danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-14 02:07:37 +01:00
Code Issues Projects Releases Wiki Activity
7,672 Commits 43 Branches 314 Tags 108 MiB
1708bae984
Commit Graph

3661 Commits

Author SHA1 Message Date
Bruce Weirdan
1cf5153700
Test parallelization (#4045) 
* Run tests in random order

Being able to run tests in any order is a pre-requisite for being able
to run them in parallel.

* Reset type coverage between tests, fix affected tests

* Reset parser and lexer between test runs and on php version change

Previously lexer was reset, but parser kept the reference to the old
one, and reference to the parser was kept by StatementsProvider. This
resulted in order-dependent tests - if the parser was first initialized
with phpVersion set to 7.4 then arrow functions worked fine, but were
failing when the parser was initially constructed with settings for 7.3

This can be demonstrated on current master by upgrading to
nikic/php-parser:4.9 and running:

```
vendor/bin/phpunit --no-coverage --filter="inferredArgArrowFunction" tests/ClosureTest.php
```

Now all tests using PHP 7.4 features must set the PHP version
accordingly.

* Marked more tests using 7.4 syntax

* Reset newline-between-annotation flag between tests

* Resolve real paths before passing them to checkPaths

When checkPaths is called from psalm.php the paths are resolved, so we
just mimicking SUT behaviour here.

* Restore newline-between-annotations in DocCommentTest

* Tweak Appveyor caches

* Tweak TravisCI caches

* Tweak CircleCI caches

* Run tests in parallel

Use `vendor/bin/paratest` instead of `vendor/bin/phpunit`

* Use default paratest runner on Windows

WrapperRunner is not supported on Windows.

* TRAVIS_TAG could be empty

* Restore appveyor conditional caching
 2020-08-23 10:32:07 -04:00
Brown
67f9adb33c Allow adding pure annotations to functions 
Ref #4036
 2020-08-23 10:28:26 -04:00
Bruce Weirdan
4dcb7183f5
Fix windows tests (#4040) 
* Fix windows tests by not mangling the expectations

* Use platform-dependent directory separator in expected messages

* fix CS
 2020-08-22 10:00:36 -04:00
Bruce Weirdan
5bf7cc6434
Resolve typedefs that are used in var docblocks of foreach (#4037) 
Fixes vimeo/psalm#4029
 2020-08-22 08:20:05 -04:00
Brown
45d9ab12e1 Fix #4017 - allow float defaults in namespaced classes 2020-08-18 12:13:27 -04:00
Bauke van der Woude
7ac6d2e5a4
Fix hash_*() signatures (#4014) 
Functions can return false when an invalid algorithm is supplied
 2020-08-18 09:35:31 -04:00
Brown
1468a28273 Fix #3999 - allow @psalm-type to reference imported type right above 2020-08-18 09:34:07 -04:00
Brown
134955a5f4 Fix #4011 - prevent mixed assignment in loop 2020-08-18 08:51:09 -04:00
Daniel Melchior
17ed440f2e
fix #4013: prevent exception when two mixins declare methods with same name (#4018) 
fixes #4013
 2020-08-18 08:38:30 -04:00
Brown
de6b354fa0 Fix #4005 - prevent crash when assignment var assertion no longer valid 2020-08-17 15:47:39 -04:00
Brown
11f170acb4 Don’t modify object after unnecessary assertion 2020-08-16 23:38:59 -04:00
Bruce Weirdan
7adc25c421
Improve import errors (#3997) 
* Better errors for invalid type imports

Fixes vimeo/psalm#3885

* Finishing touches

Docs, schema, CS

* Drop unused import

* Drop more unused imports
 2020-08-16 22:53:53 -04:00
Bruce Weirdan
22d8f5a0bc
Fixed duplicate shortcodes (#3996) 
Also added an utility to help assign new shortcodes and a test to
prevent duplicate shortcodes.
 2020-08-16 16:26:54 -04:00
Matthew Brown
cb243778d2 Fix #3917 - allow comparisons between classes and interfaces 2020-08-16 16:25:59 -04:00
Matthew Brown
38af5db8f0 Fix #3929 - merge expanded types where necessary 2020-08-16 16:12:29 -04:00
Matthew Brown
5c20a5295e Improve solution to #3964 2020-08-16 13:03:30 -04:00
Matthew Brown
ec2178d14a Fix #3927 - prevent crash with bad type ref 2020-08-16 12:43:46 -04:00
Matthew Brown
a356a43a51 Fix #3964 - prevent incorrect intersection of unions 2020-08-16 12:26:07 -04:00
Matthew Brown
a0bb5ed37d Fix #3991 - fix test 2020-08-15 14:21:24 -04:00
Brown
cdef4ec351 Alter docblock params too 2020-08-14 16:26:55 -04:00
Brown
dbcf154036 Add fixer for mismatching param names 2020-08-14 15:25:21 -04:00
Brown
209d17c868 Fix #2891 - treat autoloaded constants better 2020-08-13 09:14:27 -04:00
Brown
42c3a703b5 Fix #3741 - detect scalar class constants in if-true assertions 2020-08-12 17:03:41 -04:00
Toshiyuki Goto
e0d1655582
Add an unqualified classes in PHPUnit/Framework/Assert/Functions.php to $knownBadClasses (#3985) 2020-08-11 07:33:11 -04:00
m0003r
e81593f359
Localize types on magic properties (#3971) 
* Fix #3949 - localize types on magic properties

* fix failing tests

* fix code style

Co-authored-by: m03r <m03r@m03r.net>
 2020-08-10 12:45:21 -04:00
Brown
6def99d653 Add ConstructorSignatureMismatch issue distinct from MethodSignatureMismatch 2020-08-10 12:26:25 -04:00
the-toster
5bdc9723ff
fix for DeprecatedClass suppress on property (#3962) 
* add test case for DeprecatedClass suppress on property

