1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-15 02:47:02 +01:00
Commit Graph

2876 Commits

Author SHA1 Message Date
lhchavez
ba63ccb825
Improve \Psalm\Internal\Scanner\DocblockParser::parse() (#3736)
This change avoids calling `str_replace()` on the original docblock and
instead only operates on the parsed (and modified) lines. This now makes
it so that if there are substrings of the docblock that match a tag
match, it won't get prematurely removed, therefore avoiding mangling of
the parsed docblock's description.

Fixes: #3735
2020-07-02 17:55:57 -04:00
Brown
1745f5cafa Fix too-long line 2020-07-02 15:32:13 -04:00
Brown
cb94764d22 Prevent false-positive for Exception::__toString overriding 2020-07-02 14:09:56 -04:00
Brown
0c582e9993 Fix #3685 - improve handling of if conditionals inside do 2020-07-02 13:59:59 -04:00
Brown
cf1a8ac5fc Suppress taints in instance properties 2020-07-02 12:08:42 -04:00
Brown
67b2edc328 Allow more things to be suppressed with @psalm-suppress TaintedInput 2020-07-02 11:53:51 -04:00
Brown
ea82cdc6ea Fix #3726 - infer generic template from class-string 2020-07-02 01:11:46 -04:00
Brown
ae7c5b095b Fix #3712 - allow taints to be suppressed with @psalm-suppress 2020-07-01 23:23:45 -04:00
Tyson Andre
e3d59bf5d4
Support taint detection on Throwable::getTraceAsString() (#3731)
And `__toString()`, which uses getTraceAsString().

Fixes #3696

```php
function login($username, $password, $secret) {
    throw new RuntimeException('login failure');
}
try {
    login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
    // This output includes unescaped 'pass' and SECRET
    echo $e, "\n";
    echo $e->getTraceAsString();
}
```
2020-07-01 21:27:40 -04:00
Brown
0f548c83ea Fix redundant condition 2020-07-01 19:31:10 -04:00
Brown
6c62e46d15 Only emit one error for erroneous array_map string closure types 2020-07-01 19:18:01 -04:00
Brown
4d73b2501b Allow multiple args passed to array_map 2020-07-01 19:11:49 -04:00
Brown
70ab4c18f4 Fix #3720 - allow literal unions in keys to map to object-like arrays 2020-07-01 18:57:19 -04:00
Olle Härstedt
d8e8ce428e
Add new annotation: @psalm-self-out (#3650)
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

* New tag @self-out (WIP)

* Add self_out_type to method storage

* Add some notes

* More work on self-out (WIP)

* More work on self-out (WIP)

* Use psalm-self-out instead of self-out

* Remove extra file

* Cleanup

* Wrap around try-catch - how to check if a method has/should have storage?

* New method hasStorage()

* Fix indentation

* Fix some errors

* Fix indentation

* Cast storage type to type

* Add proper use-statement in method storage

* Correct test class name

* Allow self_out to be null

* method_id can be string (why, when?)

Co-authored-by: Olle <noemail>
2020-07-01 18:10:24 -04:00
Tyson Andre
b0a3de47e8
Mark create_function() as a taint sink (#3729)
create_function() is a thin wrapper around eval().
Fixes #3723
2020-07-01 18:09:30 -04:00
Brown
e13da22292 Allow cloning interfaces 2020-07-01 11:14:31 -04:00
Brown
fca350c498 Prevent a few crashes with really bad code 2020-07-01 10:30:10 -04:00
Brown
6047b7b6cb Fix #3719 - prevent crash when cloning missing class 2020-07-01 10:10:55 -04:00
Brown
4c368da75e Fix #3721 - prevent crash on empty @method 2020-07-01 09:00:33 -04:00
Brown
17558a5c0e Fix #3676 - add multiline output for TaintedInput issues 2020-06-30 13:17:51 -04:00
Brown
671009a70c Specialize constructor taints cc @TysonAndre 2020-06-29 21:08:43 -04:00
Brown
7288dfc620 Fix #3715 - unserialize is a taint sink 2020-06-29 17:54:47 -04:00
Brown
7253e01000 Fix #3716 - prevent crash for Foo|? return type 2020-06-29 17:52:55 -04:00
Brown
e56483bb54 Fix #3711 - generalize call of specialized class without specializations 2020-06-29 17:42:01 -04:00
Brown
ab29ac0e51 Only cast in echo when tracking taints 2020-06-29 15:06:11 -04:00
Brown
cff976049d Remove unused vars 2020-06-29 13:24:05 -04:00
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
45c21853e5 Fix #3709 - don’t crash on inherited __toString tainting 2020-06-29 12:11:11 -04:00
Brown
aab90fb74e Fix Psalm errors 2020-06-29 09:29:19 -04:00
Brown
38977d797e Fix #3697 - cast types via implied __toString method 2020-06-29 09:13:19 -04:00
Brown
b54b832838 Break out method call tainting 2020-06-29 00:14:49 -04:00
Barney Laurance
3f8aa64ee9
Treat methods of internal or psalm internal classes as internal (#3698)
When both the method and the class are annotated as psalm-internal,
but to different namespaces, we consider the method internal to
whichever namespace is longer, i.e. the smaller code module.

