I'm trying to use Psalm to detect SQL Injections. I have the following code :
$pdo = new PDO("mysql:host=db;dbname=tp;port=3306", "user", "password");;
// VULNERABLE CODE - direct string concatenation in query
$userId = $_GET['id']; // User input from URL parameter
// Vulnerable query without parameterization
$query = "SELECT * FROM users WHERE id = " . $userId;
$result = $pdo->query($query);
echo "<pre>";
var_dump($result->fetchAll());
echo "</pre>";
die();
And I run the following command to scan (I have no config file)
vendor/bin/psalm --taint-analysis ./src/index.php
But no error is found...
Your Common Sense
158k42 gold badges226 silver badges374 bronze badges
asked Mar 13, 2025 at 20:10
Arthur Eudeline
6871 gold badge5 silver badges18 bronze badges
-
psalm.dev/docs/security_analysis/#debugging-the-taint-graph may be useful to see what the taint analysis did. Also did you PDO's query() method as a taint sink in the annotations? I don't know the tool well but from the docs I don't get the impression it's there by defaultADyson– ADyson2025年03月13日 20:15:22 +00:00Commented Mar 13, 2025 at 20:15
-
Thanks for your answer, I tried to generate the graph but it does not help very much. Also, according to the docs it should be detected by default but idk why it does not psalm.dev/articles/detect-security-vulnerabilities-with-psalmArthur Eudeline– Arthur Eudeline2025年03月13日 20:45:56 +00:00Commented Mar 13, 2025 at 20:45
1 Answer 1
I edited the config file psalm.xml
On
psalmtag I added the attributerunTaintAnalysis="true"I enabled the
pdoextension (<enableExtensions><extension name="pdo" /></enableExtensions>
<?xml version="1.0"?>
<!-- Add runTaintAnalysis -->
<psalm
errorLevel="1"
resolveFromConfigFile="true"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://getpsalm.org/schema/config"
xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
findUnusedBaselineEntry="true"
findUnusedCode="true"
runTaintAnalysis="true"
>
<projectFiles>
<directory name="src" />
<ignoreFiles>
<directory name="vendor" />
</ignoreFiles>
</projectFiles>
<!-- Important -->
<enableExtensions>
<extension name="pdo" />
</enableExtensions>
</psalm>
And now I just run the commande like so
vendor/bin/psalm
Found randomly in the config file reference https://psalm.dev/docs/running_psalm/configuration/#enableextensions
answered Mar 13, 2025 at 21:10
Arthur Eudeline
6871 gold badge5 silver badges18 bronze badges
Sign up to request clarification or add additional context in comments.
Comments
Explore related questions
See similar questions with these tags.
default