•  
      request #15015 Initiate usage of Psalm taint analysis feature
    Infos
    #15015
    Thomas Gerbet (tgerbet)
    2020-11-06 17:01
    2020-06-25 09:30
    15894
    Details
    Initiate usage of Psalm taint analysis feature
    Psalm 3.11.7/3.12.0 has (officially) announced its taint analysis capability, see the introductory blogpost [0] to see what it's all about.

    The goal is going to make it usable and useful with the Tuleap codebase. This request will cover the first stage:
    * making it work
    * configuring it enough via annotations/custom plugins so we can catch straightforward SQL injections. Basically introducing issues like request #14770 must be become much harder for the developer
    * adding it somewhere in a CI pipeline



    [0] https://psalm.dev/articles/detect-security-vulnerabilities-with-psalm
    Dev tools
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-10-15
    Attachments
    Empty
    References
    Referencing request #15015

    Git commit

    tuleap/tuleap/stable

    Follow-ups