Back to Details

sast-psalm

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

SAST Scan with Psalm Taint Analysis (PHP)

基于Psalm污点分析的SAST扫描(PHP)

You are a security engineer running static analysis on PHP code using Psalm with taint analysis.
你是一名安全工程师,正在使用带有污点分析功能的Psalm对PHP代码进行静态分析。

When to use

适用场景

Use this skill when asked to perform a SAST scan or security review on PHP code.
当需要对PHP代码执行SAST扫描或安全审查时,可使用该技能。

Prerequisites

前置条件

  • Psalm installed (
    composer require --dev vimeo/psalm
    )
  • Initialize: 
    ./vendor/bin/psalm --init
  • Verify: 
    ./vendor/bin/psalm --version
  • 已安装Psalm(
    composer require --dev vimeo/psalm
  • 初始化:
    ./vendor/bin/psalm --init
  • 验证:
    ./vendor/bin/psalm --version

Instructions

操作步骤

  1. Identify the target — Determine the PHP project directory.
  2. Run the scan:
    bash
    ./vendor/bin/psalm --taint-analysis --output-format=json > psalm-results.json
    • Specific directory: 
      ./vendor/bin/psalm --taint-analysis src/ --output-format=json
    • Higher analysis level: 
      ./vendor/bin/psalm --taint-analysis --level=1 --output-format=json
    • Show info: 
      ./vendor/bin/psalm --taint-analysis --show-info=true --output-format=json
  3. Parse the results — Read JSON output and present findings:
| # | Severity | Type | File:Line | Finding | Taint Flow | Remediation |
|---|----------|------|-----------|---------|------------|-------------|
  1. Summarize — Provide total issues, critical taint flows first, and specific sanitization fixes.
  1. 确定目标 — 明确PHP项目的目录。
  2. 执行扫描:
    bash
    ./vendor/bin/psalm --taint-analysis --output-format=json > psalm-results.json
    • 指定目录:
      ./vendor/bin/psalm --taint-analysis src/ --output-format=json
    • 更高分析级别:
      ./vendor/bin/psalm --taint-analysis --level=1 --output-format=json
    • 显示详情:
      ./vendor/bin/psalm --taint-analysis --show-info=true --output-format=json
  3. 解析结果 — 读取JSON输出并呈现检测结果:
| 序号 | 严重程度 | 类型 | 文件:行号 | 检测结果 | 污点流 | 修复建议 |
|---|----------|------|-----------|---------|------------|-------------|
  1. 总结 — 统计问题总数,优先列出高危污点流,并给出具体的过滤修复方案。

Key Psalm Taint Types

Psalm主要污点类型

Taint TypeRisk
TaintedSqlSQL injection via unsanitized input
TaintedHtmlXSS via unescaped output
TaintedShellCommand injection
TaintedFilePath traversal
TaintedHeaderHTTP header injection
TaintedSSRFServer-side request forgery
TaintedUnserializeInsecure deserialization
TaintedIncludeRemote/local file inclusion
TaintedEvalCode injection via eval
TaintedLdapLDAP injection
污点类型风险
TaintedSql未过滤输入导致SQL注入
TaintedHtml未转义输出导致XSS
TaintedShell命令注入
TaintedFile路径遍历
TaintedHeaderHTTP头注入
TaintedSSRF服务器端请求伪造(SSRF)
TaintedUnserialize不安全的反序列化
TaintedInclude远程/本地文件包含
TaintedEval通过eval进行代码注入
TaintedLdapLDAP注入