-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathGenericSecurityCheckPlugin.php
More file actions
48 lines (42 loc) · 1.13 KB
/
GenericSecurityCheckPlugin.php
File metadata and controls
48 lines (42 loc) · 1.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
declare( strict_types = 1 );
/**
* This is phan plugin to provide security static analysis checks for php
*
* If your project has functions/methods whose output you
* specifically need to mark tainted, then you probably
* want to make your own subclass of SecurityCheckPlugin
* and override getCustomFuncTaint().
*
* See MediaWikiSecurityCheckPlugin for an example of that.
*
* To use, add this file to the list of your phan plugins.
*
* Copyright (C) 2017 Brian Wolff <bawolff@gmail.com>
*
* @license GPL-2.0-or-later
*/
use SecurityCheckPlugin\PreTaintednessVisitor;
use SecurityCheckPlugin\SecurityCheckPlugin;
use SecurityCheckPlugin\TaintednessVisitor;
class GenericSecurityCheckPlugin extends SecurityCheckPlugin {
/**
* @inheritDoc
*/
public static function getPostAnalyzeNodeVisitorClassName(): string {
return TaintednessVisitor::class;
}
/**
* @inheritDoc
*/
public static function getPreAnalyzeNodeVisitorClassName(): string {
return PreTaintednessVisitor::class;
}
/**
* @inheritDoc
*/
protected function getCustomFuncTaints(): array {
return [];
}
}
return new GenericSecurityCheckPlugin;