lhchavez
ba63ccb825
Improve \Psalm\Internal\Scanner\DocblockParser::parse() ( #3736 )
...
This change avoids calling `str_replace()` on the original docblock and
instead only operates on the parsed (and modified) lines. This now makes
it so that if there are substrings of the docblock that match a tag
match, it won't get prematurely removed, therefore avoiding mangling of
the parsed docblock's description.
Fixes : #3735
2020-07-02 17:55:57 -04:00
Brown
1745f5cafa
Fix too-long line
2020-07-02 15:32:13 -04:00
Brown
cb94764d22
Prevent false-positive for Exception::__toString overriding
2020-07-02 14:09:56 -04:00
Brown
0c582e9993
Fix #3685 - improve handling of if conditionals inside do
2020-07-02 13:59:59 -04:00
Brown
cf1a8ac5fc
Suppress taints in instance properties
2020-07-02 12:08:42 -04:00
Brown
67b2edc328
Allow more things to be suppressed with @psalm-suppress TaintedInput
2020-07-02 11:53:51 -04:00
Brown
ea82cdc6ea
Fix #3726 - infer generic template from class-string
2020-07-02 01:11:46 -04:00
Brown
ae7c5b095b
Fix #3712 - allow taints to be suppressed with @psalm-suppress
2020-07-01 23:23:45 -04:00
Tyson Andre
e3d59bf5d4
Support taint detection on Throwable::getTraceAsString() ( #3731 )
...
And `__toString()`, which uses getTraceAsString().
Fixes #3696
```php
function login($username, $password, $secret) {
throw new RuntimeException('login failure');
}
try {
login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
// This output includes unescaped 'pass' and SECRET
echo $e, "\n";
echo $e->getTraceAsString();
}
```
2020-07-01 21:27:40 -04:00
Brown
0f548c83ea
Fix redundant condition
2020-07-01 19:31:10 -04:00
Brown
6c62e46d15
Only emit one error for erroneous array_map string closure types
2020-07-01 19:18:01 -04:00
Brown
4d73b2501b
Allow multiple args passed to array_map
2020-07-01 19:11:49 -04:00
Brown
70ab4c18f4
Fix #3720 - allow literal unions in keys to map to object-like arrays
2020-07-01 18:57:19 -04:00
Olle Härstedt
d8e8ce428e
Add new annotation: @psalm-self-out ( #3650 )
...
* Add new config: sealAllMethods
* Add some more tests
* Fix codesniffer issue with preg_quote
* Fix missing method in test
* New tag @self-out (WIP)
* Add self_out_type to method storage
* Add some notes
* More work on self-out (WIP)
* More work on self-out (WIP)
* Use psalm-self-out instead of self-out
* Remove extra file
* Cleanup
* Wrap around try-catch - how to check if a method has/should have storage?
* New method hasStorage()
* Fix indentation
* Fix some errors
* Fix indentation
* Cast storage type to type
* Add proper use-statement in method storage
* Correct test class name
* Allow self_out to be null
* method_id can be string (why, when?)
Co-authored-by: Olle <noemail>
2020-07-01 18:10:24 -04:00
Tyson Andre
b0a3de47e8
Mark create_function() as a taint sink ( #3729 )
...
create_function() is a thin wrapper around eval().
Fixes #3723
2020-07-01 18:09:30 -04:00
Brown
e13da22292
Allow cloning interfaces
2020-07-01 11:14:31 -04:00
Brown
fca350c498
Prevent a few crashes with really bad code
2020-07-01 10:30:10 -04:00
Brown
6047b7b6cb
Fix #3719 - prevent crash when cloning missing class
2020-07-01 10:10:55 -04:00
Brown
4c368da75e
Fix #3721 - prevent crash on empty @method
2020-07-01 09:00:33 -04:00
Brown
17558a5c0e
Fix #3676 - add multiline output for TaintedInput issues
2020-06-30 13:17:51 -04:00
Brown
671009a70c
Specialize constructor taints cc @TysonAndre
2020-06-29 21:08:43 -04:00
Brown
7288dfc620
Fix #3715 - unserialize is a taint sink
2020-06-29 17:54:47 -04:00
Brown
7253e01000
Fix #3716 - prevent crash for Foo|? return type
2020-06-29 17:52:55 -04:00
Brown
e56483bb54
Fix #3711 - generalize call of specialized class without specializations
2020-06-29 17:42:01 -04:00
Brown
ab29ac0e51
Only cast in echo when tracking taints
2020-06-29 15:06:11 -04:00
Brown
cff976049d
Remove unused vars
2020-06-29 13:24:05 -04:00
Brown
f6e2e0a84a
Perform string casting for taints in ArgumentAnalyzer
2020-06-29 13:21:33 -04:00
Brown
45c21853e5
Fix #3709 - don’t crash on inherited __toString tainting
2020-06-29 12:11:11 -04:00
Brown
aab90fb74e
Fix Psalm errors
2020-06-29 09:29:19 -04:00
Brown
38977d797e
Fix #3697 - cast types via implied __toString method
2020-06-29 09:13:19 -04:00
Brown
b54b832838
Break out method call tainting
2020-06-29 00:14:49 -04:00
Barney Laurance
3f8aa64ee9
Treat methods of internal or psalm internal classes as internal ( #3698 )
...
When both the method and the class are annotated as psalm-internal,
but to different namespaces, we consider the method internal to
whichever namespace is longer, i.e. the smaller code module.
Issue reported at https://github.com/vimeo/psalm/issues/3457
2020-06-28 13:15:54 -04:00
Simon Podlipsky
0f727e7607
Add RdKafka\ProducerTopic::producev() to CallMap ( #3700 )
2020-06-28 13:15:11 -04:00
Brown
c95ebfeb21
Fix #3694 - allow two args for PDO::query
2020-06-26 18:26:06 -04:00
Fabien Villepinte
c42dadaf0d
Redis::getDbNum|getHost can return false ( #3673 ) ( #3693 )
2020-06-26 18:14:10 -04:00
Tyson Andre
3a9c7432e1
Add psalm-taint-specialize for preg_replace_callback ( #3683 )
...
