1
0
mirror of https://github.com/danog/psalm.git synced 2025-01-05 20:48:45 +01:00
Commit Graph

5597 Commits

Author SHA1 Message Date
Brown
1b81ce9921 Revert string changes 2020-07-26 19:55:49 -04:00
Brown
74eea18563 Add better checks 2020-07-26 19:09:26 -04:00
Brown
d9d5fdd6c9 Add more rules around positive ints 2020-07-26 18:29:17 -04:00
Brown
4a5f74c091 Add positive-int type 2020-07-26 15:51:55 -04:00
Brown
8c5e4edab0 Fix extra test 2020-07-26 15:50:07 -04:00
Brown
657f9db2e0 Fix bugs 2020-07-26 15:21:05 -04:00
Brown
23f5d66516 Fix #3897 - support aliasing final methods 2020-07-26 14:46:52 -04:00
Brown
eddd7b8c11 Fix #1916 - support @var docblock annotations in more places 2020-07-26 13:23:21 -04:00
Brown
42ad366dc8 psalm-internal no longer requires internal annotation
cc @bdsl
2020-07-26 10:47:48 -04:00
Brown
e398535f9f Fix #3872 - detect namespace violations in non-methods 2020-07-26 10:42:04 -04:00
Matthew Brown
1d077cc48e Fix #3894 - don’t alter class-string during erroneous emptiness check 2020-07-25 22:49:19 -04:00
Grégoire Paris
2f673fbbd7
Detect redundant identity with true (#3893)
Using === true on a known boolean results in the same boolean.
2020-07-25 17:27:45 -04:00
Matthew Brown
ab714a40c4 Allow binding of static to current final class
Ref #3892
2020-07-25 17:26:07 -04:00
Brown
b1e583ebed Detect concat operation on property
Ref #3870
2020-07-24 16:01:45 -04:00
Brown
3687d34a5a Detect bad class constants more explicitly 2020-07-24 15:38:56 -04:00
Brown
873970a4d1 Recursively transform template types before comparison
Fixes #3887
2020-07-24 14:47:24 -04:00
Brown
92fe9898a1 Fix #3879 - ensure interface templates are extended where nececssary 2020-07-24 11:29:36 -04:00
Brown
cb979262c7 Add slash 2020-07-24 10:51:04 -04:00
Matthew Brown
84945a7d1b Fix #3877 - prevent impossible subtr comparisons 2020-07-24 10:08:57 -04:00
Matthew Brown
b88b169464 Fix #3882 - prevent crash when comparing object{...} to missing class 2020-07-24 09:38:51 -04:00
kazusuke sasezaki
94002367ba
fixed typo (#3883) 2020-07-24 09:34:05 -04:00
Barney Laurance
ff432ff73d
Simplify error messages and implementation for internal errors (#3881)
* Use more consistent language for Internal errors

There's no meaningful distinction between something being internal and
being 'marked as internal'.

* Rename property psalm_internal to internal in all storage classes

This property holds metadata that can be set using either @internal
or @psalm-internal in docblocks

* Change types of internal properties in storage from ?string to string

Simpler type is easier to handle. Non-internal methods can be considered
to be internal to the entire universe of PHP code, i.e. that code whose
namespace starts with the empty string. It's not a special case.
2020-07-24 09:32:54 -04:00
Brown
344a732829 Warn about simple assignments 2020-07-23 02:40:35 -04:00
Brown
3848fa6872 Fix #3870 - mark properties as reference-free only for externally-immutable classes 2020-07-23 01:48:06 -04:00
Barney Laurance
3bc91b9944
Fix multiple issues with @internal and @psalm-internal (#3841)
* Add passing tests for property fetch on an @internal class

I'm trying to work out why the equivilent InvalidCodeParse test is
failing for PsalmInternal

* Treat all properties of a psalm-internal class as psalm-internal

* Remove all $internal properties from storage - use psalm_internal instead

@internal can be represented as internal to the namespace root, avoiding
the need to check for both properties in storage later.

