Custom Taint Sinks

The @psalm-taint-sink <taint-type> <param-name> annotation allows you to define a taint sink.

Any tainted value matching the given taint type will be reported as an error by Psalm.


Here the PDOWrapper class has an exec method that should not receive tainted SQL, so we can prevent its insertion:


class PDOWrapper {
     * @psalm-taint-sink sql $sql
    public function exec(string $sql) : void {}