Patrick Remy

Just checked again, with the above plugin using `AfterExpressionAnalysisInterface`, on v4.30.0 errors get detected, using v5.0.0 no errors are found. Interestingly, even on v4.30.0 no errors are found using the...

Still reproducible with current `dev-master`. I created a repository for easy reproduction: https://github.com/Patrick-Remy/repro-psalm-5-taint-analysis-issue/blob/master/README.md @weirdan do you have an idea why the TaintGraph has so big changed between v4 and v5?

In July I had a bigger source file when diffing the TaintFlowGraphs. I tried to debug it again and dumped in the minimal repro after`connectSinksAndSources` in `Analyzer`. And the main...

The issue seems to be caused by https://github.com/vimeo/psalm/commit/d0be59e16ef6e55f0349c60eab272947e21a2c11#diff-122c0df94b9a0557e4fd09b8d8c7324f4d6d8fff34f344e1e49318c8e7a0a242 With the commit before (`51838a545`) the taint is found, when checking out `d0be59e16`, the issues are ignored. The `ArgumentAnalyzer::verifyType` gets called with...

I think I got it, with the change of immutability, `addTaintSource()` doesn't manipulate the `$expr_type` anymore and instead returns the adjusted `$expr_type`. But this won't work, as from a plugin...

See my PR for furhter analysis/discussion

I can reproduce, if I print the JWT in `spaceship/lib/spaceship/connect_api/token.rb` that it's valid (tried with `curl -H 'Authorization: Bearer ey...' "https://api.appstoreconnect.apple.com/v1/apps"`). Looks like there is some issue especially in `upload_to_testflight`/`pilot`...

I have just refactored my implementation and more important added a new test case that covers the issue. As now all checks are passing (ignoring the test-with-real-projects), could you please...

As far as I know, it may probably still work when adding taints via either `addTaintSource()` or `AddTaintsInterface` if there is already some taint source at a node (due to...

I was adding some more tests, and fastly failed with some odd behaviour where I am not sure, if it is due to my changes or if it was already...