Issue reported at https://github.com/vimeo/psalm/issues/3457
2020-06-28 13:15:54 -04:00
Simon Podlipsky
0f727e7607
Add RdKafka\ProducerTopic::producev() to CallMap (#3700) 2020-06-28 13:15:11 -04:00
Brown
c95ebfeb21 Fix #3694 - allow two args for PDO::query 2020-06-26 18:26:06 -04:00
Fabien Villepinte
c42dadaf0d
Redis::getDbNum|getHost can return false (#3673) (#3693) 2020-06-26 18:14:10 -04:00
Tyson Andre
3a9c7432e1
Add psalm-taint-specialize for preg_replace_callback (#3683)
Fixes https://psalm.dev/r/517c4a169e
2020-06-26 08:58:57 -04:00
Brown
bcd7478352 Reduce memory footprint a little 2020-06-25 19:12:30 -04:00
Brown
559b3d3471 Fix #3681 - taint exit like echo 2020-06-25 17:17:08 -04:00
Brown
07f7e5ccaf Reconciling should preserve taints
Fixes #3680
2020-06-25 17:04:18 -04:00
Brown
9837a60853 Fix #3675 - add taints to filter_var return
Doesn’t yet take callback into account
2020-06-25 13:24:26 -04:00
Brown
9e7650586b Fix bugs 2020-06-25 13:21:11 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
f458959af5 Add param type 2020-06-25 01:40:19 -04:00
Brown
d7f1bde6da Refactor taint acccess checks 2020-06-25 01:32:57 -04:00
Brown
b8ebed0b85 Add a bit more accuracy 2020-06-25 01:00:11 -04:00
Brown
e26922010a Improve accuracy of array nesting checks 2020-06-25 00:50:52 -04:00
Brown
b84cf74754 Fix #3668 - taint property types for magic properties without @property 2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a Fix #3670 - taint mixed foreach access 2020-06-24 19:16:30 -04:00
Brown
a6c7a48387 Add support for argument unpacking
Ref #3670
2020-06-24 18:43:15 -04:00
Tyson Andre
1670848267
Mark print() statement as the same sink type as echo (#3669) 2020-06-24 17:23:16 -04:00
Brown
de85e7c539 Fix blips 2020-06-24 13:19:14 -04:00
Brown
7a7cd91c24 Fix #3631 - better treatment for assignments in complex conditionals 2020-06-24 13:16:52 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Brown
c29b3744ec Change storage of out types 2020-06-24 11:51:31 -04:00
Brown
96d05ab06b Fix #3654 - use correct function id for namespaced functions 2020-06-23 16:53:11 -04:00
Brown
6a746b65ea Fix #3655 - taint encapsulated strings 2020-06-23 16:38:59 -04:00
Brown
13fc8a75fd Allow taints to flow where no return type exists
Fixes #3652
2020-06-23 15:52:19 -04:00
Brown
f46236ad71 Taint flows through preg_replace_callback 2020-06-23 15:28:31 -04:00
Brown
f72b609d42 Fix #3642 - detect missing property when name matches 2020-06-23 13:12:46 -04:00
Brown
4d6fc4d0ca Fix get_class($foo) === static::class checks 2020-06-23 13:11:19 -04:00
Brown
9b860214d5 Fix #3639 - allow coerced types to count when picking callmap options 2020-06-22 20:24:34 -04:00
Brown
1f86afece7 Revert "Fix #3631 - apply assertions to RHS of equality in conditional"
This reverts commit 9c17795545.
2020-06-22 20:01:27 -04:00
Brown
fc8212e207 Fix static call specialisation via annotation 2020-06-22 18:40:43 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
7f05b3c530 Add $_REQUEST as a taint source
Ref #3636
2020-06-22 17:16:15 -04:00
Brown
9c17795545 Fix #3631 - apply assertions to RHS of equality in conditional 2020-06-22 15:16:16 -04:00
Brown
dddc159694 Add explicit path object 2020-06-22 02:10:03 -04:00
Brown
36f1630e03 Add more steps for clearer output 2020-06-22 01:08:58 -04:00
Brown
02e8313c39 Allow taintedness to propagate to some stubbed methods 2020-06-21 18:07:39 -04:00
Brown
fbe3433edd Use escape terminology 2020-06-21 11:43:08 -04:00
Brown
07adecc6eb Use correct method id when creating taints 2020-06-21 02:06:08 -04:00
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00
Brown
8edee96d8d Fix taint regression 2020-06-20 18:10:01 -04:00
Brown
80ed1daf33 Allow static method mixin to invoke instance method 2020-06-20 18:05:35 -04:00
Brown
2ccec821f8 Fix #3624 - inherit magic property annotations from traits 2020-06-20 16:53:17 -04:00
Brown
2c5c9e95e1 Don’t add two @return docblocks after @method 2020-06-20 15:30:47 -04:00
Brown
edbeec2c6a Fix @method annotation namespacing 2020-06-20 15:18:22 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash (#3612) 2020-06-19 18:02:39 -04:00
Brown
51202c75ea Add taint docs 2020-06-19 11:56:12 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods (#3615) 2020-06-19 11:51:08 -04:00
Brown
b1c836e5f3 Improve specialisation after call 2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
078b8b7b1a Fix #3618 - add way to load non-analyzed files 2020-06-19 00:13:09 -04:00
Brown
eecdc43ce7 Remove stray commas 2020-06-18 20:15:38 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4 Track taints from all tainted arrays 2020-06-18 13:45:58 -04:00
Brown
7d9a99a956 Fix #3609 - interpret strings as regular static calls 2020-06-18 11:56:08 -04:00
Brown
f609a01497 Move static property fetch analyzer to own class 2020-06-18 11:53:24 -04:00
Brown
98622783ec Allow lists to have their types refined
Fixes #3605
2020-06-18 10:01:16 -04:00
Bruce Weirdan
6fb63903c1
Infer better types for magic constants used in const initializers (#3602)
Fixes vimeo/psalm#3464
2020-06-18 09:48:51 -04:00
Brown