* fix test case for DeprecatedClass suppress on property - suppress MissingConstructor also

* ugly way to fix - double analyze propery statement to get dockblock + fix in TypeChecker - respect given suppressed_issues in checkNamedObject

* replace double analyze propery with direct DocBlock manipulation

* replace double analyze propery with direct DocBlock manipulation

* add exception handler to keep original addContextProperties behavior

* correct way to unwrap value from array
 2020-08-10 10:50:37 -04:00
lhchavez
ab3016af6e
Fix File-related analysis plugin hooks (#3970) 
This change does a few things:

* Renames `BeforeAnalyzeFileInterface` to `BeforeFileAnalysisInterface`.
* Adds a few more parameters to `BeforeFileAnalysisInterface`.
* Since the analysis was never called due to a bug, the above two
  changes are safe to do.
* Fix the above-mentioned bug, and now adds the hooks to the config.
* Update the documentation about the File-related analysis plugin hooks.
* Add a test to ensure that this does not break again in the future.

Fixes: #3969
 2020-08-10 10:49:53 -04:00
Matthew Brown
6085e42fc1 Detect mismatching param names effectively 2020-08-10 09:58:43 -04:00
Matthew Brown
50cc3a8afa Align paramter names 2020-08-09 23:19:59 -04:00
Matthew Brown
73321339a3 Bump nikic/php-parser 2020-08-09 16:23:43 -04:00
kazusuke sasezaki
90a50be9f0
quit using combineUnionTypes, when specific TSend provided. (#3966) 2020-08-09 08:26:10 -04:00
Tom Klingenberg
9e38933d30
Resolve require_once command_functions.php (#3961) 
Considering the test-suite tests the code from src paired with tests,
not the working directory (or even worse the overall include_path runtime
setting) should lead to relative path resolution, but just the relative
location to the path of the test itself.

Fix by making use of the __DIR__ constant to anchor the relative location
turning it into an absolute path.
 2020-08-08 17:38:38 -04:00
Tom Klingenberg
04b6dfdc5b
Fix PSR-4 deprecation notices on composer install (#3959) 
Previously when checking out the repository and installing the source
package via `$ composer install` composer did spill deprecation notices for
four files not complying with the PSR-4 auto-loading standard.

This is a minor issue, composer install works and can be addressed by
fixing name-spaces (all of those three are in tests).

For the one function test, fixing the directory structure / dirname of the
(single) affected function test (fourth file).
 2020-08-07 23:22:30 -04:00
ygottschalk
f831ebdbcf
narrowed reset and end return type (#3950) 
* narrowed `reset` return type
BUT psalm seems to ignore the stub

* narrowed `reset` and `end` return type, this time for real

* fixed UnusedVariable Issue

* fixed RedundantCondition Issue
caused by `end`s return type being more precise

* Improve solution slightly

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-08-07 12:23:20 -04:00
Brown
e61765ff9b Fix #3954 - catch ComplicatedExpressionException with added workaround 2020-08-07 08:20:35 -04:00
Brown
afce2dc66f Tighten up rules around instantiation a bit more 2020-08-06 10:18:55 -04:00
Brown
bcf0df4170 Fix a bug with lowercase-string unions 2020-08-05 20:05:57 -04:00
Brown
c0b0036109 Fix #3934 - prevent unsafe use of new static 2020-08-05 19:39:27 -04:00
Brown
e0f5595307 Fix #3932 - try to get assertions of negated expression if instant negation fails 2020-08-05 16:53:30 -04:00
Brown
e808391f56 Fix #3943 - understand trait return types a bit better 2020-08-05 15:58:26 -04:00
Daniel Melchior
fa73c7c9d9
Fix #3757 - allow multiple mixins (#3772) 2020-08-05 15:49:19 -04:00
Brown
38bfc12b98 Fix array_shift behaviour to be more accurate with lists 
Fixes #3941
 2020-08-05 12:43:37 -04:00
Matthew Brown
9dfdcbef31 Fix #3928 - preserve list-ness when assigning with no offset 2020-08-03 12:30:58 -04:00
Brown
7fc4a85534 Fix CI 2020-08-03 02:45:55 -04:00
Brown
b168777236 Fix #3924 - remove descendants after reconciled change 2020-08-03 02:06:42 -04:00
Brown
bc053e5ee8 Fix #3923 - remember class name when appending array with key 2020-08-03 01:34:46 -04:00
Matthew Brown
ab64ccab88 Fix #3913 properly 2020-07-31 14:56:29 -04:00
Brown
fd4ced42a7 Don’t register new assignment inside isset expr 2020-07-31 12:44:01 -04:00
Brown
57cd21346c Fix #3914 - treat $i++ like $i = $i + 1 2020-07-31 11:26:54 -04:00
Brown
ad1920c3a2 Fix #3910 - improve handling of fgetcsv 2020-07-30 14:21:55 -04:00
Brown
a8c0d81dc1 Prevent bool > 1 in strict mode 2020-07-30 11:25:47 -04:00
Brown
6949a34ded Put RedundantIdentityWithTrue behind a flag cc @greg0ire 2020-07-30 10:25:59 -04:00
Brown
7367e8e6c2 Allow assertions of non-empty lists on typed lists 
Fixes #3906
 2020-07-29 18:10:43 -04:00
Brown
1c8f9e94b1 Fix #3907 - allow template as types to be refined via instanceof 2020-07-29 17:46:45 -04:00
Brown
74eea18563 Add better checks 2020-07-26 19:09:26 -04:00
Brown
d9d5fdd6c9 Add more rules around positive ints 2020-07-26 18:29:17 -04:00
Brown
23f5d66516 Fix #3897 - support aliasing final methods 2020-07-26 14:46:52 -04:00
Brown
eddd7b8c11 Fix #1916 - support @var docblock annotations in more places 2020-07-26 13:23:21 -04:00
Brown
42ad366dc8 psalm-internal no longer requires internal annotation 
cc @bdsl
 2020-07-26 10:47:48 -04:00
Brown
7f6b8e0172 Consolidate internal annotation tests 2020-07-26 10:12:53 -04:00
Matthew Brown
1d077cc48e Fix #3894 - don’t alter class-string during erroneous emptiness check 2020-07-25 22:49:19 -04:00
Grégoire Paris
2f673fbbd7
Detect redundant identity with true (#3893) 
Using === true on a known boolean results in the same boolean.
 2020-07-25 17:27:45 -04:00
Matthew Brown
ab714a40c4 Allow binding of static to current final class 
Ref #3892
 2020-07-25 17:26:07 -04:00
Brown
309c39bc59 Remove instanceof test 2020-07-24 16:09:32 -04:00
Brown
b1e583ebed Detect concat operation on property 
Ref #3870
 2020-07-24 16:01:45 -04:00
Brown
3687d34a5a Detect bad class constants more explicitly 2020-07-24 15:38:56 -04:00
Brown
873970a4d1 Recursively transform template types before comparison 
Fixes #3887
 2020-07-24 14:47:24 -04:00
Brown
92fe9898a1 Fix #3879 - ensure interface templates are extended where nececssary 2020-07-24 11:29:36 -04:00
Matthew Brown
84945a7d1b Fix #3877 - prevent impossible subtr comparisons 2020-07-24 10:08:57 -04:00
Matthew Brown
b88b169464 Fix #3882 - prevent crash when comparing object{...} to missing class 2020-07-24 09:38:51 -04:00
Barney Laurance
ff432ff73d
Simplify error messages and implementation for internal errors (#3881) 
* Use more consistent language for Internal errors

