For the taint-check plugin, whenever we find a method call I'd like to check if that method is subclassed somewhere, and merge any information from the child classes. That is, for the following code:
class Main {
function doFoo() {
echo $this->getBaz();
}
function getBaz() {
return 'x';
}
}
class Child extends Main {
function getBaz() {
return $_GET['x'];
}
}
when the call to getBaz is found, I'd like to get a list of overrides (in this case, Child::getBaz) so I can use their information and, in this specific example, report that an unsafe value is being output.
However, I couldn't find any API to retrieve a list of overrides, or even a list of subclasses of a given class. Is this something that phan stores internally, or would be possible to add?
A quick experiment on phan demo seems to suggest that phan doesn't use info from method overrides either.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4