ralila
2a956498bf
Import instead of using fqn functions
2021-12-03 21:07:25 +01:00
ralila
711be643c6
Import instead of using fqn exceptions
2021-12-03 20:29:06 +01:00
orklah
3bc06a8eab
Taint can't transmit through numerics nor bool
2021-11-25 22:40:01 +01:00
orklah
39dc7608ef
ignore comments after taint-sink
2021-11-07 10:29:08 +01:00
orklah
3322801903
ignore comments after taint-sink
2021-11-07 10:17:25 +01:00
orklah
cd74f665dc
Merge pull request #6813 from orklah/intTaint
...
don't register taints for numeric variables
2021-11-04 15:30:52 +01:00
orklah
e6dccaa07c
Merge pull request #6809 from orklah/binaryOpTaint
...
don't taint the result of most binary operations
2021-11-04 13:18:07 +01:00
orklah
bf993452a8
Merge pull request #6810 from orklah/castArrayTaints
...
Array cast pass taints
2021-11-04 13:17:20 +01:00
orklah
9fb74a4f28
exclude Plus on arrays too
2021-11-04 00:30:09 +01:00
orklah
3b01713257
don't taint the result of most binary operations
2021-11-04 00:30:09 +01:00
orklah
24137bdbad
Array cast pass taints
2021-11-04 00:29:36 +01:00
orklah
eca530d792
don't register taints for numeric variables
2021-11-04 00:29:07 +01:00
orklah
fbe305e5bb
detect taint in backticks
2021-11-04 00:28:40 +01:00
orklah
9d9dba156c
Merge pull request #6538 from orklah/taint-windows
...
enable test on taint
2021-09-27 20:37:27 +02:00
orklah
caf4d57438
enable test on taint
2021-09-27 20:16:50 +02:00
Mark McEver
79340b4a6f
Prevent unnecessary filter_var() warnings
2021-09-27 18:46:01 +01:00
Mark McEver
76dade477d
Prevent unnecessary filter_var() warning
2021-09-27 18:34:58 +01:00
Matt Brown
667dcc2e49
No false-positives for tainting through array keys
2021-06-29 17:05:39 -04:00
Oliver Hader
38d3b15f8d
[BUGFIX] Specialize TaintSink in IncludeAnalyzer ( #5986 )
...
* [TEST] Assert more details in TaintTest
* [TEST] Add test for multiple tainted includes
* [BUGFIX] Specialize TaintSink in IncludeAnalyzer
Fixes : #5986
2021-06-23 08:27:03 -04:00
Matt Brown
47bf5ed567
Fix #5918 - add new issue to detect unquoted strings
2021-06-10 17:43:04 -04:00
Bruce Weirdan
6abce3525a
Enforce use
sort ( #5900 )
2021-06-07 22:55:21 -04:00
Oliver Hader
b259296457
[BUGFIX] Continue processing psalm-flow graph after first taint sink ( #5832 )
...
Related: #5830
2021-05-26 16:04:22 -04:00
Oliver Hader
4898cd262e
[TASK] Enrich taint details for outputting core stubs ( #5827 )
...
Affects `printf`, `print_r`, `var_dump`, `var_export`
2021-05-24 16:42:18 -04:00
Matt Brown
f41deeab0a
Taint through reset call
2021-03-28 13:14:35 -04:00
Matt Brown
10ccbdd8be
Add tainting for array keys
...
Fixes #5470
2021-03-24 15:32:56 -04:00
Matt Brown
0f2a07a9a3
Fix #5137 – support @psalm-flow in methods
2021-01-31 22:40:48 -05:00
Adrien LUCAS
d1398f2b12
Avoid false positives for taint specialized calls even when not using a variable ( #4948 )
2021-01-07 16:39:51 -05:00
Adrien LUCAS
0f5886746f
Taint specialized calls even when not using a variable ( #4940 )
2021-01-06 14:14:52 -05:00
Matt Brown
9c0e9a3d7e
Taint all when conditional return is used
...
Ref #4792
2020-12-06 11:24:48 -05:00
Matt Brown
3f155792a7
Allow nested specialisation
2020-12-04 15:44:29 -05:00
Matt Brown
fd67d41120
Fix #4769 – don’t use unique ids for new generated nodes
2020-12-04 15:44:29 -05:00
Matt Brown
9a03a9a5d0
Move param taint sink addition after arguuments have been analysed
2020-11-22 19:39:40 -05:00
Matt Brown
b782dd4225
Make sure conditional escaping works for static methods too
2020-11-22 13:39:32 -05:00
Matt Brown
af008953a8
Fix #4661 - support conditional escaping for functions
2020-11-22 13:24:33 -05:00
Lukas Reschke
ffb0c4ae17
Implement variadic taint propagation ( #4649 )
...
* Implement variadic taint propagation
* Lint code
2020-11-21 17:41:40 -05:00
Lukas Reschke
3943b55f8a
Add psalm-flow for string functions from sscanf to wordwrap ( #4591 )
...
* Add string functions from sscanf to wordwrap
This should conclude all string functions from https://www.php.net/manual/en/book.strings.php
Continuation of https://github.com/vimeo/psalm/pull/4576
Ref https://github.com/vimeo/psalm/issues/3636
* Add StrTrReturnTypeProvider
* Fix psalm error
* phpcs
* Line length
* Ignore false return on vsprintf
Co-authored-by: Matthew Brown <github@muglug.com>
2020-11-21 17:35:07 -05:00
Matt Brown
78d644d1a1
Change TaintedText to TaintedCallable
2020-11-19 19:01:19 -05:00
Lukas Reschke
78f4a0691c
Add dedicated types for 'file', 'header' and 'cookie' ( #4630 )
...
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'
* Add documentation
* Add mapping for taint flows
* Add tests
* Fix test
2020-11-19 17:47:29 -05:00
Matt Brown
7c02fa76d1
Fix #4620 - reconciled literal strings cannot carry taints
2020-11-19 09:06:25 -05:00
Matt Brown
95de6cf177
Allow immutable classes to be specialised through calls
2020-11-19 01:38:20 -05:00
Matt Brown
be275ae972
Fix #4605 - taint parent-declared property
2020-11-18 13:34:47 -05:00
Lukas Reschke
ddbfbb28e6
Split LDAP into custom category ( #4604 )
...
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
2020-11-18 11:39:36 -05:00
Matt Brown
3f7f959726
Fix #4599 - propagate taints to parent callers where necessary
2020-11-18 09:59:54 -05:00
Lukas Reschke
5ba4681c17
Add SSRF sinks ( #4592 )
2020-11-18 00:52:48 -05:00
Matt Brown
28dee4146a
Fix tests
2020-11-17 17:53:46 -05:00
Matt Brown
2aa98bc5d0
Simplify tainted output a bit, removing duplicate paths
2020-11-17 17:17:18 -05:00
Matt Brown
adeaa33a64
Don’t propagate taints to child constructor args
2020-11-17 16:49:29 -05:00
Matt Brown
43af3b1a57
Break out TaintedInput issues into a lot of separate ones
2020-11-17 12:44:31 -05:00
Lukas Reschke
09abcfb650
Add sinks for popen and proc_open ( #4572 )
...
User input in those two functions could lead to a RCE.
popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
2020-11-16 15:04:22 -05:00
Adrien LUCAS
4cb8e86737
Add a proxy
capability to the flow annotation ( #4495 )
...
* Add a `passthru` capability to the flow annotation
* Fix passthru-calls type
* Fix types and rename to proxy
* Allow to proxy a method
Co-authored-by: Matthew Brown <github@muglug.com>
2020-11-09 15:22:35 -05:00