Matt Brown
08ae85a735
Fix #4624 - allow in_array to work with list arrays
2020-11-19 09:26:41 -05:00
Matt Brown
7c02fa76d1
Fix #4620 - reconciled literal strings cannot carry taints
2020-11-19 09:06:25 -05:00
Mikhail Snetkov
20c78ae29b
Fix missing bracket in docs ( #4614 )
2020-11-19 08:43:39 -05:00
Matt Brown
95de6cf177
Allow immutable classes to be specialised through calls
2020-11-19 01:38:20 -05:00
Matt Brown
d60abaf858
Unfix fixes
2020-11-18 19:19:07 -05:00
Matt Brown
8dd229f6c0
Only ignore literal flows when tainting
2020-11-18 18:43:41 -05:00
Matt Brown
be275ae972
Fix #4605 - taint parent-declared property
2020-11-18 13:34:47 -05:00
Matt Brown
39c508f9d1
Fix #4603 - fix arithmetic to prevent end column 0
2020-11-18 13:19:54 -05:00
Matt Brown
236292ff05
Fix #4600 - set attributes in a bunch of places
2020-11-18 12:44:59 -05:00
Lukas Reschke
ddbfbb28e6
Split LDAP into custom category ( #4604 )
...
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
2020-11-18 11:39:36 -05:00
Matt Brown
4bb84f7f0a
Add more attributes to fake PhpParser generated expressions
...
Ref #4600
2020-11-18 10:16:41 -05:00
Matt Brown
3f7f959726
Fix #4599 - propagate taints to parent callers where necessary
2020-11-18 09:59:54 -05:00
Lukas Reschke
5ba4681c17
Add SSRF sinks ( #4592 )
2020-11-18 00:52:48 -05:00
Matt Brown
ab3961d9b3
Sanity check to ensure closure uses aren’t removed
2020-11-18 00:38:28 -05:00
Matt Brown
f3cde30b77
Only create vendor dir in config if it exists
2020-11-18 00:06:58 -05:00
Matt Brown
6e39c24a17
Don’t exit with 1 when running security analysis in GitHub Actions and generating a file
2020-11-17 22:49:25 -05:00
Matt Brown
1708bae984
Taint analysis should always run fully
2020-11-17 17:59:05 -05:00
Matt Brown
28dee4146a
Fix tests
2020-11-17 17:53:46 -05:00
Matt Brown
f6591e6d0f
Use resolution that works in multithreaded mode
2020-11-17 17:24:46 -05:00
Matt Brown
2aa98bc5d0
Simplify tainted output a bit, removing duplicate paths
2020-11-17 17:17:18 -05:00
Matt Brown
adeaa33a64
Don’t propagate taints to child constructor args
2020-11-17 16:49:29 -05:00
Matt Brown
854a5b2ec5
Allow TaintedInput to suppress all emitted issues
2020-11-17 16:08:05 -05:00
Matt Brown
74749d20cc
Improve documentation for taints a little
...
Ref #4590
2020-11-17 16:03:50 -05:00
Matt Brown
4e5111f1a8
Fix #4472 - if something flows into a byref var it’s used
2020-11-17 15:30:53 -05:00
Michael Stilkerich
fec51eac8d
Stub for preg_filter ( #4587 )
2020-11-17 15:15:29 -05:00
Lukas Reschke
494ec40777
Add SARIF as report output ( #4582 )
...
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
2020-11-17 13:23:20 -05:00
Matt Brown
43af3b1a57
Break out TaintedInput issues into a lot of separate ones
2020-11-17 12:44:31 -05:00
Matt Brown
fda2377812
Fix #4578 - replace number type in ext-ds stubs
2020-11-16 21:50:23 -05:00
Benjamin Morel
08716233e6
DateTimeInterface::getTimeZone() can return false ( #4579 )
...
Fixes #4515
2020-11-16 21:48:34 -05:00
Benjamin Morel
d313f57061
mysqli::$insert_id can be a string ( #4577 )
2020-11-16 21:48:04 -05:00
Tyson Andre
d71ed7b9e9
Fix curl_multi_getcontent signature ( #4580 )
2020-11-16 21:47:33 -05:00
Matt Brown
42802e11d1
Allow PHP major version to determine substr return type
2020-11-16 16:31:33 -05:00
Lukas Reschke
6780b01453
Add more Psalm flows for string functions ( #4576 )
...
This adds string functions from
https://www.php.net/manual/en/ref.strings.php
This commit adds the flows for functions from "addcslashes" to "sprintf".
More are to follow in later commits.
Ref #3636
2020-11-16 15:50:07 -05:00
Dusk
0fe3e1f83b
Allow named arguments to variadic functions ( #4575 )
...
Closes #4563
2020-11-16 15:49:27 -05:00
Lukas Reschke
09abcfb650
Add sinks for popen and proc_open ( #4572 )
...
User input in those two functions could lead to a RCE.
popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
2020-11-16 15:04:22 -05:00
Thomas Mauro Vargiu
4e8fb9c37f
Fix #4549 Better intersection between parent types ( #4560 )
2020-11-15 20:29:49 -05:00
Lukas Reschke
5df2b771aa
Fix typo ( #4555 )
2020-11-15 20:28:51 -05:00
Lukas Reschke
fd06167843
$expr->name is not prefixed with $ ( #4554 )
...
The example as-is would currently not flag the following code:
```
public function foo() {
$foo = $bad_data;
\shell_exec($foo);
}
```
Switching it to `bad_data` made it work.
2020-11-15 20:28:24 -05:00
orklah
6f8b463860
Detect trying to access to a list with a negative offset ( #4552 )
2020-11-15 20:26:50 -05:00
Matt Brown
5b004a1d11
Fix #4558 - Don’t convert value-of to key-of template
2020-11-15 18:33:07 -05:00
Matt Brown
26b4cd1fb9
Fix #4529 - allow unsetting with complex array key
2020-11-14 08:57:25 -05:00
Matt Brown
f65868c023
Fix style
2020-11-13 16:43:36 -05:00
Matt Brown
d97c8b750a
Add closure-use termination for byref flows
2020-11-13 13:37:27 -05:00
Matt Brown
e7e5904d2d
Remove unused uses in Psalm’s codebase
2020-11-13 13:16:39 -05:00
Matt Brown
2e47ca51d5
Fix #4547 - mark unused uses
2020-11-13 13:13:29 -05:00
Matt Brown
57125c7106
Uses by ref should be assigned that way
2020-11-13 12:50:01 -05:00
Matt Brown
4c1cf37d52
Improve error message for UnusedVariable
2020-11-13 12:36:17 -05:00
Matt Brown
086237aab7
Fix #4544 - improve handling of get_class in match
2020-11-13 11:55:42 -05:00
Matt Brown
13b83e6132
Fix #4545 - allow intersections in more places
2020-11-13 09:43:30 -05:00
Matt Brown
2992cc73c2
Split out trait template tests
2020-11-13 08:59:55 -05:00