There's no meaningful distinction between something being internal and
being 'marked as internal'.

* Rename property psalm_internal to internal in all storage classes

This property holds metadata that can be set using either @internal
or @psalm-internal in docblocks

* Change types of internal properties in storage from ?string to string

Simpler type is easier to handle. Non-internal methods can be considered
to be internal to the entire universe of PHP code, i.e. that code whose
namespace starts with the empty string. It's not a special case.
 2020-07-24 09:32:54 -04:00
Brown
344a732829 Warn about simple assignments 2020-07-23 02:40:35 -04:00
Brown
3848fa6872 Fix #3870 - mark properties as reference-free only for externally-immutable classes 2020-07-23 01:48:06 -04:00
Barney Laurance
3bc91b9944
Fix multiple issues with @internal and @psalm-internal (#3841) 
* Add passing tests for property fetch on an @internal class

I'm trying to work out why the equivilent InvalidCodeParse test is
failing for PsalmInternal

* Treat all properties of a psalm-internal class as psalm-internal

* Remove all $internal properties from storage - use psalm_internal instead

@internal can be represented as internal to the namespace root, avoiding
the need to check for both properties in storage later.

* Raise InternalClass issue when an internal class is used with e.g. instanceOf

* fix docs and tests

* Add return type declartion to code example in doc

* Don't allow class psalm-internal to overide a tighter method psalm-internal

* Break up long line

* Code style - move && from EOL to SOL

* Restore misplaced &&

* Fix code style

* Fix namespace fetching so it works

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-07-22 19:27:35 -04:00
Brown
1e01e90fba Namespace base files 2020-07-22 15:57:24 -04:00
Brown
eaae243905 Fix #3857 - allow reconciliation on magic properties 2020-07-22 09:55:22 -04:00
Brown
983f233026 Improve unpacking 2020-07-22 00:35:18 -04:00
Brown
962265e98e Hopefully final fixes 2020-07-21 23:59:11 -04:00
Brown
7ef3d4711f Fix some more tests 2020-07-21 23:16:56 -04:00
Brown
fc8c899b3a Fix test 2020-07-21 20:51:37 -04:00
Brown
76bd5b6278 Refactor type comparison 2020-07-21 19:40:35 -04:00
Brown
295adb5763 Fix #3860 - use correct trait element positions for nested error 2020-07-21 14:17:07 -04:00
Brown
ae89a71c84 Prevent false-positive comparing template to true 2020-07-21 12:59:50 -04:00
Brown
223b0619c5 Fix #3858 - support @psalm-assert falsy for abort_if expressions 2020-07-21 12:55:11 -04:00
Bruce Weirdan
56047dd094
Use composer/package-versions-deprecated instead of ocramius/package-versions (#3846) 
It allows wider range of PHP versions in addition to supporting both
Composer v1 and v2

Fixes vimeo/psalm#3844
 2020-07-20 04:53:16 -04:00
Bruce Weirdan
b23deaad01
Prevent tests from producing output (#3847) 
* Prevent tests from producing output

- These are considered risky by PHPUnit
- And they mess up PHPUnit output

* Import used functions
 2020-07-20 04:52:01 -04:00
Gregor Harlan
5212bd1f9c
Readonly: allow assignments in __unserialize (#3845) 2020-07-20 04:50:50 -04:00
Evgeniy
2c51f47ff6
Fix invalid UndefinedClass using array|callable (#3842) 
* Do not treat string array argument as callable if it can be traeted just as string array.