137647a1a0 Fix #3603 - better typed value comparisons for loose equality 2020-06-18 09:31:38 -04:00
Brown
7fc1f50f54 Fix potential nullref 2020-06-17 16:40:35 -04:00
Brown
4870774ea4 Allow falsable issues on DateInterval::$days 2020-06-17 16:28:26 -04:00
Brown
0a8b9b56ab Fix #3600 - conditional return should be removed before comparison 2020-06-17 12:57:50 -04:00
Jaik Dean
02b15b83ff
Fix argument types for Redis::zRevRangeByScore() and Redis::zRevRangeByLex() (#3597) 2020-06-17 11:50:03 -04:00
Teemu Koskinen
bfae4af030
tidyNode->child will be null if the node does not have any children (#3599)
https://github.com/php/php-src/blob/master/ext/tidy/tidy.c#L696
2020-06-17 09:29:23 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578)
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
2020-06-15 22:36:42 -04:00
Brown
03e9649d49 Fix tainting of function calls absent taintable params 2020-06-15 20:59:48 -04:00
Brown
56ef220e49 Fix bugs in taint specialisation 2020-06-15 18:34:56 -04:00
Brown
bbada7ba8d Ensure correct vars are used 2020-06-15 17:16:12 -04:00
Brown
05cb39814c Improve performance of long switch checks 2020-06-15 16:23:19 -04:00
Brown
8c5a434dc8 Allow updating array by reference 2020-06-15 14:45:08 -04:00
Matthew Brown
081a284759 Fix #3567 - remember which variables a callable sets byref in use 2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650 Fix #3551 - count method can be impure 2020-06-14 11:06:53 -04:00
Matthew Brown
683bde9540 Fix #3573 - allow UnnecessaryVarAnnotation to be suppressed 2020-06-13 16:48:10 -04:00
Matthew Brown
19ba53f28c Fix too-long line 2020-06-13 16:45:54 -04:00
Matthew Brown
427f470806 Fix #3586 - ensure templated trait params more accurate 2020-06-13 16:37:39 -04:00
Matthew Brown
edb2b4c5ef Get type of requires 2020-06-13 15:48:12 -04:00
Gabriel Ostrolucký
8ca7a88c41
Mark fgetcsv impure (#3582)
fgetcsv standalone is used to skip current row for consecutive reads
2020-06-13 00:32:00 -04:00
Andrei Petre
3497ca07b6
Extending final class is prohibited #3037 (#3576) 2020-06-13 00:29:59 -04:00
Bruce Weirdan
a99f92ae3a
Fix vimeo/psalm#3572 (#3575)
session_decode has side effects
2020-06-13 00:28:56 -04:00
Brown
9bfe50b20a Always analyse cast expressions
Fixes #3577
2020-06-12 17:25:46 -04:00
Brown
211f014356 Fix #3571 - make callable():void valid for callable():?Foo 2020-06-12 14:26:31 -04:00
Brown
45ea5d0bfe Add a couple more shortcuts for common pattern
Fixes #3563
2020-06-12 11:18:34 -04:00
Brown
9ca6c868b7 Fix #3563 - add workaround for == true 2020-06-12 10:58:44 -04:00
Tim van Dijen
7fa48f3508
Fix return type for preg_grep (#3565) 2020-06-11 11:59:14 -04:00
Brown
f67b61f6cc Fix reconciliation of template param to literal string
Fixes #3510
2020-06-11 11:58:31 -04:00
Brown
16189782ab Inherit whether methods are sealed from parent
Ref #3561
2020-06-11 11:28:41 -04:00
Brown
ec0a4c7c96 Require ReflectionMethod get a class-string 2020-06-11 11:07:57 -04:00
Jáchym Toušek
c6611cfcd1
Update ext-ds stubs (#3559) 2020-06-10 17:27:39 -04:00
Gregor Harlan
235093ecc4
Add PharData::offsetGet/offsetExists to CallMap (#3557) 2020-06-10 17:26:22 -04:00
Brown
5617e9d7c9 Fix array_values call 2020-06-09 19:06:08 -04:00
Brown
286a8f911a Add support for static mixin calls
Fixes #3552
2020-06-09 18:39:52 -04:00
Brown
a6c0991073 Fix #3532 - expand type alias types recursively 2020-06-07 12:01:04 -04:00
Matthew Brown
91e76f7173 Fix #3536 - Make method return type provider aware of original called method 2020-06-06 23:35:08 -04:00
Matthew Brown
0ac739fd48 Fix #3534 - allow magic method call on mixin 2020-06-06 23:28:32 -04:00
Matthew Brown
739d23e5f0 Use alias 2020-06-06 23:27:25 -04:00
Matthew Brown
3d7288afcb Fix #3529 - static intersected with itself is static 2020-06-06 20:10:50 -04:00
Matthew Brown
ce445636e7 Fix #3535 - match template param class constants properly 2020-06-06 20:02:14 -04:00
Matthew Brown
74a34f066c Don’t check classes if literal strings are allowed
Fixes #3538
2020-06-06 19:31:42 -04:00
Brown
4f87cca55b Fix #3537 - improve parsing for @mixin annotations 2020-06-06 18:15:24 -04:00
Matthew Brown
243c09de37
Make property protected 2020-06-06 12:24:16 -04:00
Brown
fcf0a681d9 Fix #3531 - ignore mixed returns from template 2020-06-06 10:33:49 -04:00
Brown
438eb17e58 Fix #3367 - ensure --diff works after second run, not third 2020-06-05 12:09:38 -04:00
Brown
cf92361338 Fix #3522 - only use property pass-through when it’s visible 2020-06-04 16:15:07 -04:00
Brown
a4aa44494f Fix #3519 - prevent empty callable string 2020-06-04 15:40:53 -04:00
Šimon Podlipský
596213c2c3
Make ext-ds to array return list<V> (#3520) 2020-06-04 09:56:00 -04:00
Matthew Brown
c9ee691595
Fix suppression 2020-06-04 09:55:32 -04:00
Brown
5c80dc3299 Fix #3515 - add merge method to Vector 2020-06-03 16:50:01 -04:00
Brown
fd74d3284d Add support for PHPParser 4.5.0 2020-06-03 14:58:08 -04:00
LeSuisse
1f8dc26d1d
Fix signatures of stream_filter_append and stream_filter_prepend (#3514)
filterparams is not restricted to an array, it is perfectly to pass a
class or any other value.