Fixes https://psalm.dev/r/517c4a169e
2020-06-26 08:58:57 -04:00
Brown
bcd7478352
Reduce memory footprint a little
2020-06-25 19:12:30 -04:00
Brown
559b3d3471
Fix #3681 - taint exit like echo
2020-06-25 17:17:08 -04:00
Brown
07f7e5ccaf
Reconciling should preserve taints
...
Fixes #3680
2020-06-25 17:04:18 -04:00
Brown
9837a60853
Fix #3675 - add taints to filter_var return
...
Doesn’t yet take callback into account
2020-06-25 13:24:26 -04:00
Brown
9e7650586b
Fix bugs
2020-06-25 13:21:11 -04:00
Brown
95bf7f835b
Improve handling of array_map, faking out calls where nececssary
2020-06-25 13:05:34 -04:00
Brown
f458959af5
Add param type
2020-06-25 01:40:19 -04:00
Brown
d7f1bde6da
Refactor taint acccess checks
2020-06-25 01:32:57 -04:00
Brown
b8ebed0b85
Add a bit more accuracy
2020-06-25 01:00:11 -04:00
Brown
e26922010a
Improve accuracy of array nesting checks
2020-06-25 00:50:52 -04:00
Brown
b84cf74754
Fix #3668 - taint property types for magic properties without @property
2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a
Fix #3670 - taint mixed foreach access
2020-06-24 19:16:30 -04:00
Brown
a6c7a48387
Add support for argument unpacking
...
Ref #3670
2020-06-24 18:43:15 -04:00
Tyson Andre
1670848267
Mark print() statement as the same sink type as echo ( #3669 )
2020-06-24 17:23:16 -04:00
Brown
de85e7c539
Fix blips
2020-06-24 13:19:14 -04:00
Brown
7a7cd91c24
Fix #3631 - better treatment for assignments in complex conditionals
2020-06-24 13:16:52 -04:00
Brown
9aa0aca949
Fix handling of coerced callmap args
2020-06-24 11:51:31 -04:00
Brown
c29b3744ec
Change storage of out types
2020-06-24 11:51:31 -04:00
Brown
96d05ab06b
Fix #3654 - use correct function id for namespaced functions
2020-06-23 16:53:11 -04:00
Brown
6a746b65ea
Fix #3655 - taint encapsulated strings
2020-06-23 16:38:59 -04:00
Brown
13fc8a75fd
Allow taints to flow where no return type exists
...
Fixes #3652
2020-06-23 15:52:19 -04:00
Brown
f46236ad71
Taint flows through preg_replace_callback
2020-06-23 15:28:31 -04:00
Brown
f72b609d42
Fix #3642 - detect missing property when name matches
2020-06-23 13:12:46 -04:00
Brown
4d6fc4d0ca
Fix get_class($foo) === static::class checks
2020-06-23 13:11:19 -04:00
Brown
9b860214d5
Fix #3639 - allow coerced types to count when picking callmap options
2020-06-22 20:24:34 -04:00
Brown
1f86afece7
Revert "Fix #3631 - apply assertions to RHS of equality in conditional"
...
This reverts commit 9c17795545
.
2020-06-22 20:01:27 -04:00
Brown
fc8212e207
Fix static call specialisation via annotation
2020-06-22 18:40:43 -04:00
Brown
e8be2c500e
Support taint flows in more functions
2020-06-22 17:53:03 -04:00
Brown
7f05b3c530
Add $_REQUEST as a taint source
...
Ref #3636
2020-06-22 17:16:15 -04:00
Brown
9c17795545
Fix #3631 - apply assertions to RHS of equality in conditional
2020-06-22 15:16:16 -04:00
Brown
dddc159694
Add explicit path object
2020-06-22 02:10:03 -04:00
Brown
36f1630e03
Add more steps for clearer output
2020-06-22 01:08:58 -04:00
Brown
02e8313c39
Allow taintedness to propagate to some stubbed methods
2020-06-21 18:07:39 -04:00
Brown
fbe3433edd
Use escape terminology
2020-06-21 11:43:08 -04:00
Brown
07adecc6eb
Use correct method id when creating taints
2020-06-21 02:06:08 -04:00
Brown
dc83c2e2fc
Add annotation for taint sources
2020-06-21 00:58:56 -04:00
Brown
f21d3a8346
Remove html and sql taints for simple preg_replace patterns
2020-06-20 23:11:42 -04:00
Brown
8edee96d8d
Fix taint regression
2020-06-20 18:10:01 -04:00
Brown
80ed1daf33
Allow static method mixin to invoke instance method
2020-06-20 18:05:35 -04:00
Brown
2ccec821f8
Fix #3624 - inherit magic property annotations from traits
2020-06-20 16:53:17 -04:00
Brown
2c5c9e95e1
Don’t add two @return docblocks after @method
2020-06-20 15:30:47 -04:00
Brown
edbeec2c6a
Fix @method annotation namespacing
2020-06-20 15:18:22 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash ( #3612 )
2020-06-19 18:02:39 -04:00
Brown
51202c75ea
Add taint docs
2020-06-19 11:56:12 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods ( #3615 )
2020-06-19 11:51:08 -04:00
Brown
b1c836e5f3
Improve specialisation after call
2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b
Improve tainting of specializable classes
2020-06-19 01:22:51 -04:00
Brown
078b8b7b1a
Fix #3618 - add way to load non-analyzed files
2020-06-19 00:13:09 -04:00
Brown
eecdc43ce7
Remove stray commas
2020-06-18 20:15:38 -04:00
Brown
49f0592794
Improve tracking of array taints
2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4
Track taints from all tainted arrays
2020-06-18 13:45:58 -04:00
Brown
7d9a99a956
Fix #3609 - interpret strings as regular static calls
2020-06-18 11:56:08 -04:00
Brown
f609a01497
Move static property fetch analyzer to own class
2020-06-18 11:53:24 -04:00
Brown
98622783ec
Allow lists to have their types refined
...