* cs
 2020-07-20 04:50:07 -04:00
ygottschalk
de2109234d
fixes wrong return type of key() #3838 (#3839) 
* fixes wrong return type of key() #3838
fixed/added tests for key

* fixed test again
 2020-07-20 04:49:36 -04:00
Adrien LUCAS
d44130191b
Allow taint through strval sprintf (#3836) 
* Add psalm-flow to strval

* Unexpected behavior with implode
 2020-07-17 10:12:04 -04:00
Nat Zimmermann
a1a403e046
make meta path optional (#3833) 2020-07-17 10:09:42 -04:00
Brown
5392ae0b39 Fix UnusedMethodCall examples 2020-07-16 18:14:15 -04:00
Brown
c56e29b114 Fix example 2020-07-16 16:19:29 -04:00
Brown
26a61c47c0 Prevent mixed erasure in get_class call 2020-07-16 13:56:42 -04:00
Brown
a2dbd31371 Fix usage of array_push results 2020-07-16 13:44:51 -04:00
Brown
262bb9fd89 Invalidate memoized getter method results after property assignment 2020-07-16 12:59:49 -04:00
Brown
b361b44889 Rip out plain getter property logic cc @m0003r 
It gets in the way of the other IMO more useful memoisation logic (e.g. when a getter is declared final)
 2020-07-16 12:42:59 -04:00
Brown
96bfd144df Fix #3825 - ensure final getters are treated as mutation free 2020-07-16 11:58:27 -04:00
kesselb
aaba3a08ec
Add option to supress a referenced but undefined global variable. (#3827) 2020-07-16 09:49:59 -04:00
Brown
8fbc8de98a Fix #3820 - don’t treat a method call as memoisable if it has assertions 2020-07-15 15:09:19 -04:00
Brown
06ee1b71c7 Improve check for empty array 2020-07-15 09:49:30 -04:00
Brown
0ab163fd78 Skip dodgy tests 2020-07-15 01:53:31 -04:00
ygottschalk
94e2552d1c
Fix #3810 removing ignore-nullable-return (#3817) 
* Fix #3810 removing ignore-nullable-return form stubs of key, array_key_first, array_key_last

* fixed test failing due to changes to key()

* Improve key return type

* Remove unnecessary check

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-07-14 17:43:26 -04:00
Evgeniy
fcd2ac3078
array_column check result non-emptyness (#3813) 
* Update

* Update test

* Fix test

* Fix test

* inline function res in test

* cs
 2020-07-14 17:13:45 -04:00
Brown
3c9028c182 Fix #3808 - allow detection of paradoxes in switch condition function calls 2020-07-14 10:51:12 -04:00
Brown
f0a5463834 Catch string subtypes that cannot be identical 2020-07-14 10:08:31 -04:00
Brown
2399643472 Fix #3811 - allow more complex negations inside boolean expressions 2020-07-13 21:31:58 -04:00
Bruce Weirdan
931d35a703
Collect and scan files included by the autoloaders (#3183) 
Refs vimeo/psalm#2861
 2020-07-11 17:17:22 -04:00
Joe Hoyle
b8c4abf08b
Add ability to Go to Definition on Use statements (#3805) 
This adds the ability to use the LSP's "Go to Definition" on `use MyClass` statements.

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-07-11 17:16:44 -04:00
Joe Hoyle
0b6d682964
Fix going to definition on return type (#3806) 
* Fix going to definition on return type

If a return type of a method or function is set incorrectly (with the PHP doc), then the references are not added for the `function() : MyClass` symbol, so the "Go to definition" feature of the LSP won't work. I don't believe an invalid return type or not should stop the symbol location being tracked (and not allowing code navigation).

In moved the symbol location tracking to be before the return early short circuit.

* Update SymbolLookupTest.php

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-07-11 17:14:39 -04:00
Joe Hoyle
11af82a97f
Fix jumping to definition on nullable parameters (#3804) 
Currently it's not possible to "Go to definition" (LSP) on nullable args like `function( ?MyClass )` as the reference is stored a `MyClass|null` in the reference map, which will now resolve to a class name.

This PR removed any nullable type from the union before adding it to the reference map (as the reference map is only use to indicate a symbol was used in a given location, I think this makes sense).
 2020-07-11 17:12:03 -04:00
Brown
2afbf58324 Prevent adding trait property types 2020-07-10 19:11:06 -04:00
Brown
8d022307d2 Fix #3797 - prevent many chained assignments crashing Psalm 2020-07-10 16:49:45 -04:00
Brown
d71f12d250 Fix #3802 - allow increment inside isset expression 2020-07-10 16:14:24 -04:00
Brown
8349564cc4 Fix #3790 - removing false/null from template not redundant 2020-07-10 13:19:23 -04:00
Brown
ba44b952ba Skip failing test 2020-07-10 13:08:50 -04:00
Brown
cd8420aa94 Skip optimisation for unpacked args 2020-07-10 13:04:37 -04:00
Joe Hoyle
d1ca68e57a
Fix offset calculation in getReferenceAtPosition (#3783) 
* Fix calculation of getPositionFromOffse

