Safety Level

Static analysis for PHP
Safety levels are used to represent the level of security a variable has within the security analysis.

The set of safety levels is finite and has a partial order by <=. The order is reflexive, transitive and antisymetric.

The levels are not given a number, but a name. This allows for further extension in the future. Safety levels that are ranked higher are safer.

Name(s) Explenation
safe Safe/Unknown (default value for variables), upper bound
integer-type, null-type, object-type, array-type, float-type Specific types
string-from-list, matched-string String is matched to a certain value.
formatted-string, encoded-string String is formatted in a special way (e.g. dates, hashed)
escaped-html, escaped-shell, escaped-slashes String has no un-escaped character sequences
raw-input Raw input that is not to be trusted
unsafe Lower bound

-- EricBouwers - 29 Dec 2006