* Raise InternalClass issue when an internal class is used with e.g. instanceOf

* fix docs and tests

* Add return type declartion to code example in doc

* Don't allow class psalm-internal to overide a tighter method psalm-internal

* Break up long line

* Code style - move && from EOL to SOL

* Restore misplaced &&

* Fix code style

* Fix namespace fetching so it works

Co-authored-by: Matthew Brown <github@muglug.com>
2020-07-22 19:27:35 -04:00
Brown
eaae243905 Fix #3857 - allow reconciliation on magic properties 2020-07-22 09:55:22 -04:00
Brown
983f233026 Improve unpacking 2020-07-22 00:35:18 -04:00
Brown
962265e98e Hopefully final fixes 2020-07-21 23:59:11 -04:00
Brown
7ef3d4711f Fix some more tests 2020-07-21 23:16:56 -04:00
Brown
fc8c899b3a Fix test 2020-07-21 20:51:37 -04:00
Brown
5415a379d2 Fix style things 2020-07-21 19:44:59 -04:00
Brown
76bd5b6278 Refactor type comparison 2020-07-21 19:40:35 -04:00
Brown
3ce5478e5e Fix what source we give the afterMethodCall analysis hook 2020-07-21 15:00:47 -04:00
Brown
295adb5763 Fix #3860 - use correct trait element positions for nested error 2020-07-21 14:17:07 -04:00
Brown
8ed9007355 Allow false to be removed from scalar
Fixes #3829
2020-07-21 13:02:13 -04:00
Brown
ae89a71c84 Prevent false-positive comparing template to true 2020-07-21 12:59:50 -04:00
Brown
223b0619c5 Fix #3858 - support @psalm-assert falsy for abort_if expressions 2020-07-21 12:55:11 -04:00
othercorey
1524b62181
Allow null for locale, datetime and typetime of datefmt_create (#3851) 2020-07-20 04:52:27 -04:00
Gregor Harlan
5212bd1f9c
Readonly: allow assignments in __unserialize (#3845) 2020-07-20 04:50:50 -04:00
Evgeniy
2c51f47ff6
Fix invalid UndefinedClass using array|callable (#3842)
* Do not treat string array argument as callable if it can be traeted just as string array.

* cs
2020-07-20 04:50:07 -04:00
ygottschalk
de2109234d
fixes wrong return type of key() #3838 (#3839)
* fixes wrong return type of key() #3838
fixed/added tests for key

* fixed test again
2020-07-20 04:49:36 -04:00
Tyson Andre
060ae61f31
Remove an if statement that repeats the previous if statement (#3840)
They're the exact same variables.
2020-07-17 19:46:06 -04:00
Brown
9ca8fb80b7 Carry over taints after @var docblock type hints 2020-07-17 11:30:44 -04:00
Adrien LUCAS
d44130191b
Allow taint through strval sprintf (#3836)
* Add psalm-flow to strval