See https://github.com/php/php-src/blob/php-7.4.6/ext/standard/streamsfuncs.c#L1171
2020-06-03 12:50:40 -04:00
Brown
7caaa64825 Fix #3418 - don’t override with send type when @psalm-yield is given 2020-06-02 13:27:17 -04:00
Brown
4d149de764 Fix #3506 - prevent black classes in throws check 2020-06-01 14:56:27 -04:00
Markus Staab
efcc28be02
Fixed mysql::$insert_id type (#3496)
* Fixed mysql::$insert_id type

* Update PropertyMap.php

* Update src/Psalm/Internal/PropertyMap.php
2020-05-31 18:53:30 -04:00
Brown
be8fd3ea19 Fix #3481 - treat an iterable like a Traversable when comparing to object 2020-05-31 01:22:43 -04:00
Brown
86b894eca5 Treat iterables as traversable when comparing to named object 2020-05-31 00:55:45 -04:00
Brown
c1d8912a9b Bust cache more 2020-05-30 19:11:57 -04:00
Brown
4e21e54ee1 Fix #3491 - provide correct types for substitution 2020-05-30 19:11:41 -04:00
Markus Staab
0e298a6f13
Removed unexisting property mysqli::stat (#3501) 2020-05-30 17:03:04 -04:00
orklah
76f5def268
Use scandir and glob flags to reduce their performance impact (#3499)
* Use scandir and glob flags to reduce their performance impact

* Order seem to impact Tests here
2020-05-30 17:02:35 -04:00
Markus Staab
f24d7abcd9
Made mysqli_warning::$sqlstate a string (#3497) 2020-05-30 17:01:20 -04:00
orklah
428beb21fb
Improve stubs for str_replace and preg_replace (#3495)
* expand accepted values for str_replace and preg_replace. Make return conditional based on type of $subject

* Remove int|float from str_replace/preg_replace

Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-30 16:59:18 -04:00
orklah
51bf7f38de
Fix #3438 (#3494) 2020-05-30 16:55:55 -04:00
El Azimov
bed5a74065
Add wildcard support for class constants in template. (#3489)
Co-authored-by: El Azimov <el.azimov@rocks>
2020-05-30 16:55:18 -04:00
orklah
1621a9f3ea
Add checks for duplicated params and returns (#3487) 2020-05-30 16:54:16 -04:00
orklah
062db0ffcf
Fix #3437 (#3493) 2020-05-30 14:38:12 -04:00
Brown
db67be5965 Fix #3483 - analyse variable static property access properly 2020-05-29 09:28:34 -04:00
Brown
235704ad49 Fix #3484 - use better method to determine constant existence in wildcard checks 2020-05-29 09:09:59 -04:00
Matthew Brown
73797f7498 Add more default sinks 2020-05-29 00:24:07 -04:00
Brown
30907f0269 Clean up comment parsing 2020-05-28 22:14:41 -04:00
Brown
b932163d5d Make parser a little cleaner 2020-05-28 14:31:17 -04:00
feek
5330dcbd7a
fix: pass along final (#3471) 2020-05-28 01:59:24 -04:00
still-dreaming-1
1bb884bd84
__TRAIT__ can be string or non-empty-string (#3469)
depending on whether or not it is used from inside a __TRAIT__
2020-05-27 19:23:46 -04:00
still-dreaming-1
9189335715
Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-s… (#3468)
* Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-string

* __TRAIT__ should stay string in case used outside a trait

Co-authored-by:  <jesse@LAPTOP-73CA4O5T.localdomain>
2020-05-27 18:21:26 -04:00
Brown
3c60609c21 Support better mixin handling 2020-05-27 11:12:09 -04:00
Brown
9b413cfccc Improved understanding of array_key_exists
Fixes #3463
2020-05-27 09:03:36 -04:00
Brown
b9ea115487 Support string class_alias calls with leading backslash
Fixes #3465
2020-05-27 08:14:47 -04:00
Brown
ef53ee3a3b Fix crash on aliased exception
Ref #3465
2020-05-27 08:09:58 -04:00
Brown
769ac5c052 Fix #3458 - scope templated mixin accurately 2020-05-26 23:32:07 -04:00
Brown
d04e21ee5a Define mixin declaring classname 2020-05-26 23:32:07 -04:00
Brown
b4855b3ecd Catch errors during yield annotation tokenisation
Fixes #3430
2020-05-26 17:57:55 -04:00
Brown
3da3d61270 Fix #3434 by removing extraneous call to simplifyType 2020-05-26 17:55:54 -04:00
Brown
0ef00f5756 Fix #3460 - allow isset checks on static properties 2020-05-26 17:40:27 -04:00
Brown
f0a5bd74b6 Detect never-return statement same as a throw 2020-05-26 15:02:23 -04:00
Brown
a2b6326a84 Change specialize-call to taint-specialize 2020-05-26 14:18:43 -04:00
Brown
ecb179c784 Migrate min/max function calls back to CallMap 2020-05-26 12:28:56 -04:00
Brown
a266d4748b Fix build 2020-05-26 07:50:11 -04:00
Brown
953be61cf2 Allow limiting connected taint paths 2020-05-25 23:28:11 -04:00
Brown
7e7456c863 Make taint checks more thorough 2020-05-25 17:10:53 -04:00
Brown
2e6fc24867 Template callmap methods too
Fixes #3453
2020-05-25 14:21:06 -04:00
Brown
118b700436 Simplify sink mapping for internal calls 2020-05-25 13:10:06 -04:00
Brown
109920be88 Expand template param before comparison 2020-05-25 11:51:10 -04:00
Brown
be847472a2 Fix #3453 - allow conditional return types on instance methods 2020-05-25 09:39:30 -04:00
Brown
3416e33348 Fix indentation 2020-05-25 01:23:28 -04:00
Brown
240b2f898c Add some negative test cases for @mixin
Also fix #3452
2020-05-25 00:19:52 -04:00
Matthew Brown
806db80d63 Fix #3440 - literal string doesn’t contain numeric-string 2020-05-24 22:42:08 -04:00
Brown
ff5c17c044 Switch subtype messagearg order 2020-05-24 09:43:54 -04:00
orklah
72435757ea
Add false to possible parse_url return types (#3359) (#3445)
* Add false to possible parse_url return types (#3359)

