danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2025-01-05 20:48:45 +01:00
Code Issues Projects Releases Wiki Activity
7,809 Commits 43 Branches 314 Tags 108 MiB
14616b707a
Commit Graph

6414 Commits

Author SHA1 Message Date
Matt Brown
be275ae972 Fix #4605 - taint parent-declared property 2020-11-18 13:34:47 -05:00
Matt Brown
39c508f9d1 Fix #4603 - fix arithmetic to prevent end column 0 2020-11-18 13:19:54 -05:00
Matt Brown
236292ff05 Fix #4600 - set attributes in a bunch of places 2020-11-18 12:44:59 -05:00
Lukas Reschke
ddbfbb28e6
Split LDAP into custom category (#4604) 
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
 2020-11-18 11:39:36 -05:00
Matt Brown
4bb84f7f0a Add more attributes to fake PhpParser generated expressions 
Ref #4600
 2020-11-18 10:16:41 -05:00
Matt Brown
3f7f959726 Fix #4599 - propagate taints to parent callers where necessary 2020-11-18 09:59:54 -05:00
Lukas Reschke
5ba4681c17
Add SSRF sinks (#4592) 2020-11-18 00:52:48 -05:00
Matt Brown
f3cde30b77 Only create vendor dir in config if it exists 2020-11-18 00:06:58 -05:00
Matt Brown
6e39c24a17 Don’t exit with 1 when running security analysis in GitHub Actions and generating a file 2020-11-17 22:49:25 -05:00
Matt Brown
1708bae984 Taint analysis should always run fully 2020-11-17 17:59:05 -05:00
Matt Brown
28dee4146a Fix tests 2020-11-17 17:53:46 -05:00
Matt Brown
f6591e6d0f Use resolution that works in multithreaded mode 2020-11-17 17:24:46 -05:00
Matt Brown
2aa98bc5d0 Simplify tainted output a bit, removing duplicate paths 2020-11-17 17:17:18 -05:00
Matt Brown
adeaa33a64 Don’t propagate taints to child constructor args 2020-11-17 16:49:29 -05:00
Matt Brown
854a5b2ec5 Allow TaintedInput to suppress all emitted issues 2020-11-17 16:08:05 -05:00
Matt Brown
4e5111f1a8 Fix #4472 - if something flows into a byref var it’s used 2020-11-17 15:30:53 -05:00
Lukas Reschke
494ec40777
Add SARIF as report output (#4582) 
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
 2020-11-17 13:23:20 -05:00
Matt Brown
43af3b1a57 Break out TaintedInput issues into a lot of separate ones 2020-11-17 12:44:31 -05:00
Matt Brown
42802e11d1 Allow PHP major version to determine substr return type 2020-11-16 16:31:33 -05:00
Dusk
0fe3e1f83b
Allow named arguments to variadic functions (#4575) 
Closes #4563
 2020-11-16 15:49:27 -05:00
Thomas Mauro Vargiu
4e8fb9c37f
Fix #4549 Better intersection between parent types (#4560) 2020-11-15 20:29:49 -05:00
orklah
6f8b463860
Detect trying to access to a list with a negative offset (#4552) 2020-11-15 20:26:50 -05:00
Matt Brown
