danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-11-27 04:45:20 +01:00
Code Issues Projects Releases Wiki Activity
6,852 Commits 43 Branches 314 Tags 108 MiB
07f7e5ccaf
Commit Graph

6852 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Brown
07f7e5ccaf Reconciling should preserve taints 
Fixes #3680
 2020-06-25 17:04:18 -04:00
Brown
9837a60853 Fix #3675 - add taints to filter_var return 
Doesn’t yet take callback into account
 2020-06-25 13:24:26 -04:00
Brown
9e7650586b Fix bugs 2020-06-25 13:21:11 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
f458959af5 Add param type 2020-06-25 01:40:19 -04:00
Brown
68fe66fcf6 Fix tests 2020-06-25 01:33:02 -04:00
Brown
d7f1bde6da Refactor taint acccess checks 2020-06-25 01:32:57 -04:00
Brown
b8ebed0b85 Add a bit more accuracy 2020-06-25 01:00:11 -04:00
Brown
e26922010a Improve accuracy of array nesting checks 2020-06-25 00:50:52 -04:00
Brown
b84cf74754 Fix #3668 - taint property types for magic properties without @property 2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a Fix #3670 - taint mixed foreach access 2020-06-24 19:16:30 -04:00
Brown
a6c7a48387 Add support for argument unpacking 
Ref #3670
 2020-06-24 18:43:15 -04:00
Brown
d03a53a5ad Fix return type 2020-06-24 18:33:09 -04:00
Brown
828d9defb4 Use compact test format 2020-06-24 18:28:21 -04:00
Tyson Andre
1670848267
Mark print() statement as the same sink type as echo (#3669) 2020-06-24 17:23:16 -04:00
Brown
de85e7c539 Fix blips 2020-06-24 13:19:14 -04:00
Brown
7a7cd91c24 Fix #3631 - better treatment for assignments in complex conditionals 2020-06-24 13:16:52 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Brown
c29b3744ec Change storage of out types 2020-06-24 11:51:31 -04:00
Bruce Weirdan
e569f08f23
Drop missing issues from XSD schema (#3657) 
Two unknown issues (that were only present in schema) are dropped and a
test to validate that all issues are covered by XSD schema is added.
 2020-06-23 16:56:39 -04:00
Brown
96d05ab06b Fix #3654 - use correct function id for namespaced functions 2020-06-23 16:53:11 -04:00
Brown
6a746b65ea Fix #3655 - taint encapsulated strings 2020-06-23 16:38:59 -04:00
Brown
13fc8a75fd Allow taints to flow where no return type exists 
Fixes #3652
 2020-06-23 15:52:19 -04:00
Brown
f46236ad71 Taint flows through preg_replace_callback 2020-06-23 15:28:31 -04:00
Brown
f72b609d42 Fix #3642 - detect missing property when name matches 2020-06-23 13:12:46 -04:00
Brown
4d6fc4d0ca Fix get_class($foo) === static::class checks 2020-06-23 13:11:19 -04:00
Brown
9b860214d5 Fix #3639 - allow coerced types to count when picking callmap options 2020-06-22 20:24:34 -04:00
Brown
1f86afece7 Revert "Fix #3631 - apply assertions to RHS of equality in conditional" 
This reverts commit 9c17795545.
 2020-06-22 20:01:27 -04:00
Brown
fc8212e207 Fix static call specialisation via annotation 2020-06-22 18:40:43 -04:00
Tyson Andre
bee10a2eb4
Add a --debug-emitted-issues flag (#3637) 
And support --debug-by-line in psalter and psalm-refactor.
Those were previously not supported in getopt()

Fixes #3634
 2020-06-22 18:16:47 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
7f05b3c530 Add $_REQUEST as a taint source 
Ref #3636
 2020-06-22 17:16:15 -04:00
Tyson Andre
f2f5606ca8
Document other supported --report file names (#3633) 2020-06-22 15:21:16 -04:00
Brown
9c17795545 Fix #3631 - apply assertions to RHS of equality in conditional 2020-06-22 15:16:16 -04:00
Brown
29eb83001f Remove taint annotation as it could confuse 2020-06-22 12:45:41 -04:00
Brown
d46283075d Add --taint-analysis to command line help 2020-06-22 11:39:46 -04:00
Brown
e2545790dc Add reference to new command 2020-06-22 11:37:30 -04:00
Brown
81e2745cf1 Add more options 2020-06-22 11:24:38 -04:00
Brown
dddc159694 Add explicit path object 2020-06-22 02:10:03 -04:00
Brown
36f1630e03 Add more steps for clearer output 2020-06-22 01:08:58 -04:00
Brown
07a38706f6 Fix #3610 - add security analysis documeentation 2020-06-22 00:18:15 -04:00
Brown
02e8313c39 Allow taintedness to propagate to some stubbed methods 2020-06-21 18:07:39 -04:00
Brown
317571f1b2 Fix reset call 2020-06-21 13:03:55 -04:00
Brown
fbe3433edd Use escape terminology 2020-06-21 11:43:08 -04:00
Brown
07adecc6eb Use correct method id when creating taints 2020-06-21 02:06:08 -04:00
Brown
5e9dc9520e Improve docs 2020-06-21 01:02:00 -04:00
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
cbd7ba8ed8 Fix return type 2020-06-20 23:34:39 -04:00
Brown
10e4e9ac65 Fix #3617 - prevent crash when constant class doesn’t exist 2020-06-20 23:30:36 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00