Lukas Reschke
c42927c6e4
Add SARIF as report output ( #4582 )
...
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
2021-01-29 11:46:13 +01:00
Matt Brown
2c69618347
Break out TaintedInput issues into a lot of separate ones
2021-01-29 11:46:13 +01:00
Matt Brown
7a5ef10bfa
Fix #4578 - replace number type in ext-ds stubs
2021-01-29 11:46:12 +01:00
Benjamin Morel
4cd6a2b532
DateTimeInterface::getTimeZone() can return false ( #4579 )
...
Fixes #4515
2021-01-29 11:46:12 +01:00
Benjamin Morel
8d37f16616
mysqli::$insert_id can be a string ( #4577 )
2021-01-29 11:46:12 +01:00
Tyson Andre
e06350b1ad
Fix curl_multi_getcontent signature ( #4580 )
2021-01-29 11:46:12 +01:00
Matt Brown
e371685c3b
Allow PHP major version to determine substr return type
2021-01-29 11:46:12 +01:00
Lukas Reschke
a1fd92d9fd
Add more Psalm flows for string functions ( #4576 )
...
This adds string functions from
https://www.php.net/manual/en/ref.strings.php
This commit adds the flows for functions from "addcslashes" to "sprintf".
More are to follow in later commits.
Ref #3636
2021-01-29 11:46:12 +01:00
Dusk
4e7bd1e39b
Allow named arguments to variadic functions ( #4575 )
...
Closes #4563
2021-01-29 11:46:11 +01:00
Lukas Reschke
ff55dba130
Add sinks for popen and proc_open ( #4572 )
...
User input in those two functions could lead to a RCE.
popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
2021-01-29 11:46:11 +01:00
Thomas Mauro Vargiu
f9adf26ae9
Fix #4549 Better intersection between parent types ( #4560 )
2021-01-29 11:46:11 +01:00
Lukas Reschke
6105732e8a
Fix typo ( #4555 )
2021-01-29 11:46:11 +01:00
Lukas Reschke
7079cff31c
$expr->name is not prefixed with $ ( #4554 )
...
The example as-is would currently not flag the following code:
```
public function foo() {
$foo = $bad_data;
\shell_exec($foo);
}
```
Switching it to `bad_data` made it work.
2021-01-29 11:46:11 +01:00
orklah
2f368244a4
Detect trying to access to a list with a negative offset ( #4552 )
2021-01-29 11:46:11 +01:00
Matt Brown
8b56e5eede
Fix #4558 - Don’t convert value-of to key-of template
2021-01-29 11:46:11 +01:00
Matt Brown
4fff920952
Fix #4529 - allow unsetting with complex array key
2021-01-29 11:46:10 +01:00
Matt Brown
eb2b8869b2
Fix style
2021-01-29 11:46:10 +01:00
Matt Brown
4a8c98257e
Add closure-use termination for byref flows
2021-01-29 11:46:10 +01:00
Matt Brown
a84d5d4ed2
Remove unused uses in Psalm’s codebase
2021-01-29 11:46:10 +01:00
Matt Brown
ad840e4b7a
Fix #4547 - mark unused uses
2021-01-29 11:46:10 +01:00
Matt Brown
c1d57ba6a5
Uses by ref should be assigned that way
2021-01-29 11:46:10 +01:00
Matt Brown
1b351af568
Improve error message for UnusedVariable
2021-01-29 11:46:10 +01:00
Matt Brown
5f01ea788a
Fix #4544 - improve handling of get_class in match
2021-01-29 11:46:10 +01:00
Matt Brown
5219932408
Fix #4545 - allow intersections in more places
2021-01-29 11:46:10 +01:00
Matt Brown
63bf00513b
Split out trait template tests
2021-01-29 11:46:09 +01:00
Matt Brown
8392fb429c
Fix #4540 - use correct method when simulating property setting
2021-01-29 11:46:09 +01:00
Matt Brown
e1d65ff797
Move mutation checks to more appropriate place
2021-01-29 11:46:09 +01:00
Matt Brown
b276f2597c
Prevent the same interface, repopulated, from confusing matters
2021-01-29 11:46:09 +01:00
Matt Brown
fa6cb8b84b
Fix build
2021-01-29 11:46:09 +01:00
Matt Brown
e8c755c7c0
Fix #4537 - use more rigorous inerhitance for return and param types
2021-01-29 11:46:09 +01:00
Matt Brown
5d24b351dc
Use the same docblock as the source params, if possible
2021-01-29 11:46:09 +01:00
Matt Brown
bd20313a14
Use better way to determine which signture to use
...
Fixes #4524
2021-01-29 11:46:09 +01:00
Matt Brown
fb5ee1e46d
Bind lower bounds to upper bounds as well when no upper bound can be inferred
...
Ref #4485
2021-01-29 11:46:08 +01:00
Matt Brown
e624f972dd
Fix #4524 - do better template param inheritance
2021-01-29 11:46:08 +01:00
Matt Brown
f3b6846c70
Fix #4527 - improve interpolated string types
2021-01-29 11:46:08 +01:00
Matt Brown
f83b6bb178
Increase nesting
2021-01-29 11:46:08 +01:00
Matt Brown
3731a9ca35
Fix style
2021-01-29 11:46:08 +01:00
Matt Brown
e34171c375
Fix coalesce operation tainting
2021-01-29 11:46:08 +01:00
Matt Brown
9fbde82d84
Experiment with refactor
2021-01-29 11:46:08 +01:00
Matt Brown
627817cdf7
Add debug stuff for code complexity
2021-01-29 11:46:08 +01:00
Matt Brown
b55c6bde46
Clone to prevent incorrect references
2021-01-29 11:46:08 +01:00
Matt Brown
682ffa96df
Reduce size of data flow graph when analysing array assignments
2021-01-29 11:46:07 +01:00
Adrien LUCAS
9ab0ab9472
Add a proxy
capability to the flow annotation ( #4495 )
...
* Add a `passthru` capability to the flow annotation
* Fix passthru-calls type
* Fix types and rename to proxy
* Allow to proxy a method
Co-authored-by: Matthew Brown <github@muglug.com>
2021-01-29 11:46:07 +01:00
Matt Brown
d07a8bb4a5
Add descendant variables for closure uses
...
Fixes #4522
2021-01-29 11:46:07 +01:00
Matt Brown
1ad65fb899
Fix #4517 - track type contradiction issues in match expressions
2021-01-29 11:46:07 +01:00
Matt Brown
9fd4a24c55
Fix #4516 - treat exit() as the empty type
2021-01-29 11:46:07 +01:00
Matt Brown
ec9d8e6700
Fix #4519 - prevent crash with empty match
2021-01-29 11:46:07 +01:00
Matt Brown
e2eee4cb46
Break apart complex method
2021-01-29 11:46:07 +01:00
Matt Brown
05aaf63dbb
Ignore ReflectionUnionType
2021-01-29 11:46:06 +01:00
Matt Brown
fbafb9e97f
Fix #4509 - treat expression-derived constants as mixed
2021-01-29 11:46:06 +01:00