5b004a1d11 Fix #4558 - Don’t convert value-of to key-of template 2020-11-15 18:33:07 -05:00
Matt Brown
26b4cd1fb9 Fix #4529 - allow unsetting with complex array key 2020-11-14 08:57:25 -05:00
Matt Brown
f65868c023 Fix style 2020-11-13 16:43:36 -05:00
Matt Brown
d97c8b750a Add closure-use termination for byref flows 2020-11-13 13:37:27 -05:00
Matt Brown
e7e5904d2d Remove unused uses in Psalm’s codebase 2020-11-13 13:16:39 -05:00
Matt Brown
2e47ca51d5 Fix #4547 - mark unused uses 2020-11-13 13:13:29 -05:00
Matt Brown
57125c7106 Uses by ref should be assigned that way 2020-11-13 12:50:01 -05:00
Matt Brown
4c1cf37d52 Improve error message for UnusedVariable 2020-11-13 12:36:17 -05:00
Matt Brown
086237aab7 Fix #4544 - improve handling of get_class in match 2020-11-13 11:55:42 -05:00
Matt Brown
13b83e6132 Fix #4545 - allow intersections in more places 2020-11-13 09:43:30 -05:00
Matt Brown
5a62dc5c40 Fix #4540 - use correct method when simulating property setting 2020-11-12 23:56:29 -05:00
Matt Brown
556fb12966 Move mutation checks to more appropriate place 2020-11-12 23:54:50 -05:00
Matt Brown
ec9762ce61 Prevent the same interface, repopulated, from confusing matters 2020-11-12 15:52:13 -05:00
Matt Brown
58c47ab32c Fix build 2020-11-12 14:22:54 -05:00
Matt Brown
3dd185e395 Fix #4537 - use more rigorous inerhitance for return and param types 2020-11-12 13:54:27 -05:00
Matt Brown
929efcc1ac Use the same docblock as the source params, if possible 2020-11-12 09:14:40 -05:00
Matt Brown
b7551e712a Use better way to determine which signture to use 
Fixes #4524
 2020-11-11 19:22:23 -05:00
Matt Brown
2f7bf2a144 Bind lower bounds to upper bounds as well when no upper bound can be inferred 
Ref #4485
 2020-11-11 17:46:09 -05:00
Matt Brown
a8d7248c31 Fix #4524 - do better template param inheritance 2020-11-11 13:25:17 -05:00
Matt Brown
5ad1e80e99 Fix #4527 - improve interpolated string types 2020-11-11 00:38:26 -05:00
Matt Brown
5a5cbb2892 Increase nesting 2020-11-10 18:27:28 -05:00
Matt Brown
165e0db157 Fix style 2020-11-10 16:19:24 -05:00
Matt Brown
46ebca4497 Fix coalesce operation tainting 2020-11-10 14:36:36 -05:00
Matt Brown
a82a9558d2 Experiment with refactor 2020-11-10 12:50:17 -05:00
Matt Brown
b731b53d5e Add debug stuff for code complexity 2020-11-10 12:49:42 -05:00
Matt Brown
81babf2430 Clone to prevent incorrect references 2020-11-10 09:01:46 -05:00
Matt Brown
e27cbfba57 Reduce size of data flow graph when analysing array assignments 2020-11-09 22:44:36 -05:00
Adrien LUCAS
4cb8e86737
Add a proxy capability to the flow annotation (#4495) 
* Add a `passthru` capability to the flow annotation

