Set up taint analysis for pgsql functions (vimeo#4021)

I noticed that entries in InternalTaintSinkMap don't warn unless the functions are added to CallMap.php e.g. `pg_exec($conn, $_GET['query']);` (pg_exec is an alias of pg_query)
weirdan · Aug 19, 2020 · e62e964 · e62e964
1 parent 45d9ab1
commit e62e964
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/src/Psalm/Internal/CallMap.php b/src/Psalm/Internal/CallMap.php
@@ -9811,6 +9811,7 @@
 'pg_escape_literal\'1' => ['string', 'data'=>'string'],
 'pg_escape_string' => ['string', 'connection'=>'resource', 'data'=>'string'],
 'pg_escape_string\'1' => ['string', 'data'=>'string'],
+'pg_exec' => ['resource|false', 'connection'=>'resource', 'query'=>'string'],
 'pg_execute' => ['resource|false', 'connection'=>'resource', 'stmtname'=>'string', 'params'=>'array'],
 'pg_execute\'1' => ['resource|false', 'stmtname'=>'string', 'params'=>'array'],
 'pg_fetch_all' => ['array|false', 'result'=>'resource', 'result_type='=>'int'],

diff --git a/src/Psalm/Internal/InternalTaintSinkMap.php b/src/Psalm/Internal/InternalTaintSinkMap.php
@@ -17,6 +17,14 @@
 'PDO::prepare' => [['sql']],
 'PDO::query' => [['sql']],
 'PDO::exec' => [['sql']],
+'pg_exec' => [[], ['sql']],
+'pg_prepare' => [[], [], ['sql']],
+'pg_put_line' => [[], ['sql']],
+'pg_query' => [[], ['sql']],
+'pg_query_params' => [[], ['sql']],
+'pg_send_prepare' => [[], [], ['sql']],
+'pg_send_query' => [[], ['sql']],
+'pg_send_query_params' => [[], ['sql'], []],
 'setcookie' => [['text'], ['text']],
 'shell_exec' => [['shell']],
 'system' => [['shell']],