* Unexpected behavior with implode
2020-07-17 10:12:04 -04:00
Nat Zimmermann
a1a403e046
make meta path optional (#3833) 2020-07-17 10:09:42 -04:00
Nat Zimmermann
2ee126c567
correct *getcsv return types (#3832) 2020-07-17 10:09:21 -04:00
Brown
5392ae0b39 Fix UnusedMethodCall examples 2020-07-16 18:14:15 -04:00
Brown
d950ddfff6 Fix adding sink method 2020-07-16 16:04:17 -04:00
Brown
d1e62f1413 Add programattic sink method
Ref #3828
2020-07-16 16:02:26 -04:00
Brown
26a61c47c0 Prevent mixed erasure in get_class call 2020-07-16 13:56:42 -04:00
Brown
a2dbd31371 Fix usage of array_push results 2020-07-16 13:44:51 -04:00
Brown
262bb9fd89 Invalidate memoized getter method results after property assignment 2020-07-16 12:59:49 -04:00
Brown
b361b44889 Rip out plain getter property logic cc @m0003r
It gets in the way of the other IMO more useful memoisation logic (e.g. when a getter is declared final)
2020-07-16 12:42:59 -04:00
Brown
96bfd144df Fix #3825 - ensure final getters are treated as mutation free 2020-07-16 11:58:27 -04:00
kesselb
aaba3a08ec
Add option to supress a referenced but undefined global variable. (#3827) 2020-07-16 09:49:59 -04:00
Brown
8fbc8de98a Fix #3820 - don’t treat a method call as memoisable if it has assertions 2020-07-15 15:09:19 -04:00
Brown
06ee1b71c7 Improve check for empty array 2020-07-15 09:49:30 -04:00
ygottschalk
94e2552d1c
Fix #3810 removing ignore-nullable-return (#3817)
* Fix #3810 removing ignore-nullable-return form stubs of key, array_key_first, array_key_last

* fixed test failing due to changes to key()

* Improve key return type

* Remove unnecessary check

Co-authored-by: Matthew Brown <github@muglug.com>
2020-07-14 17:43:26 -04:00
Tyson Andre
f17a4911d5
Add more impure functions (#3814) 2020-07-14 17:14:09 -04:00
Evgeniy
fcd2ac3078
array_column check result non-emptyness (#3813)
* Update

* Update test

* Fix test

* Fix test

* inline function res in test

* cs
2020-07-14 17:13:45 -04:00
Brown
3c9028c182 Fix #3808 - allow detection of paradoxes in switch condition function calls 2020-07-14 10:51:12 -04:00
Brown
f0a5463834 Catch string subtypes that cannot be identical 2020-07-14 10:08:31 -04:00
Brown
2399643472 Fix #3811 - allow more complex negations inside boolean expressions 2020-07-13 21:31:58 -04:00
Bruce Weirdan
931d35a703
Collect and scan files included by the autoloaders (#3183)
Refs vimeo/psalm#2861
2020-07-11 17:17:22 -04:00
Joe Hoyle
b8c4abf08b
Add ability to Go to Definition on Use statements (#3805)
This adds the ability to use the LSP's "Go to Definition" on `use MyClass` statements.

Co-authored-by: Matthew Brown <github@muglug.com>
2020-07-11 17:16:44 -04:00
Joe Hoyle
0b6d682964
Fix going to definition on return type (#3806)
* Fix going to definition on return type

If a return type of a method or function is set incorrectly (with the PHP doc), then the references are not added for the `function() : MyClass` symbol, so the "Go to definition" feature of the LSP won't work. I don't believe an invalid return type or not should stop the symbol location being tracked (and not allowing code navigation).

In moved the symbol location tracking to be before the return early short circuit.

* Update SymbolLookupTest.php

Co-authored-by: Matthew Brown <github@muglug.com>
2020-07-11 17:14:39 -04:00
Joe Hoyle
11af82a97f
Fix jumping to definition on nullable parameters (#3804)
Currently it's not possible to "Go to definition" (LSP) on nullable args like `function( ?MyClass )` as the reference is stored a `MyClass|null` in the reference map, which will now resolve to a class name.