* Fix passthru-calls type

* Fix types and rename to proxy

* Allow to proxy a method

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-09 15:22:35 -05:00
Matt Brown
32d526bde9 Add descendant variables for closure uses 
Fixes #4522
 2020-11-09 15:20:28 -05:00
Matt Brown
e97a9c86eb Fix #4517 - track type contradiction issues in match expressions 2020-11-09 10:00:53 -05:00
Matt Brown
3aaa1d8447 Fix #4516 - treat exit() as the empty type 2020-11-09 08:44:03 -05:00
Matt Brown
683546e024 Fix #4519 - prevent crash with empty match 2020-11-09 08:36:59 -05:00
Matt Brown
8799e1a337 Break apart complex method 2020-11-09 00:58:45 -05:00
Matt Brown
6acd667e55 Fix #4509 - treat expression-derived constants as mixed 2020-11-08 15:36:38 -05:00
Matt Brown
ab2ab826d2 Add slashes 2020-11-08 14:34:09 -05:00
Matt Brown
0be4f2fedf Fix/ignore reflection bugs 2020-11-08 14:27:37 -05:00
Wouter J
58318282c5
Add support for PHP 8 union types (#4505) 2020-11-08 14:23:03 -05:00
Matt Brown
20e37d8cb6 Add a comment to show workings 2020-11-08 13:08:45 -05:00
Matt Brown
24c9702aa5 Remove unused imports 2020-11-08 12:31:21 -05:00
Matt Brown
6da0905478 Separate out good from the bad 2020-11-08 12:29:23 -05:00
Matt Brown
67f9853756 Preserve reconciled taints for all but non-string scalar types 2020-11-08 10:27:58 -05:00
Matt Brown
b635353cf4 Fix redundant thing 2020-11-08 10:18:32 -05:00
Matt Brown
dccf236d16 Fix #4503 - don’t ignore assertions on possibly-null mixed 2020-11-08 10:06:39 -05:00
Matt Brown
b8f5d16e9f Consolidate similar functionality 2020-11-07 00:58:20 -05:00
Matt Brown
bb5b5142d6 Add more info to mic drop code 2020-11-06 21:36:38 -05:00
Matt Brown
45b3dce631 Break apart IfElseAnalyzer 2020-11-06 21:01:17 -05:00
Matt Brown
3359e7699a Rename IfAnalyzer 2020-11-06 20:51:14 -05:00
Axel H
271e0d86be
Fix type inference when unpacking typed iterables (#4487) 
* Add test for unpacking typed iterables

