fix: mark systemconfig value as not being tainted because they are im…

…plicitly trusted Signed-off-by: Robin Appelman <robin@icewind.nl>
nextcloud · Aug 22, 2024 · 8dff57a · 8dff57a
1 parent 4bd20a7
commit 8dff57a
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/lib/private/SystemConfig.php b/lib/private/SystemConfig.php
@@ -114,6 +114,24 @@ public function __construct(
 	) {
 	}
 
+	/**
+	 * Since system config is admin controlled, we can tell psalm to ignore any taint
+	 *
+	 * @psalm-taint-escape sql
+	 * @psalm-taint-escape html
+	 * @psalm-taint-escape ldap
+	 * @psalm-taint-escape callable
+	 * @psalm-taint-escape file
+	 * @psalm-taint-escape ssrf
+	 * @psalm-taint-escape cookie
+	 * @psalm-taint-escape header
+	 * @psalm-taint-escape has_quotes
+	 * @psalm-pure
+	 */
+	public static function trustSystemConfig(mixed $value): mixed {
+		return $value;
+	}
+
 	/**
 	 * Lists all available config keys
 	 * @return array an array of key names
@@ -150,7 +168,7 @@ public function setValues(array $configs) {
 	 * @return mixed the value or $default
 	 */
 	public function getValue($key, $default = '') {
-		return $this->config->getValue($key, $default);
+		return $this->trustSystemConfig($this->config->getValue($key, $default));
 	}
 
 	/**