From 9d0248545d85d6a680f2c9507f1bcfe13e889535 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 22 Aug 2024 14:34:37 +0200
Subject: fix: mark systemconfig value as not being tainted because they are
 implicitly trusted

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 lib/private/SystemConfig.php | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/private/SystemConfig.php b/lib/private/SystemConfig.php
index f817e327b19..ed77526c29c 100644
--- a/lib/private/SystemConfig.php
+++ b/lib/private/SystemConfig.php
@@ -114,6 +114,24 @@ class SystemConfig {
 	) {
 	}
 
+	/**
+	 * Since system config is admin controlled, we can tell psalm to ignore any taint
+	 *
+	 * @psalm-taint-escape sql
+	 * @psalm-taint-escape html
+	 * @psalm-taint-escape ldap
+	 * @psalm-taint-escape callable
+	 * @psalm-taint-escape file
+	 * @psalm-taint-escape ssrf
+	 * @psalm-taint-escape cookie
+	 * @psalm-taint-escape header
+	 * @psalm-taint-escape has_quotes
+	 * @psalm-pure
+	 */
+	public static function trustSystemConfig(mixed $value): mixed {
+		return $value;
+	}
+
 	/**
 	 * Lists all available config keys
 	 * @return array an array of key names
@@ -150,7 +168,7 @@ class SystemConfig {
 	 * @return mixed the value or $default
 	 */
 	public function getValue($key, $default = '') {
-		return $this->config->getValue($key, $default);
+		return $this->trustSystemConfig($this->config->getValue($key, $default));
 	}
 
 	/**
-- 
cgit v1.2.3