danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-11-26 20:34:47 +01:00
Code Issues Projects Releases Wiki Activity
7,738 Commits 43 Branches 314 Tags 108 MiB
2c14699ae4
Commit Graph

222 Commits

Author SHA1 Message Date
Matt Brown
02b1cc2288
Change TaintedText to TaintedCallable 2021-01-29 11:46:17 +01:00
Lukas Reschke
2ad5eee193
Add dedicated types for 'file', 'header' and 'cookie' (#4630) 
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
 2021-01-29 11:46:16 +01:00
Lukas Reschke
ce05165384
Split LDAP into custom category (#4604) 
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
 2021-01-29 11:46:14 +01:00
Lukas Reschke
99d094b5e0
Add SSRF sinks (#4592) 2021-01-29 11:46:14 +01:00
Matt Brown
2c69618347
Break out TaintedInput issues into a lot of separate ones 2021-01-29 11:46:13 +01:00
Matt Brown
1389dc6adf
Allow opt-in to strict return type checking 2021-01-29 11:46:03 +01:00
Matt Brown
881068d5c0
Detect when targets are incorrectly targeted 2021-01-29 11:44:36 +01:00
Matt Brown
fb81fa13f4
Ensure Stringable is always available to tests that need it 2021-01-29 11:44:35 +01:00
Matt Brown
3ff2116c17
Add basic support for PHP attributes 
Ref #4367 - supports creation and argument checks
 2021-01-29 11:44:30 +01:00
Niclas van Eyk
5f019cef53
Initial proposal for psalm-require-{extends, implements} (#4361) 
* initial implementation of psalm-require-extends

* Added @psalm-require-implements

* Added shortcode for ExtensionRequirementViolation

* Docs & cofig entries for @pasalm-require-{implements,extends}

* Added requirement violations to issues.md
 2021-01-29 11:41:10 +01:00
feek
a19f738967
feature: universal object crates (#3948) 
* feature: universal object crates

* docs: document universal object crate config option

Co-authored-by: Matthew Brown <github@muglug.com>
 2021-01-29 11:39:48 +01:00
Matt Brown
9bbb11599a
4.x - change/remove some default config values 2021-01-29 11:39:48 +01:00
Matt Brown
d924a57026
Add config and docs for InvalidNamedArgument 2021-01-29 11:39:45 +01:00
Brown
307790fbac
Make new InvalidLiteralArgument issue for strpos refs 
Ref #4070
 2021-01-29 11:38:57 +01:00
orklah
cf590d13b0
Config reportInfo to speed up analysis for big projects (#4095) 2021-01-29 11:38:51 +01:00
Bruce Weirdan
ee029a646b
Converted MissingPropertyType to property issue (#4099) 
Fixes vimeo/psalm#2200
 2021-01-29 11:38:51 +01:00
Brown
a0a7f8a98b
Catch unmatched matches 2021-01-29 11:38:50 +01:00
Brown
c96ba8d1f5
Add some backwards-incompatible changes for 4.x 2021-01-29 11:38:48 +01:00
Tom Klingenberg
fd96419527
Revert config schema, fix b/c break (#4046) 
Previous in d5055ea the allowCoercionFromStringToClassConst attribute has
been removed from the XML configuration file per its schema.

While technically correct (was removed in 3.0), this breaks b/c between
minor versions, breaks with the release of 3.14.0.

Fix is revert.

Ref: d5055ea1d4
Caused-by: #3982
 2021-01-29 11:38:44 +01:00
Brown
9100c26439
Prevent use of $this in pure functions 2021-01-29 11:38:43 +01:00
Matthew Brown
8589e4af55
Fix docs 2021-01-29 11:38:41 +01:00
Michel Hunziker
4e20258efa
Add configuration attribute to find unused @psalm-suppress (#4041) 2021-01-29 11:38:04 +01:00
Olle
3630b4a2f9 Merge remote-tracking branch 'remotes/upstream/master' 2020-08-18 15:59:46 +00:00
Bruce Weirdan
7adc25c421
Improve import errors (#3997) 
* Better errors for invalid type imports

Fixes vimeo/psalm#3885

* Finishing touches

Docs, schema, CS

* Drop unused import

* Drop more unused imports
 2020-08-16 22:53:53 -04:00
Matthew Brown
72ecb57def Improve names of things 2020-08-14 00:27:33 -04:00
Bruce Weirdan
d5055ea1d4
Removed obsolete documenation (#3982) 
`allowCoercionFromStringToClassConst` was removed in 3.0 and never
worked since.