* fix test
2020-05-24 09:19:58 -04:00
Brown
92a9a7efdf Handle flows into arguments a little better 2020-05-23 23:54:16 -04:00
Matthew Brown
1d17c02fba Fix #3442 - support broader type after initial array assignment 2020-05-23 23:23:50 -04:00
Matthew Brown
15e753e279 Fix #3443 - add InvalidDocblock issue for @psalm-assert Foo|!Bar 2020-05-23 22:52:21 -04:00
Brown
a198b09eb7 Add intermediary concat op node 2020-05-23 21:38:09 -04:00
Brown
f5a0622ad2 Fix style 2020-05-23 08:06:31 -04:00
Matthew Brown
0dee85d0b7
Remove redundancy 2020-05-23 01:48:56 -04:00
Brown
16af6a5773 Improve concat taint propagation 2020-05-23 01:11:16 -04:00
Brown
ee493909d7 Fix bugs 2020-05-23 00:08:16 -04:00
Brown
10c106f7eb Add eval sink 2020-05-23 00:03:29 -04:00
Brown
dc73e25157 Detect taints in include calls 2020-05-22 23:53:37 -04:00
Brown
e72288c85f Don’t error on badly-formatted taint annotation 2020-05-22 22:38:03 -04:00
Brown
e82c317d53 Adjust tolerances 2020-05-22 21:37:18 -04:00
Brown
fb3cb2c4d1 Only use plain return type if we’re not memoizing 2020-05-22 17:05:39 -04:00
Brown
bbc30a1747 Only recreate taints if non-null 2020-05-22 16:55:36 -04:00
Brown
4b1c3db760 Don’t memoize method call where we have a getter standin
Fixes #3427
2020-05-22 15:54:32 -04:00
Brown
4010129e96 Fix #3420 - add ds\vector::toArray method 2020-05-22 15:26:19 -04:00
Brown
0cb211784d Fix #3415 - flesh out Closure return type 2020-05-22 14:26:37 -04:00
Brown
27a009fd69 Fix #3417 - Treat $this as static-y 2020-05-22 13:32:26 -04:00
Brown
bebfac0ab6 Fix #3426 - allow falsy reconciliation for templated params 2020-05-22 13:16:48 -04:00
Brown
1b84fc2c12 Fix #3419 - don’t add null to return type when template/conditional return is used 2020-05-22 12:44:19 -04:00
Brown
8632cdb3cd Improve taint tracking during scanning phase 2020-05-22 12:33:48 -04:00
Brown
63c3678ae5 Improve property location resolution 2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680 Add faster taint analysis 2020-05-22 12:33:29 -04:00
Matthew Brown
6784a90b2f Fix #3423 - allow conditional with func_num_args() in namespace 2020-05-21 11:29:54 -04:00
Joe Hoyle
6f28d741bc
Display variable assignment type in LSP hovers (#3401)
* Add node references for variable assignments