Fixes #3605
2020-06-18 10:01:16 -04:00
Bruce Weirdan
6fb63903c1
Infer better types for magic constants used in const initializers ( #3602 )
...
Fixes vimeo/psalm#3464
2020-06-18 09:48:51 -04:00
Brown
137647a1a0
Fix #3603 - better typed value comparisons for loose equality
2020-06-18 09:31:38 -04:00
Brown
7fc1f50f54
Fix potential nullref
2020-06-17 16:40:35 -04:00
Brown
4870774ea4
Allow falsable issues on DateInterval::$days
2020-06-17 16:28:26 -04:00
Brown
0a8b9b56ab
Fix #3600 - conditional return should be removed before comparison
2020-06-17 12:57:50 -04:00
Jaik Dean
02b15b83ff
Fix argument types for Redis::zRevRangeByScore() and Redis::zRevRangeByLex() ( #3597 )
2020-06-17 11:50:03 -04:00
Teemu Koskinen
bfae4af030
tidyNode->child will be null if the node does not have any children ( #3599 )
...
https://github.com/php/php-src/blob/master/ext/tidy/tidy.c#L696
2020-06-17 09:29:23 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods ( #3578 )
...
* Add new config: sealAllMethods
* Add some more tests
* Fix codesniffer issue with preg_quote
* Fix missing method in test
Co-authored-by: Olle <noemail>
2020-06-15 22:36:42 -04:00
Brown
03e9649d49
Fix tainting of function calls absent taintable params
2020-06-15 20:59:48 -04:00
Brown
56ef220e49
Fix bugs in taint specialisation
2020-06-15 18:34:56 -04:00
Brown
bbada7ba8d
Ensure correct vars are used
2020-06-15 17:16:12 -04:00
Brown
05cb39814c
Improve performance of long switch checks
2020-06-15 16:23:19 -04:00
Brown
8c5a434dc8
Allow updating array by reference
2020-06-15 14:45:08 -04:00
Matthew Brown
081a284759
Fix #3567 - remember which variables a callable sets byref in use
2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650
Fix #3551 - count method can be impure
2020-06-14 11:06:53 -04:00
Matthew Brown
683bde9540
Fix #3573 - allow UnnecessaryVarAnnotation to be suppressed
2020-06-13 16:48:10 -04:00
Matthew Brown
19ba53f28c
Fix too-long line
2020-06-13 16:45:54 -04:00
Matthew Brown
427f470806
Fix #3586 - ensure templated trait params more accurate
2020-06-13 16:37:39 -04:00
Matthew Brown
edb2b4c5ef
Get type of requires
2020-06-13 15:48:12 -04:00
Gabriel Ostrolucký
8ca7a88c41
Mark fgetcsv impure ( #3582 )
...
fgetcsv standalone is used to skip current row for consecutive reads
2020-06-13 00:32:00 -04:00
Andrei Petre
3497ca07b6
Extending final class is prohibited #3037 ( #3576 )
2020-06-13 00:29:59 -04:00
Bruce Weirdan
a99f92ae3a
Fix vimeo/psalm#3572 ( #3575 )
...
session_decode has side effects
2020-06-13 00:28:56 -04:00
Brown
9bfe50b20a
Always analyse cast expressions
...
Fixes #3577
2020-06-12 17:25:46 -04:00
Brown
211f014356
Fix #3571 - make callable():void valid for callable():?Foo
2020-06-12 14:26:31 -04:00
Brown
45ea5d0bfe
Add a couple more shortcuts for common pattern
...
Fixes #3563
2020-06-12 11:18:34 -04:00
Brown
9ca6c868b7
Fix #3563 - add workaround for == true
2020-06-12 10:58:44 -04:00
Tim van Dijen
7fa48f3508
Fix return type for preg_grep ( #3565 )
2020-06-11 11:59:14 -04:00
Brown
f67b61f6cc
Fix reconciliation of template param to literal string
...
Fixes #3510
2020-06-11 11:58:31 -04:00
Brown
16189782ab
Inherit whether methods are sealed from parent
...
Ref #3561
2020-06-11 11:28:41 -04:00
Brown
ec0a4c7c96
Require ReflectionMethod get a class-string
2020-06-11 11:07:57 -04:00
Jáchym Toušek
c6611cfcd1
Update ext-ds stubs ( #3559 )
2020-06-10 17:27:39 -04:00
Gregor Harlan
235093ecc4
Add PharData::offsetGet/offsetExists to CallMap ( #3557 )
2020-06-10 17:26:22 -04:00
Brown
5617e9d7c9
Fix array_values call
2020-06-09 19:06:08 -04:00
Brown
286a8f911a
Add support for static mixin calls
...
Fixes #3552
2020-06-09 18:39:52 -04:00
Brown
a6c0991073
Fix #3532 - expand type alias types recursively
2020-06-07 12:01:04 -04:00
Matthew Brown
91e76f7173
Fix #3536 - Make method return type provider aware of original called method
2020-06-06 23:35:08 -04:00
Matthew Brown
0ac739fd48
Fix #3534 - allow magic method call on mixin
2020-06-06 23:28:32 -04:00
Matthew Brown
739d23e5f0
Use alias
2020-06-06 23:27:25 -04:00
Matthew Brown
3d7288afcb
Fix #3529 - static intersected with itself is static
2020-06-06 20:10:50 -04:00
Matthew Brown
ce445636e7
Fix #3535 - match template param class constants properly
2020-06-06 20:02:14 -04:00
Matthew Brown
74a34f066c
Don’t check classes if literal strings are allowed
...
