm that each invocation of the function should be treated separately.

```php
<?php // trackTaints
<?php

/**
* @psalm-taint-specialize
Expand All @@ -60,7 +60,7 @@ echo takesInput("hello"); // No error
A specialized function or method will still track tainted input:

```php
<?php // trackTaints
<?php

/**
* @psalm-taint-specialize
Expand All @@ -78,7 +78,7 @@ Here we’re telling Psalm that a function’s taintedness is wholly depenedent
If you're familiar with [immutability in Psalm](https://psalm.dev/articles/immutability-and-beyond) then this general idea should be familiar, since a pure function is one where the output is wholly dependent on its input. Unsurprisingly, all functions marked `@psalm-pure` _also_ specialize the taintedness of their output based on input:

```php
<?php // trackTaints
<?php

/**
* @psalm-pure
Expand All @@ -96,7 +96,7 @@ echo takesInput("hello"); // No error
Just as taints can be specialized in function calls, tainted properties can also be specialized to a given class.

```php
<?php // trackTaints
<?php

class User {
public string $name;
Expand All @@ -122,7 +122,7 @@ echoUserName($user1);
Adding `@psalm-taint-specialize` to the class fixes the issue.

```php
<?php // trackTaints
<?php

/**
* @psalm-taint-specialize
Expand Down Expand Up @@ -151,7 +151,7 @@ echoUserName($user1);
And, because it’s form of purity enforcement, `@psalm-immutable` can also be used:

```php
<?php // trackTaints
<?php

/**
* @psalm-immutable
Expand Down

0 comments on commit 29eb830

Please sign in to comment.