Matt Brown
3b1fa58413
Break apart method as much as possible
2020-11-30 14:07:18 -05:00
Matt Brown
2427606563
Fix lint
2020-11-30 13:25:27 -05:00
Matt Brown
2204728824
Break apart NewAnalyzer::analyze
...
Ref #4714
2020-11-30 13:24:24 -05:00
Matt Brown
4baf143ff7
Break apart ArrayAssignmentAnalyzer::updateArrayType
...
Ref #4714
2020-11-30 13:08:42 -05:00
Matt Brown
5430effb2b
Break apart InstancePropertyAssignmentAnalyzer
...
Ref #4714
2020-11-30 12:09:09 -05:00
Matt Brown
31e2522adb
Actually not a bug
2020-11-30 01:32:38 -05:00
Matt Brown
817db55140
Fix typo
2020-11-30 01:29:40 -05:00
Matt Brown
cf6dedc11d
Break up AssertionFinder methods
...
Ref #4714
2020-11-30 01:20:28 -05:00
orklah
a760a2418a
support shift and bitwise operations in constants ( #4740 )
2020-11-29 21:43:49 -05:00
Matt Brown
4d81682fdd
Fix #4731 - expand out class-bound generic types when evaluating instance method
2020-11-29 21:36:50 -05:00
Matt Brown
86b6d6a506
Fix #4733 - don’t replace template types when they’re defined on the same class
2020-11-29 19:12:22 -05:00
Matt Brown
601c1d8cd0
Expand out constants in param types earlier
2020-11-29 19:07:35 -05:00
Matt Brown
46b202731c
Fix check
2020-11-29 18:28:32 -05:00
Matt Brown
58b306b6e3
Ensure class template types are mapped to static methods where necessary
...
Ref #4733
2020-11-29 17:40:52 -05:00
Matt Brown
8da676f5bf
Improve param name
2020-11-29 17:26:42 -05:00
Matt Brown
ea314cc1c0
Simplify calling of replacer methods
2020-11-29 16:27:00 -05:00
Matt Brown
4d22723525
Break out replacement of templated types with their inferred result
2020-11-29 16:16:16 -05:00
Matt Brown
15a5bd5e29
Simplify storage and retrieval of extended template params
2020-11-29 15:05:32 -05:00
Matthew Brown
60ac109c01
Add RedundantPropertyInitializationCheck ( #4732 )
...
* Add RedundantPropertyInitializationCheck
* add documentation for RedundantPropertyInitializationCheck (#4734 )
Co-authored-by: orklah <orklah@users.noreply.github.com>
2020-11-29 11:57:20 -05:00
Matt Brown
0efd4ebd7d
Detect some erroneous issets
2020-11-29 09:26:39 -05:00
Matthew Brown
fd53192ad2
Fix redundant mappings
2020-11-28 21:05:31 -05:00
Matt Brown
8adc0918ae
Fix the bug
2020-11-28 09:55:40 -05:00
Matt Brown
de1fa03f77
Fix template type selection
2020-11-28 09:53:11 -05:00
Matt Brown
4af7e818b2
Simplify ArrayFetchAnalyzer::getArrayAccessTypeGivenOffset
...
Ref #4714
2020-11-27 23:36:47 -05:00
Matt Brown
73cd07a01f
Simplify FunctionCallAnalyzer
...
Ref #4714
2020-11-27 16:34:27 -05:00
Matt Brown
6db8132b4c
Simplify call analysers a bit
...
Ref #4714
2020-11-27 16:31:10 -05:00
Matt Brown
5dd4912a99
Simplify ArrayAnalyzer
...
Ref #4714
2020-11-27 14:19:55 -05:00
Matt Brown
1ce45516db
Don’t alter behaviour
2020-11-27 11:47:12 -05:00
Matt Brown
5f065d3d74
Turn template bound tuples into object
...
Ref #4714
2020-11-27 11:43:30 -05:00
Matt Brown
6de97e3779
Skip missing function params in taint analysis
2020-11-26 11:58:14 -05:00
orklah
4bbb72329e
Fix PHPMAXINT offset ( #4707 )
2020-11-26 09:24:32 -05:00
Matt Brown
01ceaf7006
Fix style issues
2020-11-25 21:36:37 -05:00
orklah
58736924dd
fix wrong cast to int when string offset is a number > MAX INT ( #4702 )
2020-11-25 15:48:53 -05:00
Matt Brown
f3e0201a99
Treat $a ?? $b identically to isset($a) ? $a : $b
2020-11-25 14:34:05 -05:00
Matt Brown
d40d63f180
Fix #4699 - treat isset like !== null when variable is defined
2020-11-25 14:04:55 -05:00
Matt Brown
6aa052475a
Pass correct flags when referencing from finally
2020-11-25 14:04:55 -05:00
orklah
b6a3282589
Detect redundant cast ( #4695 )
...