* Add test for testGetSymbolPositionRange

* Fix code formatting.
 2020-07-09 16:24:51 -04:00
Brown
a5da803a21 Fix test to work better 2020-07-08 17:42:19 -04:00
Brown
bf7bcc0dca Fix #3779 - allow ParadoxicalCondition of default to be suppressed 2020-07-08 14:51:20 -04:00
Brown
33a834bb0b Fix some property inference bugs 2020-07-08 14:43:36 -04:00
Brown
619c384509 Add indentation as necessary between property docblocks 2020-07-08 14:32:16 -04:00
Brown
cf67b9eef1 Fix #435 - add psalter fix for MissingPropertyType 2020-07-08 12:03:12 -04:00
Brown
6bdff42cda Add support for potentially-assigned properties 2020-07-08 11:46:55 -04:00
Brown
8ecee6df6d Fix #3760 - prevent param remapping twice 2020-07-07 11:44:22 -04:00
Brown
37e238a68b Fix tests 2020-07-07 10:41:46 -04:00
Brown
82a85791f2 Fix #3764 - preserve sealed-ness of array into array_map 2020-07-07 09:31:43 -04:00
Brown
ab6df0a5d1 Fix #3753 - resolve self-references in trait as statements earlier 2020-07-05 12:05:25 -04:00
Brown
42a3cedd31 Fix #3742 - add null to type after possibly null array access 2020-07-05 09:12:07 -04:00
jarstelfox
3096afed99
Fix echo false issue (#3751) 
* Echo: add failing test case

echo false; is a noop, not an issue

* Echo: Fix failing test case
 2020-07-05 08:55:42 -04:00
Brown
5da29955ee Use better replacement when analysing potentially-inherited templated type 2020-07-03 12:25:33 -04:00
Brown
44d7f51857 Generalise init vars inside for loops 
Ref #3085
 2020-07-03 11:13:44 -04:00
Brown
6419788a49 Remove false from template param as necessary 
Fixes #3737
 2020-07-03 01:07:50 -04:00
lhchavez
ba63ccb825
Improve \Psalm\Internal\Scanner\DocblockParser::parse() (#3736) 
This change avoids calling `str_replace()` on the original docblock and
instead only operates on the parsed (and modified) lines. This now makes
it so that if there are substrings of the docblock that match a tag
match, it won't get prematurely removed, therefore avoiding mangling of
the parsed docblock's description.

Fixes: #3735
 2020-07-02 17:55:57 -04:00
Brown
cb94764d22 Prevent false-positive for Exception::__toString overriding 2020-07-02 14:09:56 -04:00
Brown
0c582e9993 Fix #3685 - improve handling of if conditionals inside do 2020-07-02 13:59:59 -04:00
Brown
67b2edc328 Allow more things to be suppressed with @psalm-suppress TaintedInput 2020-07-02 11:53:51 -04:00
Brown
ea82cdc6ea Fix #3726 - infer generic template from class-string 2020-07-02 01:11:46 -04:00
Brown
fa0f43f0cf Skip failing test 2020-07-02 00:22:14 -04:00
Brown
ae7c5b095b Fix #3712 - allow taints to be suppressed with @psalm-suppress 2020-07-01 23:23:45 -04:00
Tyson Andre
e3d59bf5d4
Support taint detection on Throwable::getTraceAsString() (#3731) 
And `__toString()`, which uses getTraceAsString().

Fixes #3696

```php
function login($username, $password, $secret) {
    throw new RuntimeException('login failure');
}
try {
    login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
    // This output includes unescaped 'pass' and SECRET
    echo $e, "\n";
    echo $e->getTraceAsString();
}
```
 2020-07-01 21:27:40 -04:00
Brown
70ab4c18f4 Fix #3720 - allow literal unions in keys to map to object-like arrays 2020-07-01 18:57:19 -04:00
Olle Härstedt
d8e8ce428e
Add new annotation: @psalm-self-out (#3650) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

* New tag @self-out (WIP)

* Add self_out_type to method storage

* Add some notes

* More work on self-out (WIP)

* More work on self-out (WIP)

* Use psalm-self-out instead of self-out

* Remove extra file

* Cleanup

* Wrap around try-catch - how to check if a method has/should have storage?

* New method hasStorage()

* Fix indentation

* Fix some errors

* Fix indentation

* Cast storage type to type

* Add proper use-statement in method storage

* Correct test class name

* Allow self_out to be null

* method_id can be string (why, when?)

Co-authored-by: Olle <noemail>
 2020-07-01 18:10:24 -04:00
Tyson Andre
b0a3de47e8
Mark create_function() as a taint sink (#3729) 
create_function() is a thin wrapper around eval().
Fixes #3723
 2020-07-01 18:09:30 -04:00
Brown
6047b7b6cb Fix #3719 - prevent crash when cloning missing class 2020-07-01 10:10:55 -04:00
Brown
cb0f65dd91 Skip taint tests in Windows 2020-07-01 09:49:52 -04:00
Brown
4c368da75e Fix #3721 - prevent crash on empty @method 2020-07-01 09:00:33 -04:00
Brown
17558a5c0e Fix #3676 - add multiline output for TaintedInput issues 2020-06-30 13:17:51 -04:00
Brown
671009a70c Specialize constructor taints cc @TysonAndre 2020-06-29 21:08:43 -04:00
Brown
7253e01000 Fix #3716 - prevent crash for Foo|? return type 2020-06-29 17:52:55 -04:00
Brown
e56483bb54 Fix #3711 - generalize call of specialized class without specializations 2020-06-29 17:42:01 -04:00
Brown
ab29ac0e51 Only cast in echo when tracking taints 2020-06-29 15:06:11 -04:00
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
1a582fa636 Change InvalidArgument to InvalidCast in test 2020-06-29 12:55:12 -04:00
Brown
45c21853e5 Fix #3709 - don’t crash on inherited __toString tainting 2020-06-29 12:11:11 -04:00
Matthew Brown
18f9e7487b
Remove string cast 
Cc @TysonAndre
 2020-06-29 09:54:07 -04:00
Brown
38977d797e Fix #3697 - cast types via implied __toString method 2020-06-29 09:13:19 -04:00
Barney Laurance
3f8aa64ee9
Treat methods of internal or psalm internal classes as internal (#3698) 
When both the method and the class are annotated as psalm-internal,
but to different namespaces, we consider the method internal to
whichever namespace is longer, i.e. the smaller code module.

