Matthew Brown
|
2c14699ae4
|
Grammar
|
2021-01-29 11:46:17 +01:00 |
|
Matthew Brown
|
534b1d135a
|
Make Readme more punchy
|
2021-01-29 11:46:17 +01:00 |
|
Markus Staab
|
2c998aea7e
|
documented type in InternalTaintSinkMap (#4627)
|
2021-01-29 11:46:17 +01:00 |
|
Matt Brown
|
84348ec38d
|
Don’t taint foreach keys with array-fetch
We could use array-keyfetch or similar, but for now gives false-positives
|
2021-01-29 11:46:17 +01:00 |
|
orklah
|
5afbf5f831
|
return static instead of self when static context detected (#4632)
* return this instead of self when static context detected
* replace $this by static
|
2021-01-29 11:46:17 +01:00 |
|
Matt Brown
|
02b1cc2288
|
Change TaintedText to TaintedCallable
|
2021-01-29 11:46:17 +01:00 |
|
Matt Brown
|
5e3cfd3996
|
Closure calls aren’t sinks
|
2021-01-29 11:46:16 +01:00 |
|
Lukas Reschke
|
3fb73564f6
|
Advertise SARIF export in the documentation (#4633)
|
2021-01-29 11:46:16 +01:00 |
|
Lukas Reschke
|
2ad5eee193
|
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'
* Add documentation
* Add mapping for taint flows
* Add tests
* Fix test
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
81486cfb12
|
Return empty instead of throwing
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
685248225d
|
Fix formatting
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
0acb02a595
|
Be more refined
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
3b3239635b
|
Fix #4626 - array_key_exists should infer type for first arg where possible
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
7b4f0745f5
|
Simplify assertion negations, centralising as much as possible
Now the flag passed to scrapeAssertions just determines the errors emitted
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
6f9be03789
|
Revert "Fix #4624 - allow in_array to work with list arrays"
This reverts commit 08ae85a735 .
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
191f305aec
|
Fix #4624 - allow in_array to work with list arrays
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
43187a0e19
|
Fix #4620 - reconciled literal strings cannot carry taints
|
2021-01-29 11:46:15 +01:00 |
|
Mikhail Snetkov
|
f969b01db4
|
Fix missing bracket in docs (#4614)
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
005f394d8e
|
Allow immutable classes to be specialised through calls
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
106ab936f9
|
Unfix fixes
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
cc17ebfa6a
|
Only ignore literal flows when tainting
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
c3658e2590
|
Fix #4605 - taint parent-declared property
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
e1c3959f5a
|
Fix #4603 - fix arithmetic to prevent end column 0
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
a48f686695
|
Fix #4600 - set attributes in a bunch of places
|
2021-01-29 11:46:15 +01:00 |
|
Lukas Reschke
|
ce05165384
|
Split LDAP into custom category (#4604)
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
3084c9f891
|
Add more attributes to fake PhpParser generated expressions
Ref #4600
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
3b8a76d520
|
Fix #4599 - propagate taints to parent callers where necessary
|
2021-01-29 11:46:14 +01:00 |
|
Lukas Reschke
|
99d094b5e0
|
Add SSRF sinks (#4592)
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
3484976686
|
Sanity check to ensure closure uses aren’t removed
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
015aebf88a
|
Only create vendor dir in config if it exists
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
8266150d47
|
Don’t exit with 1 when running security analysis in GitHub Actions and generating a file
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
29ac570279
|
Taint analysis should always run fully
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
5246841b12
|
Fix tests
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
ff4959f308
|
Use resolution that works in multithreaded mode
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
a4b56c9292
|
Simplify tainted output a bit, removing duplicate paths
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
a7cc439db0
|
Don’t propagate taints to child constructor args
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
5f6c6a1215
|
Allow TaintedInput to suppress all emitted issues
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
db566c7c4d
|
Improve documentation for taints a little
Ref #4590
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
0b14b6968e
|
Fix #4472 - if something flows into a byref var it’s used
|
2021-01-29 11:46:13 +01:00 |
|
Michael Stilkerich
|
aa4372db9a
|
Stub for preg_filter (#4587)
|
2021-01-29 11:46:13 +01:00 |
|
Lukas Reschke
|
c42927c6e4
|
Add SARIF as report output (#4582)
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
2c69618347
|
Break out TaintedInput issues into a lot of separate ones
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
7a5ef10bfa
|
Fix #4578 - replace number type in ext-ds stubs
|
2021-01-29 11:46:12 +01:00 |
|
Benjamin Morel
|
4cd6a2b532
|
DateTimeInterface::getTimeZone() can return false (#4579)
Fixes #4515
|
2021-01-29 11:46:12 +01:00 |
|
Benjamin Morel
|
8d37f16616
|
mysqli::$insert_id can be a string (#4577)
|
2021-01-29 11:46:12 +01:00 |
|
Tyson Andre
|
e06350b1ad
|
Fix curl_multi_getcontent signature (#4580)
|
2021-01-29 11:46:12 +01:00 |
|
Matt Brown
|
e371685c3b
|
Allow PHP major version to determine substr return type
|
2021-01-29 11:46:12 +01:00 |
|
Lukas Reschke
|
a1fd92d9fd
|
Add more Psalm flows for string functions (#4576)
This adds string functions from
https://www.php.net/manual/en/ref.strings.php
This commit adds the flows for functions from "addcslashes" to "sprintf".
More are to follow in later commits.
Ref #3636
|
2021-01-29 11:46:12 +01:00 |
|
Dusk
|
4e7bd1e39b
|
Allow named arguments to variadic functions (#4575)
Closes #4563
|
2021-01-29 11:46:11 +01:00 |
|
Lukas Reschke
|
ff55dba130
|
Add sinks for popen and proc_open (#4572)
User input in those two functions could lead to a RCE.
popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
|
2021-01-29 11:46:11 +01:00 |
|