* Break up line

Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-20 17:40:22 -04:00
Matthew Brown
3effdc5b69 Improve yield type substitution 2020-05-20 09:12:24 -04:00
Matthew Brown
2d02064962 Fix #3407 - allow multiple matching generic classes in union 2020-05-20 09:11:17 -04:00
Jáchym Toušek
8855b6c1d9
Fix Ds\Map methods (#3412) 2020-05-20 07:27:25 -04:00
Brown
2ec76f01c2 Fix redundant condition 2020-05-19 20:11:25 -04:00
Brown
27cb660377 Respect possibly-undefined array keys while merging
Fixes #3393
2020-05-19 20:10:01 -04:00
Brown
a4141a7581 Fix #3327 - convert void to null when comparing conditional type with nullable 2020-05-19 19:48:11 -04:00
Brown
f335560b69 Allow setting property on templated type 2020-05-19 17:31:05 -04:00
Brown
6ec5763847 Filter out traversable possibly-mixed too 2020-05-19 16:26:00 -04:00
Brown
a3214012a6 Only convert userland functions 2020-05-19 16:15:41 -04:00
Brown
baeb86ca8f Fix #3403 - remove possibly-mixed key 2020-05-19 16:12:37 -04:00
Brown
4415e0f69c Fix special case calling callable param with string non-global function
Fixes #3411
2020-05-19 15:48:31 -04:00
Matthew Brown
777b6e8d91 Simplify conditional 2020-05-19 15:07:30 -04:00
Brown
b5ae0167a2 Fix typo 2020-05-19 14:58:53 -04:00
Brown
b38d945b12 Cast null and false to empty string
Ref #3408
2020-05-19 14:53:06 -04:00
Brown
8becefda04 Forbid :: in object-like key name
Ref #3399
2020-05-19 14:38:46 -04:00
Šimon Podlipský
dc82243edc
Add RdKafka:flush() to CallMap (#3410) 2020-05-19 12:56:58 -04:00
Brown
0b2da18f1e Break up StatementsAnalyzer 2020-05-19 12:56:30 -04:00
Šimon Podlipský
47cf69ded1
Fix RdKafka maps (#3404)
Resolves #3388
2020-05-19 10:13:25 -04:00
Brown
666cc3b4c9 Fix BinaryOp analysis 2020-05-18 23:00:53 -04:00
Brown
8e5b330c5a Break apart CallAnalyzer 2020-05-18 22:57:00 -04:00
Brown
5b06c206e0 Move classes into deeper namespace 2020-05-18 22:52:33 -04:00
Brown
ace049a068 Beautify BinaryOpAnalyzer 2020-05-18 18:57:09 -04:00
orklah
478bb267d8
stubs for array_sum (#3395) 2020-05-18 17:23:21 -04:00
Brown
8c86d47eb7 Downgrade some PossiblyInvalidClone issues 2020-05-18 17:18:13 -04:00
Brown
4ca83ca30d Add slash 2020-05-18 17:05:47 -04:00
Brown
3a582dde8d Allow merging of numeric-string and literal string 2020-05-18 16:57:16 -04:00
Brown
2312523318 Support merging of numeric-string with literal 2020-05-18 16:56:09 -04:00
Brown
b62f646388 Fix #3391 - move_uploaded_file mutates 2020-05-18 16:26:08 -04:00
Evgeniy
04a576708c
Correct analyze clone expression (#3382)
* Correct analyze clone, add PossibleInvalidClone issue type

* Infer mixed type when possible incorrect clone

* Remove unused variable
2020-05-18 16:22:50 -04:00
Brown
ea0a99d3a8 Fix bad merge 2020-05-18 16:02:10 -04:00
Brown
5ee1487a01 Make ExpressionAnalyzer more beautiful 2020-05-18 15:13:27 -04:00
SignpostMarv
911ac2d363
Infer numeric-string from (string)$numeric (#3390)
* adding test for vimeo/psalm#3370

* check if typecast will result in numeric-string

* int & float as per examples in vimeo/psalm#3370
* numeric & numeric-string because they shouldn't lose numericness.

* satisfy phpcs

* adjusting assertions to reflect typecasting change
2020-05-18 13:42:47 -04:00
Brown
21798efed2 Fix #3388 - eliminate null after < 0 check 2020-05-18 08:52:44 -04:00
Mark Sch
9aa46221f6
Use pretty print for JSON reporting. (#3364)
* Use pretty print for JSON reporting.

* Use pretty print for JSON reporting.

* Use pretty-print option on CLI for BC.

* Change static:: const to self::

Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-18 08:40:20 -04:00
orklah
3e7f5df7e1
Solve more cases when docblock rendering is not needed (#3387) 2020-05-18 07:16:18 -04:00
Matthew Brown
b0ffaf0077 Fix type coercion 2020-05-17 22:51:48 -04:00
RJ Garcia
fd15bfc65d
Infer Return Types for Arrow Functions #3376 (#3385)
* Infer Return Types for Arrow Functions #3376

- Made a small patch to check for closure or arrow
  function when attempting to infer the functions
  params
- Added new isExprClosureLike to start to consolidate
  all checks on closure/arrow fns

Signed-off-by: RJ Garcia <ragboyjr@icloud.com>

* Use better check

* Remove unused method

Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-17 22:17:35 -04:00
orklah
dd4927a14c
Avoid regenerating docblock when no modification is made (#3374)
* Avoid regenerating docblock when no modification is made

* Generate empty docblock before, in case there was no docblock at all
2020-05-16 16:44:47 -04:00
Jefersson Nathan
f824cc380a
Add more test case scenario for @psalm-import-type (#3375)
* Add test case scenario for @psalm-import-type