Issue reported at https://github.com/vimeo/psalm/issues/3457
 2020-06-28 13:15:54 -04:00
Brown
c95ebfeb21 Fix #3694 - allow two args for PDO::query 2020-06-26 18:26:06 -04:00
Brown
559b3d3471 Fix #3681 - taint exit like echo 2020-06-25 17:17:08 -04:00
Brown
07f7e5ccaf Reconciling should preserve taints 
Fixes #3680
 2020-06-25 17:04:18 -04:00
Brown
9837a60853 Fix #3675 - add taints to filter_var return 
Doesn’t yet take callback into account
 2020-06-25 13:24:26 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
68fe66fcf6 Fix tests 2020-06-25 01:33:02 -04:00
Brown
b8ebed0b85 Add a bit more accuracy 2020-06-25 01:00:11 -04:00
Brown
e26922010a Improve accuracy of array nesting checks 2020-06-25 00:50:52 -04:00
Brown
b84cf74754 Fix #3668 - taint property types for magic properties without @property 2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a Fix #3670 - taint mixed foreach access 2020-06-24 19:16:30 -04:00
Brown
a6c7a48387 Add support for argument unpacking 
Ref #3670
 2020-06-24 18:43:15 -04:00
Brown
d03a53a5ad Fix return type 2020-06-24 18:33:09 -04:00
Brown
828d9defb4 Use compact test format 2020-06-24 18:28:21 -04:00
Tyson Andre
1670848267
Mark print() statement as the same sink type as echo (#3669) 2020-06-24 17:23:16 -04:00
Brown
7a7cd91c24 Fix #3631 - better treatment for assignments in complex conditionals 2020-06-24 13:16:52 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Bruce Weirdan
e569f08f23
Drop missing issues from XSD schema (#3657) 
Two unknown issues (that were only present in schema) are dropped and a
test to validate that all issues are covered by XSD schema is added.
 2020-06-23 16:56:39 -04:00
Brown
96d05ab06b Fix #3654 - use correct function id for namespaced functions 2020-06-23 16:53:11 -04:00
Brown
6a746b65ea Fix #3655 - taint encapsulated strings 2020-06-23 16:38:59 -04:00
Brown
13fc8a75fd Allow taints to flow where no return type exists 
Fixes #3652
 2020-06-23 15:52:19 -04:00
Brown
f46236ad71 Taint flows through preg_replace_callback 2020-06-23 15:28:31 -04:00
Brown
f72b609d42 Fix #3642 - detect missing property when name matches 2020-06-23 13:12:46 -04:00
Brown
4d6fc4d0ca Fix get_class($foo) === static::class checks 2020-06-23 13:11:19 -04:00
Brown
9b860214d5 Fix #3639 - allow coerced types to count when picking callmap options 2020-06-22 20:24:34 -04:00
Brown
1f86afece7 Revert "Fix #3631 - apply assertions to RHS of equality in conditional" 
This reverts commit 9c17795545.
 2020-06-22 20:01:27 -04:00
Brown
fc8212e207 Fix static call specialisation via annotation 2020-06-22 18:40:43 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
9c17795545 Fix #3631 - apply assertions to RHS of equality in conditional 2020-06-22 15:16:16 -04:00
Brown
dddc159694 Add explicit path object 2020-06-22 02:10:03 -04:00
Brown
36f1630e03 Add more steps for clearer output 2020-06-22 01:08:58 -04:00
Brown
317571f1b2 Fix reset call 2020-06-21 13:03:55 -04:00
Brown
fbe3433edd Use escape terminology 2020-06-21 11:43:08 -04:00
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00
Brown
80ed1daf33 Allow static method mixin to invoke instance method 2020-06-20 18:05:35 -04:00
Brown
2ccec821f8 Fix #3624 - inherit magic property annotations from traits 2020-06-20 16:53:17 -04:00
Brown
2c5c9e95e1 Don’t add two @return docblocks after @method 2020-06-20 15:30:47 -04:00
Brown
edbeec2c6a Fix @method annotation namespacing 2020-06-20 15:18:22 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash (#3612) 2020-06-19 18:02:39 -04:00
Brown
a7a23b4c1c Remove letter 2020-06-19 09:41:25 -04:00
Brown
b1c836e5f3 Improve specialisation after call 2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4 Track taints from all tainted arrays 2020-06-18 13:45:58 -04:00
Brown
7d9a99a956 Fix #3609 - interpret strings as regular static calls 2020-06-18 11:56:08 -04:00
Brown
98622783ec Allow lists to have their types refined 
Fixes #3605
 2020-06-18 10:01:16 -04:00
Bruce Weirdan
6fb63903c1
Infer better types for magic constants used in const initializers (#3602) 
Fixes vimeo/psalm#3464
 2020-06-18 09:48:51 -04:00
Brown
137647a1a0 Fix #3603 - better typed value comparisons for loose equality 2020-06-18 09:31:38 -04:00
Brown
0a8b9b56ab Fix #3600 - conditional return should be removed before comparison 2020-06-17 12:57:50 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
 2020-06-15 22:36:42 -04:00
Brown
03e9649d49 Fix tainting of function calls absent taintable params 2020-06-15 20:59:48 -04:00
Brown
56ef220e49 Fix bugs in taint specialisation 2020-06-15 18:34:56 -04:00
Brown
05cb39814c Improve performance of long switch checks 2020-06-15 16:23:19 -04:00
Brown
8c5a434dc8 Allow updating array by reference 2020-06-15 14:45:08 -04:00
Matthew Brown
081a284759 Fix #3567 - remember which variables a callable sets byref in use 2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650 Fix #3551 - count method can be impure 2020-06-14 11:06:53 -04:00
Matthew Brown
427f470806 Fix #3586 - ensure templated trait params more accurate 2020-06-13 16:37:39 -04:00
Matthew Brown
edb2b4c5ef Get type of requires 2020-06-13 15:48:12 -04:00
Andrei Petre
3497ca07b6
Extending final class is prohibited #3037 (#3576) 2020-06-13 00:29:59 -04:00
Brown
9bfe50b20a Always analyse cast expressions 
Fixes #3577
 2020-06-12 17:25:46 -04:00
Brown
211f014356 Fix #3571 - make callable():void valid for callable():?Foo 2020-06-12 14:26:31 -04:00
Brown
45ea5d0bfe Add a couple more shortcuts for common pattern 
Fixes #3563
 2020-06-12 11:18:34 -04:00
Brown
9ca6c868b7 Fix #3563 - add workaround for == true 2020-06-12 10:58:44 -04:00
Brown
8a0776c8e5 Fix tests 2020-06-11 12:19:34 -04:00
Brown
f67b61f6cc Fix reconciliation of template param to literal string 
Fixes #3510
 2020-06-11 11:58:31 -04:00
Brown
16189782ab Inherit whether methods are sealed from parent 
Ref #3561
 2020-06-11 11:28:41 -04:00
Brown
286a8f911a Add support for static mixin calls 
Fixes #3552
 2020-06-09 18:39:52 -04:00
Brown
a6c0991073 Fix #3532 - expand type alias types recursively 2020-06-07 12:01:04 -04:00
Matthew Brown
0ac739fd48 Fix #3534 - allow magic method call on mixin 2020-06-06 23:28:32 -04:00
Matthew Brown
3d7288afcb Fix #3529 - static intersected with itself is static 2020-06-06 20:10:50 -04:00
Matthew Brown
ce445636e7 Fix #3535 - match template param class constants properly 2020-06-06 20:02:14 -04:00
Matthew Brown
74a34f066c Don’t check classes if literal strings are allowed 
Fixes #3538
 2020-06-06 19:31:42 -04:00
Brown
4f87cca55b Fix #3537 - improve parsing for @mixin annotations 2020-06-06 18:15:24 -04:00
Brown
d578c44a37 Add more mocking to tests 2020-06-06 16:57:25 -04:00
Matthew Brown
45e831252f
Remove property 2020-06-06 12:23:29 -04:00
Matthew Brown
05962fd51c
Update FakeFileReferenceCacheProvider.php 2020-06-06 12:11:33 -04:00
Matthew Brown
a1fd68975f
Use getinstance shortcut 2020-06-06 12:06:31 -04:00
Brown
831482951a Fix things 2020-06-06 11:23:05 -04:00
Brown
376f761db4 Skip broken test 2020-06-06 10:34:49 -04:00
Brown
fcf0a681d9 Fix #3531 - ignore mixed returns from template 2020-06-06 10:33:49 -04:00
Brown
438eb17e58 Fix #3367 - ensure --diff works after second run, not third 2020-06-05 12:09:38 -04:00
Brown
cf92361338 Fix #3522 - only use property pass-through when it’s visible 2020-06-04 16:15:07 -04:00
Brown
f6aa9cb11b Relocate tests 2020-06-04 16:07:00 -04:00
Brown
a4aa44494f Fix #3519 - prevent empty callable string 2020-06-04 15:40:53 -04:00
Brown
4d149de764 Fix #3506 - prevent black classes in throws check 2020-06-01 14:56:27 -04:00
Brown
be8fd3ea19 Fix #3481 - treat an iterable like a Traversable when comparing to object 2020-05-31 01:22:43 -04:00
Brown
4e21e54ee1 Fix #3491 - provide correct types for substitution 2020-05-30 19:11:41 -04:00
El Azimov
bed5a74065
Add wildcard support for class constants in template. (#3489) 
Co-authored-by: El Azimov <el.azimov@rocks>
 2020-05-30 16:55:18 -04:00
orklah
1621a9f3ea
Add checks for duplicated params and returns (#3487) 2020-05-30 16:54:16 -04:00
Brown
db67be5965 Fix #3483 - analyse variable static property access properly 2020-05-29 09:28:34 -04:00
Brown
235704ad49 Fix #3484 - use better method to determine constant existence in wildcard checks 2020-05-29 09:09:59 -04:00
Brown
30907f0269 Clean up comment parsing 2020-05-28 22:14:41 -04:00
feek
5330dcbd7a
fix: pass along final (#3471) 2020-05-28 01:59:24 -04:00
Brown
3c60609c21 Support better mixin handling 2020-05-27 11:12:09 -04:00
Brown
9b413cfccc Improved understanding of array_key_exists 
Fixes #3463
 2020-05-27 09:03:36 -04:00
Brown
b9ea115487 Support string class_alias calls with leading backslash 
Fixes #3465
 2020-05-27 08:14:47 -04:00
Brown
ef53ee3a3b Fix crash on aliased exception 
Ref #3465
 2020-05-27 08:09:58 -04:00
Brown
769ac5c052 Fix #3458 - scope templated mixin accurately 2020-05-26 23:32:07 -04:00
Brown
3da3d61270 Fix #3434 by removing extraneous call to simplifyType 2020-05-26 17:55:54 -04:00
Brown
0ef00f5756 Fix #3460 - allow isset checks on static properties 2020-05-26 17:40:27 -04:00
Brown
f0a5bd74b6 Detect never-return statement same as a throw 2020-05-26 15:02:23 -04:00
Brown
043c4b2a98 Skip test that requires ext-ds 2020-05-25 18:47:59 -04:00
Brown
7e7456c863 Make taint checks more thorough 2020-05-25 17:10:53 -04:00
Brown
118b700436 Simplify sink mapping for internal calls 2020-05-25 13:10:06 -04:00
Brown
109920be88 Expand template param before comparison 2020-05-25 11:51:10 -04:00
Brown
be847472a2 Fix #3453 - allow conditional return types on instance methods 2020-05-25 09:39:30 -04:00
Brown
240b2f898c Add some negative test cases for @mixin 
Also fix #3452
 2020-05-25 00:19:52 -04:00
Matthew Brown
806db80d63 Fix #3440 - literal string doesn’t contain numeric-string 2020-05-24 22:42:08 -04:00
orklah
72435757ea
Add false to possible parse_url return types (#3359) (#3445) 
* Add false to possible parse_url return types (#3359)