This PR removed any nullable type from the union before adding it to the reference map (as the reference map is only use to indicate a symbol was used in a given location, I think this makes sense).
2020-07-11 17:12:03 -04:00
Brown
2afbf58324 Prevent adding trait property types 2020-07-10 19:11:06 -04:00
Brown
9177ad5ce0 Add back fix 2020-07-10 17:13:11 -04:00
Brown
8d022307d2 Fix #3797 - prevent many chained assignments crashing Psalm 2020-07-10 16:49:45 -04:00
Brown
d71f12d250 Fix #3802 - allow increment inside isset expression 2020-07-10 16:14:24 -04:00
Brown
4f872674f9 Add space 2020-07-10 14:40:25 -04:00
Jon Ursenbach
6aca4c169e
feat: adding a runTaintAnalysis option into the config (#3800) 2020-07-10 13:22:03 -04:00
Brown
8349564cc4 Fix #3790 - removing false/null from template not redundant 2020-07-10 13:19:23 -04:00
Brown
cd8420aa94 Skip optimisation for unpacked args 2020-07-10 13:04:37 -04:00
Brown
d8eca89b44 Remove redundancy 2020-07-10 10:35:26 -04:00
Brown
38fdf4bef6 Treat array_push($a, ... as $a[]= ... 2020-07-10 10:20:02 -04:00
Joe Hoyle
d1ca68e57a
Fix offset calculation in getReferenceAtPosition (#3783)
* Fix calculation of getPositionFromOffse

* Add test for testGetSymbolPositionRange

* Fix code formatting.
2020-07-09 16:24:51 -04:00
Joe Hoyle
0119cd09c1
Always deep scan stubs (#3781)
In many sitations, stub files will receive a shallow _and_ deep scan when project files require extra analysys on things like parent classes. This makes stub file scanning inconsistent (orders become much less predictable for example), and adds extra process time to scan the files twice. In the case of stubs providing classes and functions for large projects, this is a non-trivial amount of time.

As deep scanning stubs should take just about as long as a shallow scan, it makes sense to just always deep scan them.

Fixes #3568.
2020-07-08 17:42:51 -04:00
Tyson Andre
018c4bf545
Support generating a .console report text file. (#3777)
This is useful for use cases such as saving multiline taint detection results.

Only the compact and console reports seem to use color right now.
In many cases, adding color codes to a text file would make it harder to read
in an editor.
2020-07-08 15:09:31 -04:00
Brown
bf7bcc0dca Fix #3779 - allow ParadoxicalCondition of default to be suppressed 2020-07-08 14:51:20 -04:00
Brown
33a834bb0b Fix some property inference bugs 2020-07-08 14:43:36 -04:00
Brown
619c384509 Add indentation as necessary between property docblocks 2020-07-08 14:32:16 -04:00
Brown
f173ef6ef0 Add mixed types to prevent bad recommendations 2020-07-08 12:18:36 -04:00
Brown
cf67b9eef1 Fix #435 - add psalter fix for MissingPropertyType 2020-07-08 12:03:12 -04:00
Brown
6bdff42cda Add support for potentially-assigned properties 2020-07-08 11:46:55 -04:00
Brown
0034f2e4bd Don’t manipulate property storage during analysis 2020-07-07 19:32:44 -04:00
Tyson Andre
cda6bd0553
Fix "Could not get class storage" from cache (#3769)
Fixes #3671

This is better than an uncaught exception, at least, and I can detect
new issues if the constructor body changes
2020-07-07 17:10:51 -04:00
Brown
8ecee6df6d Fix #3760 - prevent param remapping twice 2020-07-07 11:44:22 -04:00
Brown
82a85791f2 Fix #3764 - preserve sealed-ness of array into array_map 2020-07-07 09:31:43 -04:00
Brown
279cad3599 Fix #3755 - prevent crash when throw class not found 2020-07-07 00:29:46 -04:00
Tyson Andre
cad86aae5b
Fix typo for printr (#3754)
Related to #3744

`print_r` is only a taint sink when `$return` is false or absent.
2020-07-07 00:25:14 -04:00
Brown
1b498e6dae Remove unused variable 2020-07-06 17:41:07 -04:00
Brown
eb3ce8d368 Remove unused code 2020-07-06 15:39:52 -04:00
Brown
ada2fe033e Remove comma 2020-07-05 15:21:44 -04:00
Brown
ab6df0a5d1 Fix #3753 - resolve self-references in trait as statements earlier 2020-07-05 12:05:25 -04:00
Brown
42a3cedd31 Fix #3742 - add null to type after possibly null array access 2020-07-05 09:12:07 -04:00
jarstelfox
3096afed99
Fix echo false issue (#3751)
* Echo: add failing test case