* detect redundant cast
* fix redundant cast issues
* fix redundant cast in tests
2020-11-25 12:04:48 -05:00
Matt Brown
f8ddc7e58a
Add slash
2020-11-24 15:07:15 -05:00
Matt Brown
e9c00b8395
Switch order to satisfy new refinement
2020-11-24 14:57:34 -05:00
Matt Brown
41af653bd4
Add support for some dependent types
2020-11-24 14:50:35 -05:00
orklah
b6cb9785ac
Prevent illegal array keys ( #4660 )
...
* Emit an issue when an array-key is not legal
* tests
2020-11-23 15:20:39 -05:00
erikjwaxx
25d8c6d21e
Narrow inference of $a <=> $b from "int" to "-1|0|1" ( #4680 )
...
* A <=> operator has a literal type of -1|0|1 and not simply int
* Test to verify inferred type of $a <=> $b is -1|0|1
2020-11-23 13:10:51 -05:00
Matt Brown
17ceba5c06
Fix bug
2020-11-22 23:32:14 -05:00
Matt Brown
f164a45843
Fix bugs
2020-11-22 19:45:54 -05:00
Matt Brown
9a03a9a5d0
Move param taint sink addition after arguuments have been analysed
2020-11-22 19:39:40 -05:00
Matt Brown
b782dd4225
Make sure conditional escaping works for static methods too
2020-11-22 13:39:32 -05:00
Matt Brown
af008953a8
Fix #4661 - support conditional escaping for functions
2020-11-22 13:24:33 -05:00
orklah
a3217265ce
null operations should return mixed results ( #4655 )
2020-11-22 09:06:03 -05:00
Matt Brown
f0ae0e5cb4
Break aparat type combiner
2020-11-21 18:11:29 -05:00
Lukas Reschke
ffb0c4ae17
Implement variadic taint propagation ( #4649 )
...
* Implement variadic taint propagation
* Lint code
2020-11-21 17:41:40 -05:00
orklah
ae0486529e
Unused psalm-suppress ( #4646 )
2020-11-21 17:39:40 -05:00
Matt Brown
1cead18760
Fix #4637 - prevent regression when negating function call with === false
2020-11-20 09:56:53 -05:00
Matt Brown
ce8938263e
Fix #4636 - prevent crashes on aliased classes
2020-11-20 09:29:24 -05:00
Matt Brown
c562e1dd52
Don’t taint foreach keys with array-fetch
...
We could use array-keyfetch or similar, but for now gives false-positives
2020-11-19 19:08:59 -05:00
Matt Brown
78d644d1a1
Change TaintedText to TaintedCallable
2020-11-19 19:01:19 -05:00
Matt Brown
4c315ec45c
Closure calls aren’t sinks
2020-11-19 18:44:36 -05:00
Matt Brown
70c9fd97c7
Return empty instead of throwing
2020-11-19 16:25:53 -05:00
Matt Brown
ead63894a1
Fix formatting
2020-11-19 16:09:30 -05:00
Matt Brown
b5d4b59c33
Be more refined
2020-11-19 15:57:05 -05:00
Matt Brown
de49892525
Fix #4626 - array_key_exists should infer type for first arg where possible
2020-11-19 15:40:27 -05:00
Matt Brown
ff3fff56d4
Simplify assertion negations, centralising as much as possible
...
Now the flag passed to scrapeAssertions just determines the errors emitted
2020-11-19 14:32:49 -05:00
Matt Brown
7803cc228b
Revert "Fix #4624 - allow in_array to work with list arrays"
...
This reverts commit 08ae85a735
.