* fix test
 2020-05-24 09:19:58 -04:00
Brown
92a9a7efdf Handle flows into arguments a little better 2020-05-23 23:54:16 -04:00
Matthew Brown
1d17c02fba Fix #3442 - support broader type after initial array assignment 2020-05-23 23:23:50 -04:00
Matthew Brown
15e753e279 Fix #3443 - add InvalidDocblock issue for @psalm-assert Foo|!Bar 2020-05-23 22:52:21 -04:00
Brown
a198b09eb7 Add intermediary concat op node 2020-05-23 21:38:09 -04:00
Brown
16af6a5773 Improve concat taint propagation 2020-05-23 01:11:16 -04:00
Brown
10c106f7eb Add eval sink 2020-05-23 00:03:29 -04:00
Brown
dc73e25157 Detect taints in include calls 2020-05-22 23:53:37 -04:00
Brown
4b1c3db760 Don’t memoize method call where we have a getter standin 
Fixes #3427
 2020-05-22 15:54:32 -04:00
Brown
0cb211784d Fix #3415 - flesh out Closure return type 2020-05-22 14:26:37 -04:00
Brown
27a009fd69 Fix #3417 - Treat $this as static-y 2020-05-22 13:32:26 -04:00
Matthew Brown
4f33330215
Add nullable type 2020-05-22 13:18:18 -04:00
Brown
bebfac0ab6 Fix #3426 - allow falsy reconciliation for templated params 2020-05-22 13:16:48 -04:00
Brown
1b84fc2c12 Fix #3419 - don’t add null to return type when template/conditional return is used 2020-05-22 12:44:19 -04:00
Brown
8632cdb3cd Improve taint tracking during scanning phase 2020-05-22 12:33:48 -04:00
Brown
63c3678ae5 Improve property location resolution 2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680 Add faster taint analysis 2020-05-22 12:33:29 -04:00
Matthew Brown
6784a90b2f Fix #3423 - allow conditional with func_num_args() in namespace 2020-05-21 11:29:54 -04:00
Matthew Brown
952216ff21 Fix test 2020-05-20 23:24:50 -04:00
Matthew Brown
2d02064962 Fix #3407 - allow multiple matching generic classes in union 2020-05-20 09:11:17 -04:00
Brown
27cb660377 Respect possibly-undefined array keys while merging 
Fixes #3393
 2020-05-19 20:10:01 -04:00
Brown
f335560b69 Allow setting property on templated type 2020-05-19 17:31:05 -04:00
Brown
4415e0f69c Fix special case calling callable param with string non-global function 
Fixes #3411
 2020-05-19 15:48:31 -04:00
Brown
8becefda04 Forbid :: in object-like key name 
Ref #3399
 2020-05-19 14:38:46 -04:00
orklah
478bb267d8
stubs for array_sum (#3395) 2020-05-18 17:23:21 -04:00
Brown
8c86d47eb7 Downgrade some PossiblyInvalidClone issues 2020-05-18 17:18:13 -04:00
Brown
2312523318 Support merging of numeric-string with literal 2020-05-18 16:56:09 -04:00
Evgeniy
04a576708c
Correct analyze clone expression (#3382) 
* Correct analyze clone, add PossibleInvalidClone issue type

