Brown
|
d03a53a5ad
|
Fix return type
|
2020-06-24 18:33:09 -04:00 |
|
Brown
|
828d9defb4
|
Use compact test format
|
2020-06-24 18:28:21 -04:00 |
|
Tyson Andre
|
1670848267
|
Mark print() statement as the same sink type as echo (#3669)
|
2020-06-24 17:23:16 -04:00 |
|
Brown
|
96d05ab06b
|
Fix #3654 - use correct function id for namespaced functions
|
2020-06-23 16:53:11 -04:00 |
|
Brown
|
6a746b65ea
|
Fix #3655 - taint encapsulated strings
|
2020-06-23 16:38:59 -04:00 |
|
Brown
|
13fc8a75fd
|
Allow taints to flow where no return type exists
Fixes #3652
|
2020-06-23 15:52:19 -04:00 |
|
Brown
|
f46236ad71
|
Taint flows through preg_replace_callback
|
2020-06-23 15:28:31 -04:00 |
|
Brown
|
fc8212e207
|
Fix static call specialisation via annotation
|
2020-06-22 18:40:43 -04:00 |
|
Brown
|
e8be2c500e
|
Support taint flows in more functions
|
2020-06-22 17:53:03 -04:00 |
|
Brown
|
dddc159694
|
Add explicit path object
|
2020-06-22 02:10:03 -04:00 |
|
Brown
|
36f1630e03
|
Add more steps for clearer output
|
2020-06-22 01:08:58 -04:00 |
|
Brown
|
fbe3433edd
|
Use escape terminology
|
2020-06-21 11:43:08 -04:00 |
|
Brown
|
dc83c2e2fc
|
Add annotation for taint sources
|
2020-06-21 00:58:56 -04:00 |
|
Brown
|
f21d3a8346
|
Remove html and sql taints for simple preg_replace patterns
|
2020-06-20 23:11:42 -04:00 |
|
Brown
|
a7a23b4c1c
|
Remove letter
|
2020-06-19 09:41:25 -04:00 |
|
Brown
|
b1c836e5f3
|
Improve specialisation after call
|
2020-06-19 01:59:45 -04:00 |
|
Brown
|
8f2e28c36b
|
Improve tainting of specializable classes
|
2020-06-19 01:22:51 -04:00 |
|
Brown
|
49f0592794
|
Improve tracking of array taints
|
2020-06-18 18:48:19 -04:00 |
|
Brown
|
562a7c1ca4
|
Track taints from all tainted arrays
|
2020-06-18 13:45:58 -04:00 |
|
Brown
|
03e9649d49
|
Fix tainting of function calls absent taintable params
|
2020-06-15 20:59:48 -04:00 |
|
Brown
|
56ef220e49
|
Fix bugs in taint specialisation
|
2020-06-15 18:34:56 -04:00 |
|
Brown
|
7e7456c863
|
Make taint checks more thorough
|
2020-05-25 17:10:53 -04:00 |
|
Brown
|
92a9a7efdf
|
Handle flows into arguments a little better
|
2020-05-23 23:54:16 -04:00 |
|
Brown
|
a198b09eb7
|
Add intermediary concat op node
|
2020-05-23 21:38:09 -04:00 |
|
Brown
|
16af6a5773
|
Improve concat taint propagation
|
2020-05-23 01:11:16 -04:00 |
|
Brown
|
10c106f7eb
|
Add eval sink
|
2020-05-23 00:03:29 -04:00 |
|
Brown
|
dc73e25157
|
Detect taints in include calls
|
2020-05-22 23:53:37 -04:00 |
|
Brown
|
8632cdb3cd
|
Improve taint tracking during scanning phase
|
2020-05-22 12:33:48 -04:00 |
|
Brown
|
63c3678ae5
|
Improve property location resolution
|
2020-05-22 12:33:38 -04:00 |
|
Matthew Brown
|
187b944680
|
Add faster taint analysis
|
2020-05-22 12:33:29 -04:00 |
|
Matthew Brown
|
5910a362ea
|
Improve report output of taint analysis
|
2019-10-19 17:59:10 -04:00 |
|
Brown
|
b29227aaf6
|
Allow taints to be removed via annotation
|
2019-10-15 16:25:27 -04:00 |
|
Brown
|
5e649f684c
|
Fix erroneous return type resolution
|
2019-10-14 17:10:30 -04:00 |
|
Matthew Brown
|
8c6b234c2c
|
Improve speed of taint analysis
|
2019-10-13 20:10:31 -04:00 |
|
Matthew Brown
|
7e2d00d6ed
|
Allow taints to be added to root array types
|
2019-10-12 12:23:40 -04:00 |
|
Matthew Brown
|
4478d31593
|
Taint arrays in creation
|
2019-10-11 23:28:17 -04:00 |
|
Brown
|
3001eb9d34
|
Move taint location to end
|
2019-08-21 09:53:00 -04:00 |
|
Brown
|
9696fb8dce
|
Follow taint to source when reporting
|
2019-08-20 17:38:15 -04:00 |
|
Brown
|
e92896f145
|
Fix taint records
|
2019-08-14 09:52:59 -04:00 |
|
Matthew Brown
|
600999a3a8
|
Add better typing
|
2019-08-14 00:47:57 -04:00 |
|
Brown
|
c3949e3194
|
Improve taint protection for exec-related commands
|
2019-08-13 19:18:50 -04:00 |
|
Matthew Brown
|
d5b026839c
|
Add support for different taint types ref #1990
|
2019-08-12 23:16:05 -04:00 |
|
Brown
|
14b37b95af
|
Fix potential recursion
|
2019-08-06 17:29:44 -04:00 |
|
Brown
|
37d93141c4
|
Only register taints on known magic properties
|
2019-08-06 13:05:34 -04:00 |
|
Brown
|
17753865f3
|
Add detection to mixed params
|
2019-08-06 10:33:21 -04:00 |
|
Matthew Brown
|
8f6d432dd0
|
Add support for magic property comprehension
|
2019-08-05 23:19:22 -04:00 |
|
Brown
|
6eb62591ab
|
Specialise calls when functions are pure
|
2019-08-05 18:33:33 -04:00 |
|
Brown
|
87bf907c1e
|
Fix echo checks
|
2019-08-05 10:21:23 -04:00 |
|
Matthew Brown
|
b2c0993cdc
|
Add framework for taint analysis to Psalm
Ref #611
|
2019-08-04 10:37:36 -04:00 |
|