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>

* Add fix for @psalm-import-type test

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>

* Add test for import ocross namespaces

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>

* Add tests for failing cases

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>
2020-05-16 16:43:35 -04:00
Matthew Brown
4dd0a2b775 Fix #3380 - allow comparisons between template param and empty array 2020-05-16 16:41:07 -04:00
Matthew Brown
f6342a40d9 Remove unnecesary conditional check for do
Fixes #3378
2020-05-16 16:32:36 -04:00
Nobu Funaki
abef8008bc
Fix InvalidCast after is_callable([$val, '__toString']) check (#3372)
Support is_callable() with an array argument similar to method_exists()
2020-05-16 08:50:43 -04:00
Brown
c62e08a88e Support intersection of type aliases 2020-05-15 16:18:52 -04:00
Brown
111303d913 Add non-empty-lowercase-string type 2020-05-15 10:18:05 -04:00
Brown
013467dc0e Add reference to ensure proper hydration 2020-05-15 00:31:55 -04:00
Brown
0086eb25a2 Remove duplicate types with @psalm-import-type 2020-05-15 00:16:20 -04:00
Brown
2d92943625 Add support for expansion of type aliases 2020-05-15 00:15:48 -04:00
Brown
9f3f7bb946 Consolidate ThreadData types 2020-05-14 23:44:22 -04:00
Brown
c212c03e40 Don’t stop analysing when encountering an UndefinedGlobalVariable
Fixes #3366
2020-05-14 22:51:51 -04:00
Brown
ae48c1895f Fix #3365 - add support for negated empty string checks 2020-05-14 22:09:37 -04:00
Brown
48504aa88c Pass through typa aliases where appropriate 2020-05-14 00:48:58 -04:00
Brown
006c6e09f1 Add more details to type alias creation 2020-05-14 00:41:50 -04:00
Brown
2327a0db6b Add TTypeAlias object with a creation path 2020-05-13 19:49:03 -04:00
Brown
190c9ce27e Use TypeAlias object to allow future extension 2020-05-13 19:29:59 -04:00
Brown
0fc3398631 Move parsing methods into internal namespace 2020-05-13 19:12:45 -04:00
Brown
2af0a17d03 Fix #3236 - allow use-checking of more methods starting with __ 2020-05-12 22:39:26 -04:00
Matthew Brown
8c236f411a Fix #3353 - allow extending nested when nested as type is mixed 2020-05-12 15:07:16 -04:00
Brown
3e58163180 Prevent empty function id
Ref #3354
2020-05-12 12:54:06 -04:00
Brown
d8cd30b34a Fix #3340 - catch more errors in @method type parsing 2020-05-11 18:39:07 -04:00
Brown
0d5d7c8938 Add null check 2020-05-11 11:56:07 -04:00
Brown
291018034b Remove unnecessary PHP code 2020-05-11 11:36:50 -04:00
Brown
3554aa4435 Fix crash newly introduced 2020-05-11 09:34:07 -04:00
Brown
eefd2e743b Use generic function definition for sscanf
cc @villfa
2020-05-10 23:58:51 -04:00
Brown
8f2f2617d4 Improve refactor 2020-05-10 22:45:01 -04:00
Brown
5f4d162dd5 Break out type expander into separate class 2020-05-10 22:39:18 -04:00
sj-i
fa601f97d7
update proc_open() types for PHP 7.4 (#3333)
as of PHP 7.4, proc_open() accepts an array for its first argument.
https://www.php.net/manual/en/function.proc-open.php#refsect1-function.proc-open-parameters
2020-05-10 21:11:27 -04:00
Brown
48da7a4be8 Fix issues found with Vimeo’s code 2020-05-10 21:09:48 -04:00
Matthew Brown
733da0e539 Fix #3311 - don’t erroneously mark a class as undefined
As they can sometimes only be obvious once an autoloader has been registered
2020-05-10 15:55:44 -04:00
Matthew Brown
4b388a2951 Fix ref 2020-05-10 11:35:35 -04:00
Brown
55222573ea Mark as possibly-undefined any variable that wasn’t present when the loop began
Fixes #3332
2020-05-10 11:17:50 -04:00
Brown
28349c6423 Remove mixin_fqcln hack 2020-05-10 09:04:30 -04:00
Brown
58c63bd1b2 Migrate generic param comparison method 2020-05-08 22:49:08 -04:00
Brown
75761647c2 Fix #3321 - allow interface methods to be mapped 2020-05-08 14:52:53 -04:00
Brown
640ffdb324 Fix #3323 - make short object-like arrays sealed tuples 2020-05-08 14:36:06 -04:00
Brown
2d5c2a9dd1 Fix #3324 - prevent crash asserting on possibly-undefined variable 2020-05-08 14:21:10 -04:00
Brown
65b4263315 Fix #3320 - add final flag to pseudo methods where appropriate 2020-05-08 07:28:12 -04:00
Brown
4295f9525f Fix #3313 - add check for very specific pattern 2020-05-07 12:30:15 -04:00
Brad Kent
18ee440e3f
update mysqli_stmt::__construct signature (#3315) 2020-05-07 12:08:22 -04:00
Brown
20bcfb096a Fix #3305 - use the same issue type for short closures as closures 2020-05-06 09:57:02 -04:00
Brown
a089d8bd58 Fix #3296 - propagate final flag to static calls in return types 2020-05-03 20:42:06 -04:00
Matthew Brown
dc64d4b1ca Support evaluation of boolean conditionals in scanning stage
Fixes #3290
2020-05-03 10:44:00 -04:00
Matthew Brown
23b0a18632 Fix property type 2020-05-03 10:22:52 -04:00
Matthew Brown
b69c37acdf Simplify logic around evaluating expressions a little 2020-05-03 10:19:15 -04:00
Brown
d99fbc0d4d Remove blank line 2020-05-03 00:26:50 -04:00
Brown
b8a1f5d5c9 Allow destructuring on arrayaccess implementers 2020-05-03 00:08:03 -04:00
Brown
bf5e178d16 Fix #3289 - treat property on non-generic type like actual value 2020-05-02 23:37:59 -04:00
Brown
618a54ff41 Fix #3240 - check arguments when class cannot be found 2020-05-02 22:13:59 -04:00
Brown
aceaf6c356 Fix #3217 - don’t override abstract return type with parent one 2020-05-02 21:57:53 -04:00
Brown
d3fba74f75 Fix false-positive 2020-05-02 21:56:28 -04:00
Brown
3e0c4cfb75 Fix #3210 - prevent possibly-null array access from destructure 2020-05-02 20:36:41 -04:00
Brown
132b5c9358 Fix #3263 - inherit magic properties when using @mixin 2020-05-02 19:57:38 -04:00
Brown
29741cd76d Remove earlier now-unnecessary fix 2020-05-02 19:24:48 -04:00
Matthew Brown
da5e8a4324 Increase type coverage for projects that use assert after mixed 2020-05-02 14:55:30 -04:00
feek
c5319fc379
fix: mixin parameter of self should be properly resolved (#3280)
Co-authored-by: Matthew Brown <github@muglug.com>
2020-05-02 14:32:43 -04:00
Brown
07e5250292 Fix #3273 - add support for func_num_args() in conditional type 2020-05-01 16:02:53 -04:00
Brown
0d8b56dc78 Fix return type coalescing for conditional return types 2020-05-01 13:04:48 -04:00
Brown
6024447ca0 Expand function-based template types before comparing against inherited
Fixes #3276
2020-05-01 12:40:10 -04:00
Brown
5e76467378 Fix #3279 - make sure self/parent references in mixin use existing class 2020-05-01 11:23:02 -04:00
Brown
117a4d4d40 Require callable() have a return type when in conditional
Fixes #3260
2020-04-30 23:35:13 -04:00
Brown
bb1c8a9d74 Don’t clobber intersection types after generic in union
Fixes #3274
2020-04-30 23:15:16 -04:00
Brown
470bf807b7 Add better handling of expression termination 2020-04-30 22:23:37 -04:00
Brown
9e6797d297 Add protection from ComplicatedExpression 2020-04-30 22:23:07 -04:00
Brown
ce8fb459e9 Allow complex types in conditional is expressions
Ref #3277
2020-04-30 22:02:37 -04:00
Brown
8ab5a0f504 Probably safe to un-negate a class string assertion without autoloader 2020-04-30 12:48:21 -04:00
Brown
21f4deed3b Fix #3268 - infer generator return for closure 2020-04-29 16:52:37 -04:00
Brown
555f525038 Add type 2020-04-29 14:58:48 -04:00
Brown
891c66650b Prevent unintersectable template lower bounds
Ref #3264
2020-04-29 14:57:57 -04:00
Andrii Dembitskyi
d3fd9a6acf
Fix #3265 (#3267)
We should add function body
2020-04-29 12:30:04 -04:00
Brown
e782329821 Add slashes 2020-04-28 23:42:53 -04:00
Brown
63c190ff83 Fix #3257 - refine as type and clone where necessary 2020-04-28 22:26:54 -04:00
orklah
8571746f8a
Add hook for plugins after FunctionLikeAnalysis (#3258) 2020-04-28 15:30:51 -04:00
Brown
a0667f1543 Remove accidentally-added interface 2020-04-28 15:27:09 -04:00
Brown
05ff8d0142 Prevent invalid [] brackets in tree
Fixes #3246
2020-04-28 15:18:50 -04:00
Brown
a402d4598b Define with single argument should not trigger a notice
Fixes #3254
2020-04-28 14:43:12 -04:00
Brown
d56c5c9782 Fix #3256 - fix parsing of colons in callable inside conditional 2020-04-28 10:55:17 -04:00
Grégoire Paris
1fb1c2195d
Allow non-string keys (#3221)
Although it would be stupid to provide an array with exclusively
non-string keys, it's possible to have an array with a bit of both.