* Fix type inference when unpacking typed iterables into arrays

* Fix possibly undefined array offset
 2020-11-06 17:24:01 -05:00
Matt Brown
9daa534656 Ensure we flush out re-assigned vars also referenced 
Fixes #4488
 2020-11-06 12:51:41 -05:00
Matt Brown
6b06ecec39 Fix #4491 - support assertions in new calls 2020-11-06 11:55:19 -05:00
Matt Brown
debedf2c96 Support pure-Closure annotation 2020-11-06 00:38:57 -05:00
Matthew Brown
1c66646e72
Fix formatting 2020-11-05 19:23:54 -05:00
Matt Brown
388e804ed8 Allow opt-in to strict return type checking 2020-11-05 18:20:04 -05:00
Matt Brown
d47d817843 Fix #4479 - use correct keys in message 2020-11-05 10:13:08 -05:00
Matt Brown
e9dd16f336 Fix #4481 - ReflectionProperty implements Reflector 2020-11-05 09:29:20 -05:00
Matt Brown
b3ff107c20 Add functions 2020-11-04 23:34:38 -05:00
Matt Brown
3bde327f1b Break up CommentAnalyzer 2020-11-04 23:25:08 -05:00
Matt Brown
f3c6d70a9b Use more accurate type for div of ints 2020-11-04 22:39:27 -05:00
Matt Brown
eacc05e73f Fix #2132 - get value of literal int division 2020-11-04 22:32:33 -05:00
Matt Brown
3e9c5d3600 Add support for @return never 2020-11-04 12:30:02 -05:00
Matt Brown
b5a3f45d52 Remove use of PHP 7.2 function 2020-11-04 11:02:34 -05:00
Matt Brown
590af31449 Improve output of Clause::__toString 2020-11-03 17:02:37 -05:00
Matt Brown
91d9dc3759 Fix overeager inference 2020-11-03 16:44:24 -05:00
Matt Brown
b35db3e523 Reorganise things a little 2020-11-03 16:15:54 -05:00
Matt Brown
16bfbd9224 Fix function 2020-11-02 00:54:12 -05:00
Matt Brown
3d4e77beb6 Fix int-mask-of expansion 2020-11-02 00:40:36 -05:00
Matt Brown
09228131d8 Use falsy value 2020-11-01 22:57:30 -05:00
Matt Brown
6922caf9f6 Fix #4466 use better differentiation for class_exists second param 2020-11-01 13:14:17 -05:00
Matt Brown
966b139504 Fix dupe semicolons 2020-11-01 11:42:09 -05:00
Matt Brown
024d93b7fd Fix #4467 - variables are only the same if they were set in the same location 2020-11-01 11:26:42 -05:00
Matt Brown
f0a30b9fd0 Invalidate child methods when signature changes 2020-11-01 09:46:21 -05:00
Matt Brown
667220408c Fix #4464 - bust cache when Psalm’s version changes, not just composer’s 2020-11-01 09:01:53 -05:00
Matt Brown
957a554c4b Support a bunch of attributes 2020-10-30 21:38:27 -04:00
Matt Brown
938cebc9f8 Use better inference for getAttributes return type 
Fixes #4367
 2020-10-30 17:37:16 -04:00
Matt Brown
cbd09adb2a Only load xdebug stub afterwards 
Ref #4459
 2020-10-30 15:11:40 -04:00
Matt Brown
67554dd017 Fix #4453 - sanitise @extends types before attempting to parse 2020-10-30 15:08:23 -04:00
Matt Brown
579327a470 Detect when targets are incorrectly targeted 2020-10-30 13:28:45 -04:00
Matt Brown
4ea87b9054 Add support for int-mask<...> and int-mask-of<...> 2020-10-30 13:28:45 -04:00
Joe Hoyle
4bb675ea72
Pass CodeLocation to FunctionParamsProviderInterface interface (#4444) 
Currently the `getFunctionParams()` method of the `FunctionParamsProviderInterface` is never passed the CodeLocation of the analyzed function call. As this is in-scope in the only call site, we can pass the CodeLocation. This means the `getFunctionParams()` is able to issue it's own Issues (which required the code location to attached the Issue to)
 2020-10-29 19:53:21 -04:00
Matt Brown
82f35c1454 Ensure Stringable is always available to tests that need it 2020-10-29 19:41:10 -04:00
Matt Brown
2e95d1fb98 Use more robust check for Stringable stub 2020-10-29 14:15:35 -04:00
Matt Brown
5c784dc7cb Fix #4435 - ensure casts are always flow-sensitive 2020-10-28 14:06:05 -04:00
Matt Brown
dab1aac9d4 Protect more calls 2020-10-28 13:48:13 -04:00
Matt Brown
f43dba8c4c Use more accurate comparison for non-empty-lists 2020-10-28 13:32:55 -04:00
Matt Brown
083102a862 Fix count call 2020-10-28 13:10:30 -04:00
Matt Brown
4aef96bbac Use lists everywhere for args 2020-10-28 12:45:26 -04:00
Matt Brown
fee5eab671 If interface implements __toString it’s also Stringable 2020-10-28 09:06:52 -04:00
Matt Brown
0344ff6858 Add polyfill for Stringable interface 2020-10-28 00:55:53 -04:00