echo false; is a noop, not an issue

* Echo: Fix failing test case
2020-07-05 08:55:42 -04:00
Brown
7c7ebd068f Make invalidation more robust 2020-07-03 12:59:07 -04:00
Brown
5da29955ee Use better replacement when analysing potentially-inherited templated type 2020-07-03 12:25:33 -04:00
Brown
44d7f51857 Generalise init vars inside for loops
Ref #3085
2020-07-03 11:13:44 -04:00
Brown
3d0a8c4c59 Fix #3738 - allow storing references to class-strings inside immutable 2020-07-03 08:47:50 -04:00
Brown
6419788a49 Remove false from template param as necessary
Fixes #3737
2020-07-03 01:07:50 -04:00
lhchavez
ba63ccb825
Improve \Psalm\Internal\Scanner\DocblockParser::parse() (#3736)
This change avoids calling `str_replace()` on the original docblock and
instead only operates on the parsed (and modified) lines. This now makes
it so that if there are substrings of the docblock that match a tag
match, it won't get prematurely removed, therefore avoiding mangling of
the parsed docblock's description.

Fixes: #3735
2020-07-02 17:55:57 -04:00
Brown
1745f5cafa Fix too-long line 2020-07-02 15:32:13 -04:00
Brown
cb94764d22 Prevent false-positive for Exception::__toString overriding 2020-07-02 14:09:56 -04:00
Brown
0c582e9993 Fix #3685 - improve handling of if conditionals inside do 2020-07-02 13:59:59 -04:00
Brown
cf1a8ac5fc Suppress taints in instance properties 2020-07-02 12:08:42 -04:00
Brown
67b2edc328 Allow more things to be suppressed with @psalm-suppress TaintedInput 2020-07-02 11:53:51 -04:00
Matthew Brown
fab07c58bd Add slash 2020-07-02 01:32:40 -04:00
Brown
ea82cdc6ea Fix #3726 - infer generic template from class-string 2020-07-02 01:11:46 -04:00
Brown
ae7c5b095b Fix #3712 - allow taints to be suppressed with @psalm-suppress 2020-07-01 23:23:45 -04:00
Tyson Andre
e3d59bf5d4
Support taint detection on Throwable::getTraceAsString() (#3731)
And `__toString()`, which uses getTraceAsString().

Fixes #3696

```php
function login($username, $password, $secret) {
    throw new RuntimeException('login failure');
}
try {
    login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
    // This output includes unescaped 'pass' and SECRET
    echo $e, "\n";
    echo $e->getTraceAsString();
}
```
2020-07-01 21:27:40 -04:00
Brown
0f548c83ea Fix redundant condition 2020-07-01 19:31:10 -04:00
Brown
6c62e46d15 Only emit one error for erroneous array_map string closure types 2020-07-01 19:18:01 -04:00
Brown
4d73b2501b Allow multiple args passed to array_map 2020-07-01 19:11:49 -04:00
Brown
70ab4c18f4 Fix #3720 - allow literal unions in keys to map to object-like arrays 2020-07-01 18:57:19 -04:00
Olle Härstedt
d8e8ce428e
Add new annotation: @psalm-self-out (#3650)
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

* New tag @self-out (WIP)

* Add self_out_type to method storage

* Add some notes

* More work on self-out (WIP)

* More work on self-out (WIP)

* Use psalm-self-out instead of self-out

* Remove extra file

* Cleanup

* Wrap around try-catch - how to check if a method has/should have storage?

* New method hasStorage()

* Fix indentation

* Fix some errors

* Fix indentation

* Cast storage type to type

* Add proper use-statement in method storage

* Correct test class name

* Allow self_out to be null

* method_id can be string (why, when?)

