From fa108d5b5414d8fdfa1e5eecd9a7d871d58f4b28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Mon, 17 Feb 2025 14:13:23 +0100
Subject: [PATCH] fix: Correctly tag json encoding in BaseResponse to fix
 false-positive
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

 …in psalm taint analysis

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 build/psalm-baseline-security.xml             |  8 --------
 lib/private/AppFramework/OCS/BaseResponse.php | 10 +++++++++-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/build/psalm-baseline-security.xml b/build/psalm-baseline-security.xml
index 45f0e54f648..c7b083b22c5 100644
--- a/build/psalm-baseline-security.xml
+++ b/build/psalm-baseline-security.xml
@@ -16,14 +16,6 @@
       <code><![CDATA[$this->cache]]></code>
     </TaintedHtml>
   </file>
-  <file src="lib/private/OCS/ApiHelper.php">
-    <TaintedHtml>
-      <code><![CDATA[$body]]></code>
-    </TaintedHtml>
-    <TaintedTextWithQuotes>
-      <code><![CDATA[$body]]></code>
-    </TaintedTextWithQuotes>
-  </file>
   <file src="lib/private/Route/Router.php">
     <TaintedCallable>
       <code><![CDATA[$appNameSpace . '\\Controller\\' . basename($file->getPathname(), '.php')]]></code>
diff --git a/lib/private/AppFramework/OCS/BaseResponse.php b/lib/private/AppFramework/OCS/BaseResponse.php
index cc7f7845760..5929a3993ec 100644
--- a/lib/private/AppFramework/OCS/BaseResponse.php
+++ b/lib/private/AppFramework/OCS/BaseResponse.php
@@ -99,7 +99,7 @@ abstract class BaseResponse extends Response {
 		];
 
 		if ($this->format === 'json') {
-			return json_encode($response, JSON_HEX_TAG);
+			return $this->toJson($response);
 		}
 
 		$writer = new \XMLWriter();
@@ -111,6 +111,14 @@ abstract class BaseResponse extends Response {
 		return $writer->outputMemory(true);
 	}
 
+	/**
+	 * @psalm-taint-escape has_quotes
+	 * @psalm-taint-escape html
+	 */
+	protected function toJson(array $array): string {
+		return \json_encode($array, \JSON_HEX_TAG);
+	}
+
 	protected function toXML(array $array, \XMLWriter $writer): void {
 		foreach ($array as $k => $v) {
 			if ($k === '@attributes' && is_array($v)) {