taint-analysis

per phpstan/phpstan-src#914 (comment) file is optional

Originally posted by @staabm in vimeo/psalm#7798 (comment)

@staabm staabm 4 days ago

and class can be narrowed to class-string.

let me steal this more precise t

I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue 👍

Let me know if you would like any help in implementing.

Description

BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.

Code

import org.apache.commons.beanutils.BeanUtils;

public

Polybuild was taken by the other team and improved into a new standalone tool called blight. It has all of polybuilds features and more, we should swap to it when we get a chance.

With the recent news on attacks leveraging the non-ascii characters, implement a new analyzer that would flag such characters as suspicious, namely:

• strings containing non-ascii characters
• variable names and attribute names containing non-ascii characters

This should be preferably configurable in a config file as it can produce a lot of false-positives or uninteresting results in some cod