fix: Fix false-positive psalm taint errors when outputting plain text

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

2 files changed, 10 insertions, 10 deletions

diff --git a/build/psalm-baseline-security.xml b/build/psalm-baseline-security.xml
index d31034d538d..2777f4e7734 100644
--- a/build/psalm-baseline-security.xml
+++ b/build/psalm-baseline-security.xml
@@ -36,14 +36,6 @@
       <code><![CDATA[$sqliteFile]]></code>
     </TaintedFile>
   </file>
-  <file src="lib/private/legacy/OC_Template.php">
-    <TaintedHtml>
-      <code><![CDATA[$exception->getTraceAsString()]]></code>
-    </TaintedHtml>
-    <TaintedTextWithQuotes>
-      <code><![CDATA[$exception->getTraceAsString()]]></code>
-    </TaintedTextWithQuotes>
-  </file>
   <file src="lib/public/DB/QueryBuilder/IQueryBuilder.php">
     <TaintedSql>
       <code><![CDATA[$column]]></code>
diff --git a/lib/private/legacy/OC_Template.php b/lib/private/legacy/OC_Template.php
index 1026e536b97..af363e0a41e 100644
--- a/lib/private/legacy/OC_Template.php
+++ b/lib/private/legacy/OC_Template.php
@@ -313,7 +313,15 @@ class OC_Template extends \OC\Template\Base {
 		die();
 	}
 
-	private static function printPlainErrorPage(\Throwable $exception, bool $debug = false) {
+	/**
+	 * @psalm-taint-escape has_quotes
+	 * @psalm-taint-escape html
+	 */
+	private static function fakeEscapeForPlainText(string $str): string {
+		return $str;
+	}
+
+	private static function printPlainErrorPage(\Throwable $exception, bool $debug = false): void {
 		header('Content-Type: text/plain; charset=utf-8');
 		print("Internal Server Error\n\n");
 		print("The server encountered an internal error and was unable to complete your request.\n");
@@ -323,7 +331,7 @@ class OC_Template extends \OC\Template\Base {
 		if ($debug) {
 			print("\n");
 			print($exception->getMessage() . ' ' . $exception->getFile() . ' at ' . $exception->getLine() . "\n");
-			print($exception->getTraceAsString());
+			print(self::fakeEscapeForPlainText($exception->getTraceAsString()));
 		}
 	}
 }