[tainting] stub ParameterBag to provide taint information for Symfony 3/4/5.0 (#103)

micheh · web-flow · commit 9117ebb75991 · 2020-12-05T17:23:27.000+03:00
diff --git a/src/Stubs/5/InputBag.stubphp b/src/Stubs/5/InputBag.stubphp
@@ -10,6 +10,18 @@ final class InputBag extends ParameterBag
      * @template D of string|null
      * @psalm-param D $default
      * @psalm-return string|D
+     * @psalm-taint-source input
      */
     public function get(string $key, $default = null) {}
+
+    /**
+     * Returns the parameters.
+     *
+     * @param string|null $key The name of the parameter to return or null to get them all
+     *
+     * @return array An array of parameters
+     *
+     * @psalm-taint-source input
+     */
+    public function all(string $key = null) {}
 }
diff --git a/src/Stubs/common/ParameterBag.stubphp b/src/Stubs/common/ParameterBag.stubphp
@@ -2,15 +2,15 @@
 
 namespace Symfony\Component\HttpFoundation;
 
-final class InputBag extends ParameterBag
+class ParameterBag implements \IteratorAggregate, \Countable
 {
     /**
-     * Returns a string input value by name.
+     * Returns a parameter by name.
      *
-     * @param string|null $default The default value if the input key does not exist
-     *
-     * @return string|null
+     * @param string $key     The key
+     * @param mixed  $default The default value if the parameter key does not exist
      *
+     * @return mixed
      * @psalm-taint-source input
      */
     public function get(string $key, $default = null) {}
diff --git a/tests/acceptance/acceptance/Tainting.feature b/tests/acceptance/acceptance/Tainting.feature
@@ -24,7 +24,6 @@ Feature: Tainting
       """
 
   Scenario Outline: One parameter of the Request's request/query/cookies is printed in the body of a Response object
-    Given I have the "symfony/framework-bundle" package satisfying the "^5.1"
     And I have the following code
       """
       class MyController
@@ -48,7 +47,6 @@ Feature: Tainting
       | ->cookies |
 
   Scenario Outline: All parameters of the Request's request/query/cookies are exported in the body of a Response object
-    Given I have the "symfony/framework-bundle" package satisfying the "^5.1"
     And I have the following code
       """
       class MyController

Original file line number	Diff line number	Diff line change
`@@ -2,15 +2,15 @@`
`2`	`2`
`3`	`3`	`namespace Symfony\Component\HttpFoundation;`
`4`	`4`
`5`		`-final class InputBag extends ParameterBag`
	`5`	`+class ParameterBag implements \IteratorAggregate, \Countable`
`6`	`6`	`{`
`7`	`7`	`/**`
`8`		`- * Returns a string input value by name.`
	`8`	`+ * Returns a parameter by name.`
`9`	`9`	`*`
`10`		`- * @param string\|null $default The default value if the input key does not exist`
`11`		`- *`
`12`		`- * @return string\|null`
	`10`	`+ * @param string $key The key`
	`11`	`+ * @param mixed $default The default value if the parameter key does not exist`
`13`	`12`	`*`
	`13`	`+ * @return mixed`
`14`	`14`	`* @psalm-taint-source input`
`15`	`15`	`*/`
`16`	`16`	`public function get(string $key, $default = null) {}`