Matt Brown
d00a02a06b Fix #4429 - any class with a __toString method in PHP8 assumed to implement Stringable 2020-10-27 15:41:04 -04:00
Matt Brown
d27d86a84c Fix #4422 - be aware of nested template params 2020-10-27 10:01:17 -04:00
Matt Brown
1da6615ac2 Fix comma 2020-10-27 09:13:57 -04:00
Matt Brown
8dd5dc5b72 Improve algebra handling a little better 2020-10-26 16:34:56 -04:00
Matt Brown
b91370e4ae Fix #4407 - always scan types in @var docblocks regardless of next element 2020-10-26 12:35:29 -04:00
Matt Brown
d3464cb22a Fix #4418 - improve try analysis for mixed, too 2020-10-26 09:05:48 -04:00
Matt Brown
462f8ba32b Fix #4397 - allow offsetGet on inside isset 2020-10-25 22:16:43 -04:00
Matt Brown
d58642a982 Maintain old behaviour when file does not exist 2020-10-25 16:38:58 -04:00
Matt Brown
2ea41b245c Fix output in tests (for non-existent files) 2020-10-25 16:31:42 -04:00
Matt Brown
b26983cc34 Fix #4410 - use better path normalisation 2020-10-25 16:18:05 -04:00
Matt Brown
b6dbc34523 Track final-ness of class when evaluating trait returns 2020-10-25 12:20:18 -04:00
Matt Brown
18f3a3721f Fix #4414 - allow multiple @psalm-assert-if-true on same var 2020-10-25 10:49:39 -04:00
Matt Brown
a3856c3734 Change working dir after getting paths 2020-10-25 09:46:49 -04:00
Matt Brown
94e26b2257 Empty checks variables are really falsy checks 2020-10-24 12:46:27 -04:00
Matt Brown
5ff3f1377d Fix a few bugs 2020-10-24 12:23:59 -04:00
Matt Brown
add3feeaf8 Add null check 2020-10-24 11:37:08 -04:00
Matt Brown
a832d77d73 Add logic to weed out unnecessary clauses 2020-10-24 11:31:36 -04:00
Matt Brown
f8eee22f77 Add basic support for PHP attributes 
Ref #4367 - supports creation and argument checks
 2020-10-24 00:10:22 -04:00
Matt Brown
f3cc7a7f2f Break apart ReflectorVisitor 2020-10-23 19:53:04 -04:00
Matt Brown
6e262ca753 Add slash 2020-10-22 18:30:36 -04:00
Matt Brown
1c836ad2fb Invalidate signature types when use changes 2020-10-22 18:07:27 -04:00
Matthew Brown
0f9b4003f8
arraylike-object should include countable 
Fixes #4398
 2020-10-22 11:48:24 -04:00
Matt Brown
ad5a8c247b Fix #4386 - fix issues with property promotion 2020-10-21 14:41:15 -04:00
Matt Brown
fd43ba7a35 Remove --diff-methods from --help 
Fixes #4384
 2020-10-21 09:12:41 -04:00
feek
cc684eeccd
feature: ensure universal object crate class exists (#4375) 2020-10-20 17:17:49 -04:00
Matt Brown
f72e2d7de5 Fix #4374 - prevent paradox and allow Psalm to understand more assignments in conditionals 2020-10-20 14:43:05 -04:00
Matt Brown
66780716aa Fix #3625 - getIterator call is used inside loop 2020-10-20 10:59:09 -04:00
Matt Brown
b1e2e30026 Only show interesting array intersections 2020-10-20 09:40:17 -04:00
Matt Brown
27fcf6e163 Revert change to array shape display 2020-10-20 09:36:38 -04:00
Matt Brown
e7d1fa6798 Fix #4372 - count implicitly-used short-closure vars as used 2020-10-20 09:32:08 -04:00
Matt Brown
234896c73a Fix #4371 - improve display of intersection arrays 2020-10-20 09:10:41 -04:00
Matt Brown
3803bbfce0 Fix #4368 - improve handling of try with finally 2020-10-20 09:07:10 -04:00
Matt Brown
7afd817a3b Add back use 2020-10-19 15:10:35 -04:00
Niclas van Eyk
0261024aa6
Initial proposal for psalm-require-{extends, implements} (#4361) 
* initial implementation of psalm-require-extends

* Added @psalm-require-implements

* Added shortcode for ExtensionRequirementViolation

* Docs & cofig entries for @pasalm-require-{implements,extends}

* Added requirement violations to issues.md
 2020-10-19 15:08:18 -04:00
Matt Brown
32787169d7 Fix language server 2020-10-19 13:13:50 -04:00
Matt Brown
1a6b684993 Fix #4366 - possibly-undefined vars in finally block should not error 2020-10-19 09:56:38 -04:00
Matthew Brown
9135f8e865
4.x (#4363) 
* Enable --diff mode by default

* Bump required version
 2020-10-18 23:28:05 -04:00
Matt Brown
fe294a4dc0 Don’t overwrite true flag 2020-10-18 01:24:36 -04:00
Matt Brown
d462a94661 Prevent dupe records 2020-10-18 01:01:57 -04:00
Matt Brown
a6c7336c69 Fix bad replacement 2020-10-18 00:54:07 -04:00