Skip to content

Commit 8dff57a

Browse files
committed
fix: mark systemconfig value as not being tainted because they are implicitly trusted
Signed-off-by: Robin Appelman <robin@icewind.nl>
1 parent 4bd20a7 commit 8dff57a

File tree

1 file changed

+19
-1
lines changed

1 file changed

+19
-1
lines changed

lib/private/SystemConfig.php

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -114,6 +114,24 @@ public function __construct(
114114
) {
115115
}
116116

117+
/**
118+
* Since system config is admin controlled, we can tell psalm to ignore any taint
119+
*
120+
* @psalm-taint-escape sql
121+
* @psalm-taint-escape html
122+
* @psalm-taint-escape ldap
123+
* @psalm-taint-escape callable
124+
* @psalm-taint-escape file
125+
* @psalm-taint-escape ssrf
126+
* @psalm-taint-escape cookie
127+
* @psalm-taint-escape header
128+
* @psalm-taint-escape has_quotes
129+
* @psalm-pure
130+
*/
131+
public static function trustSystemConfig(mixed $value): mixed {
132+
return $value;
133+
}
134+
117135
/**
118136
* Lists all available config keys
119137
* @return array an array of key names
@@ -150,7 +168,7 @@ public function setValues(array $configs) {
150168
* @return mixed the value or $default
151169
*/
152170
public function getValue($key, $default = '') {
153-
return $this->config->getValue($key, $default);
171+
return $this->trustSystemConfig($this->config->getValue($key, $default));
154172
}
155173

156174
/**

0 commit comments

Comments
 (0)