Fixes #3538
2020-06-06 19:31:42 -04:00
Brown
4f87cca55b
Fix #3537 - improve parsing for @mixin annotations
2020-06-06 18:15:24 -04:00
Matthew Brown
243c09de37
Make property protected
2020-06-06 12:24:16 -04:00
Brown
fcf0a681d9
Fix #3531 - ignore mixed returns from template
2020-06-06 10:33:49 -04:00
Brown
438eb17e58
Fix #3367 - ensure --diff works after second run, not third
2020-06-05 12:09:38 -04:00
Brown
cf92361338
Fix #3522 - only use property pass-through when it’s visible
2020-06-04 16:15:07 -04:00
Brown
a4aa44494f
Fix #3519 - prevent empty callable string
2020-06-04 15:40:53 -04:00
Šimon Podlipský
596213c2c3
Make ext-ds to array return list<V> ( #3520 )
2020-06-04 09:56:00 -04:00
Matthew Brown
c9ee691595
Fix suppression
2020-06-04 09:55:32 -04:00
Brown
5c80dc3299
Fix #3515 - add merge method to Vector
2020-06-03 16:50:01 -04:00
Brown
fd74d3284d
Add support for PHPParser 4.5.0
2020-06-03 14:58:08 -04:00
LeSuisse
1f8dc26d1d
Fix signatures of stream_filter_append and stream_filter_prepend ( #3514 )
...
filterparams is not restricted to an array, it is perfectly to pass a
class or any other value.
See https://github.com/php/php-src/blob/php-7.4.6/ext/standard/streamsfuncs.c#L1171
2020-06-03 12:50:40 -04:00
Brown
7caaa64825
Fix #3418 - don’t override with send type when @psalm-yield is given
2020-06-02 13:27:17 -04:00
Brown
4d149de764
Fix #3506 - prevent black classes in throws check
2020-06-01 14:56:27 -04:00
Markus Staab
efcc28be02
Fixed mysql::$insert_id type ( #3496 )
...
* Fixed mysql::$insert_id type
* Update PropertyMap.php
* Update src/Psalm/Internal/PropertyMap.php
2020-05-31 18:53:30 -04:00
Brown
be8fd3ea19
Fix #3481 - treat an iterable like a Traversable when comparing to object
2020-05-31 01:22:43 -04:00
Brown
86b894eca5
Treat iterables as traversable when comparing to named object
2020-05-31 00:55:45 -04:00
Brown
c1d8912a9b
Bust cache more
2020-05-30 19:11:57 -04:00
Brown
4e21e54ee1
Fix #3491 - provide correct types for substitution
2020-05-30 19:11:41 -04:00
Markus Staab
0e298a6f13
Removed unexisting property mysqli::stat ( #3501 )
2020-05-30 17:03:04 -04:00
orklah
76f5def268
Use scandir and glob flags to reduce their performance impact ( #3499 )
...
* Use scandir and glob flags to reduce their performance impact
* Order seem to impact Tests here
2020-05-30 17:02:35 -04:00
Markus Staab
f24d7abcd9
Made mysqli_warning::$sqlstate a string ( #3497 )
2020-05-30 17:01:20 -04:00
orklah
428beb21fb
Improve stubs for str_replace and preg_replace ( #3495 )
...
* expand accepted values for str_replace and preg_replace. Make return conditional based on type of $subject
* Remove int|float from str_replace/preg_replace
Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-30 16:59:18 -04:00
orklah
51bf7f38de
Fix #3438 ( #3494 )
2020-05-30 16:55:55 -04:00
El Azimov
bed5a74065
Add wildcard support for class constants in template. ( #3489 )
...
Co-authored-by: El Azimov <el.azimov@rocks>
2020-05-30 16:55:18 -04:00
orklah
1621a9f3ea
Add checks for duplicated params and returns ( #3487 )
2020-05-30 16:54:16 -04:00
orklah
062db0ffcf
Fix #3437 ( #3493 )
2020-05-30 14:38:12 -04:00
Brown
db67be5965
Fix #3483 - analyse variable static property access properly
2020-05-29 09:28:34 -04:00
Brown
235704ad49
Fix #3484 - use better method to determine constant existence in wildcard checks
2020-05-29 09:09:59 -04:00
Matthew Brown
73797f7498
Add more default sinks
2020-05-29 00:24:07 -04:00
Brown
30907f0269
Clean up comment parsing
2020-05-28 22:14:41 -04:00
Brown
b932163d5d
Make parser a little cleaner
2020-05-28 14:31:17 -04:00
feek
5330dcbd7a
fix: pass along final ( #3471 )
2020-05-28 01:59:24 -04:00
still-dreaming-1
1bb884bd84
__TRAIT__ can be string or non-empty-string ( #3469 )
...
depending on whether or not it is used from inside a __TRAIT__
2020-05-27 19:23:46 -04:00
still-dreaming-1
9189335715
Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-s… ( #3468 )
...
* Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-string
* __TRAIT__ should stay string in case used outside a trait
Co-authored-by: <jesse@LAPTOP-73CA4O5T.localdomain>
2020-05-27 18:21:26 -04:00
Brown
3c60609c21
Support better mixin handling
2020-05-27 11:12:09 -04:00
Brown
9b413cfccc
Improved understanding of array_key_exists
...
Fixes #3463
2020-05-27 09:03:36 -04:00
Brown
b9ea115487
Support string class_alias calls with leading backslash
...
Fixes #3465
2020-05-27 08:14:47 -04:00
Brown
ef53ee3a3b
Fix crash on aliased exception
...
Ref #3465
2020-05-27 08:09:58 -04:00
Brown
769ac5c052
Fix #3458 - scope templated mixin accurately
2020-05-26 23:32:07 -04:00
Brown
d04e21ee5a
Define mixin declaring classname
2020-05-26 23:32:07 -04:00
Brown
b4855b3ecd
Catch errors during yield annotation tokenisation
...