Refs vimeo/psalm#3976
 2020-08-11 07:30:09 -04:00
Brown
6def99d653 Add ConstructorSignatureMismatch issue distinct from MethodSignatureMismatch 2020-08-10 12:26:25 -04:00
Matthew Brown
6085e42fc1 Detect mismatching param names effectively 2020-08-10 09:58:43 -04:00
Brown
c0b0036109 Fix #3934 - prevent unsafe use of new static 2020-08-05 19:39:27 -04:00
Grégoire Paris
2f673fbbd7
Detect redundant identity with true (#3893) 
Using === true on a known boolean results in the same boolean.
 2020-07-25 17:27:45 -04:00
Nat Zimmermann
a1a403e046
make meta path optional (#3833) 2020-07-17 10:09:42 -04:00
kesselb
aaba3a08ec
Add option to supress a referenced but undefined global variable. (#3827) 2020-07-16 09:49:59 -04:00
Olle
0965fbf989 Add if-this-is mismatch to config.xsd 2020-07-12 20:16:01 +00:00
Jon Ursenbach
6aca4c169e
feat: adding a runTaintAnalysis option into the config (#3800) 2020-07-10 13:22:03 -04:00
Bruce Weirdan
e569f08f23
Drop missing issues from XSD schema (#3657) 
Two unknown issues (that were only present in schema) are dropped and a
test to validate that all issues are covered by XSD schema is added.
 2020-06-23 16:56:39 -04:00
Brown
078b8b7b1a Fix #3618 - add way to load non-analyzed files 2020-06-19 00:13:09 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
 2020-06-15 22:36:42 -04:00
Andrei Petre
3497ca07b6
Extending final class is prohibited #3037 (#3576) 2020-06-13 00:29:59 -04:00
Ivan Kurnosov
08943ea409
Fix #3517 - Changed ignoreInternalFunctionFalseReturn default to true (#3518) 
In config.xsd and the documentation
 2020-06-03 22:29:09 -04:00
Brown
953be61cf2 Allow limiting connected taint paths 2020-05-25 23:28:11 -04:00
Brown
3c5b4dec06 Add documentation for MixedClone 2020-05-18 17:20:57 -04:00
Evgeniy
04a576708c
Correct analyze clone expression (#3382) 
* Correct analyze clone, add PossibleInvalidClone issue type

* Infer mixed type when possible incorrect clone

* Remove unused variable
 2020-05-18 16:22:50 -04:00
m0003r
28f740fddb
@psalm-trace is now a specific low-level issue, because plain debug print breaks structured output (after #3080) (#3106) 2020-04-08 21:03:05 -04:00
Matthew Brown
0d62fbdf98 Detect erroneous abstract static method calls 2020-03-11 10:18:40 -04:00
Philip Hofstetter
d315822bfa make skipping of checks after invalid includes configurable 
as suggested in the PR it's best to make the setting configurable.

In order not to break existing installations, we default to keeping the
old behaviour, but in a later version of psalm, we might change the
default.
 2020-02-27 18:49:23 -05:00
Matthew Brown
a706f4d722 Fix #2242 - warn when using mutable dependencies 2020-02-22 10:04:46 -05:00
Brown
7d99a15072 Fix #2805 - forbid passing in mutable class to mutation-free context 2020-02-21 18:25:35 -05:00
Matthew Brown
2e4154d76e Add better defaults and documentation 2020-02-18 20:30:37 -05:00
Brown
520b646ef6 Add suppressMixedIssues config flag to hide mixed issues 2020-02-18 17:23:48 -05:00
Matthew Brown
320f3ec863 Update level config name 2020-02-17 22:43:13 -05:00