See for instance
155d028be0/tests/Doctrine/Tests/DBAL/Functional/DataAccessTest.php (L263-L276)
2020-04-27 22:49:07 -04:00
Brown
f0487c216d Add slash 2020-04-27 09:50:27 -04:00
Brown
95dbb93732 Fix #3237 - allow mixin to reference generic params 2020-04-27 09:10:24 -04:00
Brown
189cd2bdc8 Fix key stringg 2020-04-27 00:50:07 -04:00
Brown
755ada9114 Fix #3234 - infer iterator key types properly 2020-04-27 00:41:34 -04:00
Brown
f91e94b64e Make sure to remember correct positions of @var references 2020-04-27 00:05:20 -04:00
Brown
10f3bef743 Fix type check 2020-04-26 20:21:24 -04:00
Brown
e65bffc94f Support intersections with __toString
Fixes #3149
2020-04-26 20:04:41 -04:00
Fabien Villepinte
5087feff79
Fix #2845 - FunctionReturnTypeProvider for sscanf (#3233)
Co-authored-by: Fabien Villepinte <fabien.villepinte@displayce.com>
2020-04-26 17:36:44 -04:00
Brown
ebcb0b8cc4 Fix #3228 - support IteratorIterator wrapping 2020-04-26 16:59:03 -04:00
Brown
d88c31f461 Support templated @mixin 2020-04-26 16:49:52 -04:00
Brown
83fe3a2fd9 Complain about malformed @property annotation 2020-04-26 10:10:14 -04:00
Brown
e1c6fcc707 Fix #3215 - suppress PossiblyUndefinedMethod in synthetic call 2020-04-24 00:11:32 -04:00
Brown
e9666372d0 Fix coercion 2020-04-22 16:27:43 -04:00
Brown
507f5f4afa Add context-sensitive conversion 2020-04-22 16:08:04 -04:00
Brown
a670aa7ddc Fix #3214 - allow if/else branches of conditional to both be arrays 2020-04-22 16:07:13 -04:00
Brown
52c0346b65 Fix #3213 - make sure static is bound from a static call with set class 2020-04-22 11:34:46 -04:00
Fabien Villepinte
a93bf28532
Fix #3045 - ignore mixed assignments to variables named $_ (#3211) 2020-04-21 20:18:38 -04:00
still-dreaming-1
16fa208a60
Made compact's return array key type more specific (#3209) 2020-04-21 20:18:11 -04:00
Matthew Brown
1b752d06ab Fix #3201 - add additional constraints on constructor initialisation 2020-04-21 00:04:47 -04:00
Brown
8f57d0c738 Fix #3204 - normalise function ids where possible 2020-04-20 21:38:35 -04:00