Fixes #3430
2020-05-26 17:57:55 -04:00
Brown
3da3d61270
Fix #3434 by removing extraneous call to simplifyType
2020-05-26 17:55:54 -04:00
Brown
0ef00f5756
Fix #3460 - allow isset checks on static properties
2020-05-26 17:40:27 -04:00
Brown
f0a5bd74b6
Detect never-return statement same as a throw
2020-05-26 15:02:23 -04:00
Brown
a2b6326a84
Change specialize-call to taint-specialize
2020-05-26 14:18:43 -04:00
Brown
ecb179c784
Migrate min/max function calls back to CallMap
2020-05-26 12:28:56 -04:00
Brown
a266d4748b
Fix build
2020-05-26 07:50:11 -04:00
Brown
953be61cf2
Allow limiting connected taint paths
2020-05-25 23:28:11 -04:00
Brown
7e7456c863
Make taint checks more thorough
2020-05-25 17:10:53 -04:00
Brown
2e6fc24867
Template callmap methods too
...
Fixes #3453
2020-05-25 14:21:06 -04:00
Brown
118b700436
Simplify sink mapping for internal calls
2020-05-25 13:10:06 -04:00
Brown
109920be88
Expand template param before comparison
2020-05-25 11:51:10 -04:00
Brown
be847472a2
Fix #3453 - allow conditional return types on instance methods
2020-05-25 09:39:30 -04:00
Brown
3416e33348
Fix indentation
2020-05-25 01:23:28 -04:00
Brown
240b2f898c
Add some negative test cases for @mixin
...
Also fix #3452
2020-05-25 00:19:52 -04:00
Matthew Brown
806db80d63
Fix #3440 - literal string doesn’t contain numeric-string
2020-05-24 22:42:08 -04:00
Brown
ff5c17c044
Switch subtype messagearg order
2020-05-24 09:43:54 -04:00
orklah
72435757ea
Add false to possible parse_url return types ( #3359 ) ( #3445 )
...
* Add false to possible parse_url return types (#3359 )
* fix test
2020-05-24 09:19:58 -04:00
Brown
92a9a7efdf
Handle flows into arguments a little better
2020-05-23 23:54:16 -04:00
Matthew Brown
1d17c02fba
Fix #3442 - support broader type after initial array assignment
2020-05-23 23:23:50 -04:00
Matthew Brown
15e753e279
Fix #3443 - add InvalidDocblock issue for @psalm-assert Foo|!Bar
2020-05-23 22:52:21 -04:00
Brown
a198b09eb7
Add intermediary concat op node
2020-05-23 21:38:09 -04:00
Brown
f5a0622ad2
Fix style
2020-05-23 08:06:31 -04:00
Matthew Brown
0dee85d0b7
Remove redundancy
2020-05-23 01:48:56 -04:00
Brown
16af6a5773
Improve concat taint propagation
2020-05-23 01:11:16 -04:00
Brown
ee493909d7
Fix bugs
2020-05-23 00:08:16 -04:00
Brown
10c106f7eb
Add eval sink
2020-05-23 00:03:29 -04:00
Brown
dc73e25157
Detect taints in include calls
2020-05-22 23:53:37 -04:00
Brown
e72288c85f
Don’t error on badly-formatted taint annotation
2020-05-22 22:38:03 -04:00
Brown
e82c317d53
Adjust tolerances
2020-05-22 21:37:18 -04:00
Brown
fb3cb2c4d1
Only use plain return type if we’re not memoizing
2020-05-22 17:05:39 -04:00
Brown
bbc30a1747
Only recreate taints if non-null
2020-05-22 16:55:36 -04:00
Brown
4b1c3db760
Don’t memoize method call where we have a getter standin
...
Fixes #3427
2020-05-22 15:54:32 -04:00
Brown
4010129e96
Fix #3420 - add ds\vector::toArray method
2020-05-22 15:26:19 -04:00
Brown
0cb211784d
Fix #3415 - flesh out Closure return type
2020-05-22 14:26:37 -04:00
Brown
27a009fd69
Fix #3417 - Treat $this as static-y
2020-05-22 13:32:26 -04:00
Brown
bebfac0ab6
Fix #3426 - allow falsy reconciliation for templated params
2020-05-22 13:16:48 -04:00
Brown
1b84fc2c12
Fix #3419 - don’t add null to return type when template/conditional return is used
2020-05-22 12:44:19 -04:00
Brown
8632cdb3cd
Improve taint tracking during scanning phase
2020-05-22 12:33:48 -04:00
Brown
63c3678ae5
Improve property location resolution
2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680
Add faster taint analysis
2020-05-22 12:33:29 -04:00
Matthew Brown
6784a90b2f
Fix #3423 - allow conditional with func_num_args() in namespace
2020-05-21 11:29:54 -04:00
Joe Hoyle
6f28d741bc
Display variable assignment type in LSP hovers ( #3401 )
...
* Add node references for variable assignments
* Break up line
Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-20 17:40:22 -04:00
Matthew Brown
3effdc5b69
Improve yield type substitution
2020-05-20 09:12:24 -04:00
Matthew Brown
2d02064962
Fix #3407 - allow multiple matching generic classes in union
2020-05-20 09:11:17 -04:00
Jáchym Toušek
8855b6c1d9
Fix Ds\Map methods ( #3412 )
2020-05-20 07:27:25 -04:00
Brown
2ec76f01c2
Fix redundant condition
2020-05-19 20:11:25 -04:00
Brown
27cb660377
Respect possibly-undefined array keys while merging
...