* Infer mixed type when possible incorrect clone

* Remove unused variable
 2020-05-18 16:22:50 -04:00
SignpostMarv
911ac2d363
Infer numeric-string from (string)$numeric (#3390) 
* adding test for vimeo/psalm#3370

* check if typecast will result in numeric-string

* int & float as per examples in vimeo/psalm#3370
* numeric & numeric-string because they shouldn't lose numericness.

* satisfy phpcs

* adjusting assertions to reflect typecasting change
 2020-05-18 13:42:47 -04:00
Brown
21798efed2 Fix #3388 - eliminate null after < 0 check 2020-05-18 08:52:44 -04:00
RJ Garcia
fd15bfc65d
Infer Return Types for Arrow Functions #3376 (#3385) 
* Infer Return Types for Arrow Functions #3376

- Made a small patch to check for closure or arrow
  function when attempting to infer the functions
  params
- Added new isExprClosureLike to start to consolidate
  all checks on closure/arrow fns

Signed-off-by: RJ Garcia <ragboyjr@icloud.com>

* Use better check

* Remove unused method

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-05-17 22:17:35 -04:00
Jefersson Nathan
f824cc380a
Add more test case scenario for @psalm-import-type (#3375) 
* Add test case scenario for @psalm-import-type

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>

* Add fix for @psalm-import-type test

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>

* Add test for import ocross namespaces

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>

* Add tests for failing cases

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>
 2020-05-16 16:43:35 -04:00
Matthew Brown
4dd0a2b775 Fix #3380 - allow comparisons between template param and empty array 2020-05-16 16:41:07 -04:00