Matt Brown
|
c9e47450a7
|
Fix #4266 - prevent OOM when analysing closure unioned with invokable class
|
2020-10-02 00:47:42 -04:00 |
|
Matt Brown
|
fc001cdf65
|
Treat func_get_args as using function params
|
2020-09-30 13:08:01 -04:00 |
|
Matt Brown
|
14efde286f
|
4.x - refactor unused variable detection
This turns unused variable detection into an explicit control-flow problem, where before we had a more simplistic mark-and-sweep algorithm
|
2020-09-30 12:28:13 -04:00 |
|
Brown
|
19f88a2e31
|
Add improvements from unused variable checks
|
2020-09-28 00:45:02 -04:00 |
|
Brown
|
da65a4327f
|
Move taint graph functionality into its own object
|
2020-09-25 00:37:40 -04:00 |
|
Brown
|
56cddd16bf
|
Rename TaintGraph to ControlFlowGraph because it’s about to do more
|
2020-09-20 23:59:52 -04:00 |
|
Brown
|
0f6a271858
|
Improve file-based suppression of taints
|
2020-09-20 19:37:25 -04:00 |
|
Brown
|
5c23a3d7b3
|
Localise taint analysis better
|
2020-09-20 19:26:49 -04:00 |
|
Brown
|
2968b3b065
|
Add to StatementsAnalyzer taint object instead of Context
|
2020-09-20 18:42:21 -04:00 |
|
Brown
|
abb9502921
|
Rename Taint object to TaintGraph
|
2020-09-20 18:27:02 -04:00 |
|
Brown
|
eda426a594
|
Improve unique issue solution
|
2020-09-10 22:54:30 -04:00 |
|
orklah
|
f66d57f19d
|
add native return types (#4116)
* add native return types
* remove redundant phpdoc
|
2020-09-04 16:26:33 -04:00 |
|
orklah
|
73f6fcde48
|
Short list syntax (#4102)
* Short list syntax
* revert unrelated CS
|
2020-09-02 00:17:41 -04:00 |
|
Brown
|
92239add4d
|
Add some backwards-incompatible changes for 4.x
|
2020-08-30 11:44:14 -04:00 |
|
Brown
|
98ce590e9d
|
Remove some redundant calls
|
2020-08-28 12:48:33 -04:00 |
|
Brown
|
efe143a396
|
Fix #4077 - always track closure purity
|
2020-08-28 12:42:55 -04:00 |
|
Saif Eddin G
|
5a20092fbd
|
add pure-callable type (#4066)
|
2020-08-26 16:51:22 -04:00 |
|
Brown
|
988e17f11d
|
Make clause fully immutable
|
2020-08-26 15:35:29 -04:00 |
|
Brown
|
4e10a0ed6f
|
Fix #4036 - add immutable annotations automatically too
|
2020-08-24 19:29:00 -04:00 |
|
Matthew Brown
|
ef0486ce35
|
Add some pure annotations
|
2020-08-23 13:52:31 -04:00 |
|
Matthew Brown
|
9418be79cc
|
Restrict pure annotation addition a little more
|
2020-08-23 13:34:32 -04:00 |
|
Brown
|
67f9adb33c
|
Allow adding pure annotations to functions
Ref #4036
|
2020-08-23 10:28:26 -04:00 |
|
Brown
|
76bd5b6278
|
Refactor type comparison
|
2020-07-21 19:40:35 -04:00 |
|
Brown
|
26a61c47c0
|
Prevent mixed erasure in get_class call
|
2020-07-16 13:56:42 -04:00 |
|
Brown
|
ea82cdc6ea
|
Fix #3726 - infer generic template from class-string
|
2020-07-02 01:11:46 -04:00 |
|
Brown
|
ae7c5b095b
|
Fix #3712 - allow taints to be suppressed with @psalm-suppress
|
2020-07-01 23:23:45 -04:00 |
|
Brown
|
13fc8a75fd
|
Allow taints to flow where no return type exists
Fixes #3652
|
2020-06-23 15:52:19 -04:00 |
|
Brown
|
e8be2c500e
|
Support taint flows in more functions
|
2020-06-22 17:53:03 -04:00 |
|
Brown
|
02e8313c39
|
Allow taintedness to propagate to some stubbed methods
|
2020-06-21 18:07:39 -04:00 |
|
Brown
|
dc83c2e2fc
|
Add annotation for taint sources
|
2020-06-21 00:58:56 -04:00 |
|
Brown
|
f21d3a8346
|
Remove html and sql taints for simple preg_replace patterns
|
2020-06-20 23:11:42 -04:00 |
|
Ilija Tovilo
|
2f646d29db
|
Fix #3607 - constant string class reference with leading backslash (#3612)
|
2020-06-19 18:02:39 -04:00 |
|
Brown
|
49f0592794
|
Improve tracking of array taints
|
2020-06-18 18:48:19 -04:00 |
|
Brown
|
03e9649d49
|
Fix tainting of function calls absent taintable params
|
2020-06-15 20:59:48 -04:00 |
|
Matthew Brown
|
081a284759
|
Fix #3567 - remember which variables a callable sets byref in use
|
2020-06-14 11:58:50 -04:00 |
|
Matthew Brown
|
a49a0e5650
|
Fix #3551 - count method can be impure
|
2020-06-14 11:06:53 -04:00 |
|
Brown
|
a4aa44494f
|
Fix #3519 - prevent empty callable string
|
2020-06-04 15:40:53 -04:00 |
|
Brown
|
ecb179c784
|
Migrate min/max function calls back to CallMap
|
2020-05-26 12:28:56 -04:00 |
|
Brown
|
953be61cf2
|
Allow limiting connected taint paths
|
2020-05-25 23:28:11 -04:00 |
|
Brown
|
118b700436
|
Simplify sink mapping for internal calls
|
2020-05-25 13:10:06 -04:00 |
|
Brown
|
63c3678ae5
|
Improve property location resolution
|
2020-05-22 12:33:38 -04:00 |
|
Matthew Brown
|
187b944680
|
Add faster taint analysis
|
2020-05-22 12:33:29 -04:00 |
|
Brown
|
0b2da18f1e
|
Break up StatementsAnalyzer
|
2020-05-19 12:56:30 -04:00 |
|
Brown
|
8e5b330c5a
|
Break apart CallAnalyzer
|
2020-05-18 22:57:00 -04:00 |
|
Brown
|
5ee1487a01
|
Make ExpressionAnalyzer more beautiful
|
2020-05-18 15:13:27 -04:00 |
|
Brown
|
111303d913
|
Add non-empty-lowercase-string type
|
2020-05-15 10:18:05 -04:00 |
|
Brown
|
0d5d7c8938
|
Add null check
|
2020-05-11 11:56:07 -04:00 |
|
Brown
|
291018034b
|
Remove unnecessary PHP code
|
2020-05-11 11:36:50 -04:00 |
|
Brown
|
8f2f2617d4
|
Improve refactor
|
2020-05-10 22:45:01 -04:00 |
|
Brown
|
5f4d162dd5
|
Break out type expander into separate class
|
2020-05-10 22:39:18 -04:00 |
|