Fixes #3393
2020-05-19 20:10:01 -04:00
Brown
a4141a7581
Fix #3327 - convert void to null when comparing conditional type with nullable
2020-05-19 19:48:11 -04:00
Brown
f335560b69
Allow setting property on templated type
2020-05-19 17:31:05 -04:00
Brown
6ec5763847
Filter out traversable possibly-mixed too
2020-05-19 16:26:00 -04:00
Brown
a3214012a6
Only convert userland functions
2020-05-19 16:15:41 -04:00
Brown
baeb86ca8f
Fix #3403 - remove possibly-mixed key
2020-05-19 16:12:37 -04:00
Brown
4415e0f69c
Fix special case calling callable param with string non-global function
...
Fixes #3411
2020-05-19 15:48:31 -04:00
Matthew Brown
777b6e8d91
Simplify conditional
2020-05-19 15:07:30 -04:00
Brown
b5ae0167a2
Fix typo
2020-05-19 14:58:53 -04:00
Brown
b38d945b12
Cast null and false to empty string
...
Ref #3408
2020-05-19 14:53:06 -04:00
Brown
8becefda04
Forbid :: in object-like key name
...
Ref #3399
2020-05-19 14:38:46 -04:00
Šimon Podlipský
dc82243edc
Add RdKafka:flush() to CallMap ( #3410 )
2020-05-19 12:56:58 -04:00
Brown
0b2da18f1e
Break up StatementsAnalyzer
2020-05-19 12:56:30 -04:00
Šimon Podlipský
47cf69ded1
Fix RdKafka maps ( #3404 )
...
Resolves #3388
2020-05-19 10:13:25 -04:00
Brown
666cc3b4c9
Fix BinaryOp analysis
2020-05-18 23:00:53 -04:00
Brown
8e5b330c5a
Break apart CallAnalyzer
2020-05-18 22:57:00 -04:00
Brown
5b06c206e0
Move classes into deeper namespace
2020-05-18 22:52:33 -04:00
Brown
ace049a068
Beautify BinaryOpAnalyzer
2020-05-18 18:57:09 -04:00
orklah
478bb267d8
stubs for array_sum ( #3395 )
2020-05-18 17:23:21 -04:00
Brown
8c86d47eb7
Downgrade some PossiblyInvalidClone
issues
2020-05-18 17:18:13 -04:00
Brown
4ca83ca30d
Add slash
2020-05-18 17:05:47 -04:00
Brown
3a582dde8d
Allow merging of numeric-string and literal string
2020-05-18 16:57:16 -04:00
Brown
2312523318
Support merging of numeric-string with literal
2020-05-18 16:56:09 -04:00
Brown
b62f646388
Fix #3391 - move_uploaded_file mutates
2020-05-18 16:26:08 -04:00
Evgeniy
04a576708c
Correct analyze clone expression ( #3382 )
...
* Correct analyze clone, add PossibleInvalidClone issue type
* Infer mixed type when possible incorrect clone
* Remove unused variable
2020-05-18 16:22:50 -04:00
Brown
ea0a99d3a8
Fix bad merge
2020-05-18 16:02:10 -04:00
Brown
5ee1487a01
Make ExpressionAnalyzer more beautiful
2020-05-18 15:13:27 -04:00
SignpostMarv
911ac2d363
Infer numeric-string from (string)$numeric ( #3390 )
...
* adding test for vimeo/psalm#3370
* check if typecast will result in numeric-string
* int & float as per examples in vimeo/psalm#3370
* numeric & numeric-string because they shouldn't lose numericness.
* satisfy phpcs
* adjusting assertions to reflect typecasting change
2020-05-18 13:42:47 -04:00
Brown
21798efed2
Fix #3388 - eliminate null after < 0 check
2020-05-18 08:52:44 -04:00
Mark Sch
9aa46221f6
Use pretty print for JSON reporting. ( #3364 )
...
* Use pretty print for JSON reporting.
* Use pretty print for JSON reporting.
* Use pretty-print option on CLI for BC.
* Change static:: const to self::
Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-18 08:40:20 -04:00
orklah
3e7f5df7e1
Solve more cases when docblock rendering is not needed ( #3387 )
2020-05-18 07:16:18 -04:00
Matthew Brown
b0ffaf0077
Fix type coercion
2020-05-17 22:51:48 -04:00
RJ Garcia
fd15bfc65d
Infer Return Types for Arrow Functions #3376 ( #3385 )
...
* Infer Return Types for Arrow Functions #3376
- Made a small patch to check for closure or arrow
function when attempting to infer the functions
params
- Added new isExprClosureLike to start to consolidate
all checks on closure/arrow fns
Signed-off-by: RJ Garcia <ragboyjr@icloud.com>
* Use better check
* Remove unused method
Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-17 22:17:35 -04:00
orklah
dd4927a14c
Avoid regenerating docblock when no modification is made ( #3374 )
...
* Avoid regenerating docblock when no modification is made
* Generate empty docblock before, in case there was no docblock at all
2020-05-16 16:44:47 -04:00
Jefersson Nathan
f824cc380a
Add more test case scenario for @psalm-import-type ( #3375 )
...
* Add test case scenario for @psalm-import-type
Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>
* Add fix for @psalm-import-type test
Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>
* Add test for import ocross namespaces
Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>
* Add tests for failing cases
Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>
2020-05-16 16:43:35 -04:00
Matthew Brown
4dd0a2b775
Fix #3380 - allow comparisons between template param and empty array
2020-05-16 16:41:07 -04:00
Matthew Brown
f6342a40d9
Remove unnecesary conditional check for do
...
Fixes #3378
2020-05-16 16:32:36 -04:00
Nobu Funaki
abef8008bc
Fix InvalidCast after is_callable([$val, '__toString']) check ( #3372 )
...
