Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:106628 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 92218 invoked from network); 15 Aug 2019 21:14:24 -0000 Received: from unknown (HELO mail-yb1-f181.google.com) (209.85.219.181) by pb1.pair.com with SMTP; 15 Aug 2019 21:14:24 -0000 Received: by mail-yb1-f181.google.com with SMTP id u32so1132088ybi.12 for ; Thu, 15 Aug 2019 11:43:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PQH94pbQFPFEovNF4GGlbItaQzSyQ5qIyY+0654DNWA=; b=au3L/zDyQQttxP8oXgGriVf80bEsTAsixm1c0AxLN2Votrv1bM5/5tsrordVhwtKR1 gK3HrypjosLyfsXWTDSVAxy699s3qIhiQ4KH09/4TYyHe3RarC0RtwYJ+BQFXDF5h9yl NCaO8UwLboh2sp814m9Ta21UHYM3eadmH4juiTAceZL/oKoklnaFnErS8oaNjpm//O7O ckzwDJWFVO061azcQQXzzQFz6vLmSSUSSx2W9fE5bj/Vld8dE1Gxlb75UwlTpvoXmS6X lKoUB86qcRI0E1Zooj7giF8pdmAsMLI3m8DMKq7pEyLz8mGyI1lquDhAudaACd4iCrhu 8FOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PQH94pbQFPFEovNF4GGlbItaQzSyQ5qIyY+0654DNWA=; b=eGpcW6oQOp0mW3bOxAklibRghzzdOtr/hOgyxIdeUoO9044LM4/2pp0k6CNxAQwqsZ efWtXYVGGiAkzNk6KE0mzqwQB+N10/i0J89IUfJn8vCXTv7Ja7mxfzJ/ZBIUbjtPP7nv OWDIM/JcupUKC/YXB/cskv6BxF5tgfontWH5HKYK9HkiHa61a+qHetj12mFTzYzCDEMm 0TJnv1ayhQCWhBdXVPOAoe9vIpimNG2W9bmdIVNG0xq3Y3ge4uUZIEehppS1WW3DhNNx LpLUajJArT5XostSHrsuwijDNUOV08ajyzohJY698EK6LJy5vn5T6DDRc/9udfUxeM/u WriA== X-Gm-Message-State: APjAAAUkswka7YrQtn2wXmPiNdwuE7/6Nj29Ant2bN1s+U9GDhToPVJN 1+lITmMIr3BPKmaIduLnDlpHKeoDq03Qpq2Lrwg= X-Google-Smtp-Source: APXvYqwogcaSL9+yAwseI4L5mE1Qvp0aEpeRL24FH9AeONI6+68ReO6g+UUFFKG7kufrOnV/iacBbPECFyfAQ2pfSTI= X-Received: by 2002:a25:e08d:: with SMTP id x135mr4643055ybg.239.1565894601351; Thu, 15 Aug 2019 11:43:21 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 15 Aug 2019 14:43:10 -0400 Message-ID: To: Craig Francis Cc: PHP internals Content-Type: multipart/alternative; boundary="0000000000007829ac05902c3ff4" Subject: Re: [PHP-DEV] Literal / Taint checking From: matthewmatthew@gmail.com (Matthew Brown) --0000000000007829ac05902c3ff4 Content-Type: text/plain; charset="UTF-8" There are already some userland taint-checking solutions for PHP e.g. the Phan taint-check plugin from MediaWiki: https://www.mediawiki.org/wiki/Phan-taint-check-plugin I'm working on my own userland solution, too (based on Facebook's approach). Demo is here: https://psalm.dev/r/ebb9522fea --0000000000007829ac05902c3ff4--