Co-authored-by: Olle <noemail>
2020-07-01 18:10:24 -04:00
Tyson Andre
b0a3de47e8
Mark create_function() as a taint sink (#3729)
create_function() is a thin wrapper around eval().
Fixes #3723
2020-07-01 18:09:30 -04:00
Brown
e13da22292 Allow cloning interfaces 2020-07-01 11:14:31 -04:00
Brown
fca350c498 Prevent a few crashes with really bad code 2020-07-01 10:30:10 -04:00
Brown
6047b7b6cb Fix #3719 - prevent crash when cloning missing class 2020-07-01 10:10:55 -04:00
Brown
4c368da75e Fix #3721 - prevent crash on empty @method 2020-07-01 09:00:33 -04:00
Brown
cceacde01d Hide fixable issues when running with taint analysis
Fixes #3722
2020-07-01 08:55:58 -04:00
Brown
17558a5c0e Fix #3676 - add multiline output for TaintedInput issues 2020-06-30 13:17:51 -04:00
Brown
671009a70c Specialize constructor taints cc @TysonAndre 2020-06-29 21:08:43 -04:00
Brown
7288dfc620 Fix #3715 - unserialize is a taint sink 2020-06-29 17:54:47 -04:00
Brown
7253e01000 Fix #3716 - prevent crash for Foo|? return type 2020-06-29 17:52:55 -04:00
Brown
e56483bb54 Fix #3711 - generalize call of specialized class without specializations 2020-06-29 17:42:01 -04:00
Brown
ab29ac0e51 Only cast in echo when tracking taints 2020-06-29 15:06:11 -04:00
Brown
cff976049d Remove unused vars 2020-06-29 13:24:05 -04:00
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
45c21853e5 Fix #3709 - don’t crash on inherited __toString tainting 2020-06-29 12:11:11 -04:00
Brown
aab90fb74e Fix Psalm errors 2020-06-29 09:29:19 -04:00
Brown
38977d797e Fix #3697 - cast types via implied __toString method 2020-06-29 09:13:19 -04:00
Brown
b54b832838 Break out method call tainting 2020-06-29 00:14:49 -04:00
Barney Laurance
3f8aa64ee9
Treat methods of internal or psalm internal classes as internal (#3698)
When both the method and the class are annotated as psalm-internal,
but to different namespaces, we consider the method internal to
whichever namespace is longer, i.e. the smaller code module.

Issue reported at https://github.com/vimeo/psalm/issues/3457
2020-06-28 13:15:54 -04:00
Simon Podlipsky
0f727e7607
Add RdKafka\ProducerTopic::producev() to CallMap (#3700) 2020-06-28 13:15:11 -04:00
Brown
c95ebfeb21 Fix #3694 - allow two args for PDO::query 2020-06-26 18:26:06 -04:00
Fabien Villepinte
c42dadaf0d
Redis::getDbNum|getHost can return false (#3673) (#3693) 2020-06-26 18:14:10 -04:00
Tyson Andre
3a9c7432e1
Add psalm-taint-specialize for preg_replace_callback (#3683)
Fixes https://psalm.dev/r/517c4a169e
2020-06-26 08:58:57 -04:00
Brown
bcd7478352 Reduce memory footprint a little 2020-06-25 19:12:30 -04:00
Brown
559b3d3471 Fix #3681 - taint exit like echo 2020-06-25 17:17:08 -04:00
Brown
07f7e5ccaf Reconciling should preserve taints
Fixes #3680
2020-06-25 17:04:18 -04:00
Brown
9837a60853 Fix #3675 - add taints to filter_var return
Doesn’t yet take callback into account
2020-06-25 13:24:26 -04:00
Brown
9e7650586b Fix bugs 2020-06-25 13:21:11 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
f458959af5 Add param type 2020-06-25 01:40:19 -04:00
Brown
d7f1bde6da Refactor taint acccess checks 2020-06-25 01:32:57 -04:00
Brown
b8ebed0b85 Add a bit more accuracy 2020-06-25 01:00:11 -04:00