Support is_callable() with an array argument similar to method_exists()
2020-05-16 08:50:43 -04:00
Brown
c62e08a88e
Support intersection of type aliases
2020-05-15 16:18:52 -04:00
Brown
111303d913
Add non-empty-lowercase-string type
2020-05-15 10:18:05 -04:00
Brown
013467dc0e
Add reference to ensure proper hydration
2020-05-15 00:31:55 -04:00
Brown
0086eb25a2
Remove duplicate types with @psalm-import-type
2020-05-15 00:16:20 -04:00
Brown
2d92943625
Add support for expansion of type aliases
2020-05-15 00:15:48 -04:00
Brown
9f3f7bb946
Consolidate ThreadData types
2020-05-14 23:44:22 -04:00
Brown
c212c03e40
Don’t stop analysing when encountering an UndefinedGlobalVariable
...
Fixes #3366
2020-05-14 22:51:51 -04:00
Brown
ae48c1895f
Fix #3365 - add support for negated empty string checks
2020-05-14 22:09:37 -04:00
Brown
48504aa88c
Pass through typa aliases where appropriate
2020-05-14 00:48:58 -04:00
Brown
006c6e09f1
Add more details to type alias creation
2020-05-14 00:41:50 -04:00
Brown
2327a0db6b
Add TTypeAlias object with a creation path
2020-05-13 19:49:03 -04:00
Brown
190c9ce27e
Use TypeAlias object to allow future extension
2020-05-13 19:29:59 -04:00
Brown
0fc3398631
Move parsing methods into internal namespace
2020-05-13 19:12:45 -04:00
Brown
2af0a17d03
Fix #3236 - allow use-checking of more methods starting with __
2020-05-12 22:39:26 -04:00
Matthew Brown
8c236f411a
Fix #3353 - allow extending nested when nested as type is mixed
2020-05-12 15:07:16 -04:00
Brown
3e58163180
Prevent empty function id
...
Ref #3354
2020-05-12 12:54:06 -04:00
Brown
d8cd30b34a
Fix #3340 - catch more errors in @method type parsing
2020-05-11 18:39:07 -04:00
Brown
0d5d7c8938
Add null check
2020-05-11 11:56:07 -04:00
Brown
291018034b
Remove unnecessary PHP code
2020-05-11 11:36:50 -04:00
Brown
3554aa4435
Fix crash newly introduced
2020-05-11 09:34:07 -04:00
Brown
eefd2e743b
Use generic function definition for sscanf
...
cc @villfa
2020-05-10 23:58:51 -04:00
Brown
8f2f2617d4
Improve refactor
2020-05-10 22:45:01 -04:00
Brown
5f4d162dd5
Break out type expander into separate class
2020-05-10 22:39:18 -04:00
sj-i
fa601f97d7
update proc_open() types for PHP 7.4 ( #3333 )
...
as of PHP 7.4, proc_open() accepts an array for its first argument.
https://www.php.net/manual/en/function.proc-open.php#refsect1-function.proc-open-parameters
2020-05-10 21:11:27 -04:00
Brown
48da7a4be8
Fix issues found with Vimeo’s code
2020-05-10 21:09:48 -04:00
Matthew Brown
733da0e539
Fix #3311 - don’t erroneously mark a class as undefined
...
As they can sometimes only be obvious once an autoloader has been registered
2020-05-10 15:55:44 -04:00
Matthew Brown
4b388a2951
Fix ref
2020-05-10 11:35:35 -04:00
Brown
55222573ea
Mark as possibly-undefined any variable that wasn’t present when the loop began
...
Fixes #3332
2020-05-10 11:17:50 -04:00
Brown
28349c6423
Remove mixin_fqcln hack
2020-05-10 09:04:30 -04:00
Brown
58c63bd1b2
Migrate generic param comparison method
2020-05-08 22:49:08 -04:00
Brown
75761647c2
Fix #3321 - allow interface methods to be mapped
2020-05-08 14:52:53 -04:00
Brown
640ffdb324
Fix #3323 - make short object-like arrays sealed tuples
2020-05-08 14:36:06 -04:00
Brown
2d5c2a9dd1
Fix #3324 - prevent crash asserting on possibly-undefined variable
2020-05-08 14:21:10 -04:00
Brown
65b4263315
Fix #3320 - add final flag to pseudo methods where appropriate
2020-05-08 07:28:12 -04:00
Brown
4295f9525f
Fix #3313 - add check for very specific pattern
2020-05-07 12:30:15 -04:00
Brad Kent
18ee440e3f
update mysqli_stmt::__construct signature ( #3315 )
2020-05-07 12:08:22 -04:00
Brown
20bcfb096a
Fix #3305 - use the same issue type for short closures as closures
2020-05-06 09:57:02 -04:00
Brown
a089d8bd58
Fix #3296 - propagate final flag to static calls in return types
2020-05-03 20:42:06 -04:00
Matthew Brown
dc64d4b1ca
Support evaluation of boolean conditionals in scanning stage
...
Fixes #3290
2020-05-03 10:44:00 -04:00
Matthew Brown
23b0a18632
Fix property type
2020-05-03 10:22:52 -04:00
Matthew Brown
b69c37acdf
Simplify logic around evaluating expressions a little
2020-05-03 10:19:15 -04:00
Brown
d99fbc0d4d
Remove blank line
2020-05-03 00:26:50 -04:00
Brown
b8a1f5d5c9
Allow destructuring on arrayaccess implementers
2020-05-03 00:08:03 -04:00
Brown
bf5e178d16
Fix #3289 - treat property on non-generic type like actual value
2020-05-02 23:37:59 -04:00
Brown
618a54ff41
Fix #3240 - check arguments when class cannot be found
2020-05-02 22:13:59 -04:00
Brown
aceaf6c356
Fix #3217 - don’t override abstract return type with parent one
2020-05-02 21:57:53 -04:00
Brown
d3fba74f75
Fix false-positive
2020-05-02 21:56:28 -04:00
Brown
3e0c4cfb75
Fix #3210 - prevent possibly-null array access from destructure
2020-05-02 20:36:41 -04:00
Brown
132b5c9358
Fix #3263 - inherit magic properties when using @mixin
2020-05-02 19:57:38 -04:00
Brown
29741cd76d
Remove earlier now-unnecessary fix
2020-05-02 19:24:48 -04:00
Matthew Brown
da5e8a4324
Increase type coverage for projects that use assert after mixed
2020-05-02 14:55:30 -04:00
feek
c5319fc379
fix: mixin parameter of self should be properly resolved ( #3280 )
...
Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-02 14:32:43 -04:00
Brown
07e5250292
Fix #3273 - add support for func_num_args() in conditional type
2020-05-01 16:02:53 -04:00
Brown
0d8b56dc78
Fix return type coalescing for conditional return types
2020-05-01 13:04:48 -04:00
Brown
6024447ca0
Expand function-based template types before comparing against inherited
...
Fixes #3276
2020-05-01 12:40:10 -04:00
Brown
5e76467378
Fix #3279 - make sure self/parent references in mixin use existing class
2020-05-01 11:23:02 -04:00
Brown
117a4d4d40
Require callable() have a return type when in conditional
...
Fixes #3260
2020-04-30 23:35:13 -04:00
Brown
bb1c8a9d74
Don’t clobber intersection types after generic in union
...
Fixes #3274
2020-04-30 23:15:16 -04:00
Brown
470bf807b7
Add better handling of expression termination
2020-04-30 22:23:37 -04:00
Brown
9e6797d297
Add protection from ComplicatedExpression
2020-04-30 22:23:07 -04:00
Brown
ce8fb459e9
Allow complex types in conditional is expressions
...
Ref #3277
2020-04-30 22:02:37 -04:00
Brown
8ab5a0f504
Probably safe to un-negate a class string assertion without autoloader
2020-04-30 12:48:21 -04:00
Brown
21f4deed3b
Fix #3268 - infer generator return for closure
2020-04-29 16:52:37 -04:00
Brown
555f525038
Add type
2020-04-29 14:58:48 -04:00
Brown
891c66650b
Prevent unintersectable template lower bounds
...
Ref #3264
2020-04-29 14:57:57 -04:00
Andrii Dembitskyi
d3fd9a6acf
Fix #3265 ( #3267 )
...
We should add function body
2020-04-29 12:30:04 -04:00
Brown
e782329821
Add slashes
2020-04-28 23:42:53 -04:00
Brown
63c190ff83
Fix #3257 - refine as type and clone where necessary
2020-04-28 22:26:54 -04:00
orklah
8571746f8a
Add hook for plugins after FunctionLikeAnalysis ( #3258 )
2020-04-28 15:30:51 -04:00
Brown
a0667f1543
Remove accidentally-added interface
2020-04-28 15:27:09 -04:00
Brown
05ff8d0142
Prevent invalid [] brackets in tree
...
Fixes #3246
2020-04-28 15:18:50 -04:00
Brown
a402d4598b
Define with single argument should not trigger a notice
...
Fixes #3254
2020-04-28 14:43:12 -04:00
Brown
d56c5c9782
Fix #3256 - fix parsing of colons in callable inside conditional
2020-04-28 10:55:17 -04:00
Grégoire Paris
1fb1c2195d
Allow non-string keys ( #3221 )
...
Although it would be stupid to provide an array with exclusively
non-string keys, it's possible to have an array with a bit of both.
See for instance
155d028be0/tests/Doctrine/Tests/DBAL/Functional/DataAccessTest.php (L263-L276)
2020-04-27 22:49:07 -04:00
Brown
f0487c216d
Add slash
2020-04-27 09:50:27 -04:00
Brown
95dbb93732
Fix #3237 - allow mixin to reference generic params
2020-04-27 09:10:24 -04:00
Brown
189cd2bdc8
Fix key stringg
2020-04-27 00:50:07 -04:00
Brown
755ada9114
Fix #3234 - infer iterator key types properly
2020-04-27 00:41:34 -04:00
Brown
f91e94b64e
Make sure to remember correct positions of @var references
2020-04-27 00:05:20 -04:00
Brown
10f3bef743
Fix type check
2020-04-26 20:21:24 -04:00
Brown
e65bffc94f
Support intersections with __toString
...
Fixes #3149
2020-04-26 20:04:41 -04:00
Fabien Villepinte
5087feff79
Fix #2845 - FunctionReturnTypeProvider for sscanf ( #3233 )
...
Co-authored-by: Fabien Villepinte <fabien.villepinte@displayce.com>
2020-04-26 17:36:44 -04:00
Brown
ebcb0b8cc4
Fix #3228 - support IteratorIterator wrapping
2020-04-26 16:59:03 -04:00
Brown
d88c31f461
Support templated @mixin
2020-04-26 16:49:52 -04:00
Brown
83fe3a2fd9
Complain about malformed @property annotation
2020-04-26 10:10:14 -04:00
Brown
e1c6fcc707
Fix #3215 - suppress PossiblyUndefinedMethod in synthetic call
2020-04-24 00:11:32 -04:00
Brown
e9666372d0
Fix coercion
2020-04-22 16:27:43 -04:00
Brown
507f5f4afa
Add context-sensitive conversion
2020-04-22 16:08:04 -04:00
Brown
a670aa7ddc
Fix #3214 - allow if/else branches of conditional to both be arrays
2020-04-22 16:07:13 -04:00
Brown
52c0346b65
Fix #3213 - make sure static is bound from a static call with set class
2020-04-22 11:34:46 -04:00
Fabien Villepinte
a93bf28532
Fix #3045 - ignore mixed assignments to variables named $_ ( #3211 )
2020-04-21 20:18:38 -04:00
still-dreaming-1
16fa208a60
Made compact's return array key type more specific ( #3209 )
2020-04-21 20:18:11 -04:00
Matthew Brown
1b752d06ab
Fix #3201 - add additional constraints on constructor initialisation
2020-04-21 00:04:47 -04:00
Brown
8f57d0c738
Fix #3204 - normalise function ids where possible
2020-04-20 21:38:35 -04:00