2020-11-19 12:49:26 -05:00
Matt Brown
08ae85a735
Fix #4624 - allow in_array to work with list arrays
2020-11-19 09:26:41 -05:00
Matt Brown
95de6cf177
Allow immutable classes to be specialised through calls
2020-11-19 01:38:20 -05:00
Matt Brown
d60abaf858
Unfix fixes
2020-11-18 19:19:07 -05:00
Matt Brown
8dd229f6c0
Only ignore literal flows when tainting
2020-11-18 18:43:41 -05:00
Matt Brown
be275ae972
Fix #4605 - taint parent-declared property
2020-11-18 13:34:47 -05:00
Matt Brown
236292ff05
Fix #4600 - set attributes in a bunch of places
2020-11-18 12:44:59 -05:00
Matt Brown
3f7f959726
Fix #4599 - propagate taints to parent callers where necessary
2020-11-18 09:59:54 -05:00
Matt Brown
28dee4146a
Fix tests
2020-11-17 17:53:46 -05:00
Matt Brown
adeaa33a64
Don’t propagate taints to child constructor args
2020-11-17 16:49:29 -05:00
Matt Brown
4e5111f1a8
Fix #4472 - if something flows into a byref var it’s used
2020-11-17 15:30:53 -05:00
Matt Brown
43af3b1a57
Break out TaintedInput issues into a lot of separate ones
2020-11-17 12:44:31 -05:00
Matt Brown
42802e11d1
Allow PHP major version to determine substr return type
2020-11-16 16:31:33 -05:00
Dusk
0fe3e1f83b
Allow named arguments to variadic functions ( #4575 )
...
Closes #4563
2020-11-16 15:49:27 -05:00
orklah
6f8b463860
Detect trying to access to a list with a negative offset ( #4552 )
2020-11-15 20:26:50 -05:00
Matt Brown
26b4cd1fb9
Fix #4529 - allow unsetting with complex array key
2020-11-14 08:57:25 -05:00
Matt Brown
086237aab7
Fix #4544 - improve handling of get_class in match
2020-11-13 11:55:42 -05:00
Matt Brown
5a62dc5c40
Fix #4540 - use correct method when simulating property setting
2020-11-12 23:56:29 -05:00
Matt Brown
556fb12966
Move mutation checks to more appropriate place
2020-11-12 23:54:50 -05:00
Matt Brown
2f7bf2a144
Bind lower bounds to upper bounds as well when no upper bound can be inferred
...
Ref #4485
2020-11-11 17:46:09 -05:00
Matt Brown
a8d7248c31
Fix #4524 - do better template param inheritance
2020-11-11 13:25:17 -05:00
Matt Brown
5ad1e80e99
Fix #4527 - improve interpolated string types
2020-11-11 00:38:26 -05:00
Matt Brown
46ebca4497
Fix coalesce operation tainting
2020-11-10 14:36:36 -05:00
Matt Brown
a82a9558d2
Experiment with refactor
2020-11-10 12:50:17 -05:00
Matt Brown
b731b53d5e
Add debug stuff for code complexity
2020-11-10 12:49:42 -05:00
Matt Brown
81babf2430
Clone to prevent incorrect references
2020-11-10 09:01:46 -05:00
Matt Brown
e27cbfba57
Reduce size of data flow graph when analysing array assignments
2020-11-09 22:44:36 -05:00
Adrien LUCAS
4cb8e86737
Add a proxy
capability to the flow annotation ( #4495 )
...
* Add a `passthru` capability to the flow annotation
* Fix passthru-calls type
* Fix types and rename to proxy
* Allow to proxy a method
Co-authored-by: Matthew Brown <github@muglug.com>
2020-11-09 15:22:35 -05:00
Matt Brown
e97a9c86eb
Fix #4517 - track type contradiction issues in match expressions
2020-11-09 10:00:53 -05:00
Matt Brown
3aaa1d8447
Fix #4516 - treat exit() as the empty type
2020-11-09 08:44:03 -05:00
Matt Brown
683546e024
Fix #4519 - prevent crash with empty match
2020-11-09 08:36:59 -05:00
Matt Brown
8799e1a337
Break apart complex method
2020-11-09 00:58:45 -05:00
Matt Brown
0be4f2fedf
Fix/ignore reflection bugs
2020-11-08 14:27:37 -05:00
Matt Brown
20e37d8cb6
Add a comment to show workings
2020-11-08 13:08:45 -05:00
Matt Brown
24c9702aa5
Remove unused imports
2020-11-08 12:31:21 -05:00
Matt Brown
6da0905478
Separate out good from the bad
2020-11-08 12:29:23 -05:00
Matt Brown
b635353cf4
Fix redundant thing
2020-11-08 10:18:32 -05:00
Matt Brown
dccf236d16
Fix #4503 - don’t ignore assertions on possibly-null mixed
2020-11-08 10:06:39 -05:00
Matt Brown
b8f5d16e9f
Consolidate similar functionality
2020-11-07 00:58:20 -05:00