danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2025-01-05 20:48:45 +01:00
Code Issues Projects Releases Wiki Activity
7,748 Commits 43 Branches 314 Tags 108 MiB
387bfbd9e0
Commit Graph

6078 Commits

Author SHA1 Message Date
Matt Brown
95de6cf177 Allow immutable classes to be specialised through calls 2020-11-19 01:38:20 -05:00
Matt Brown
d60abaf858 Unfix fixes 2020-11-18 19:19:07 -05:00
Matt Brown
8dd229f6c0 Only ignore literal flows when tainting 2020-11-18 18:43:41 -05:00
Matt Brown
be275ae972 Fix #4605 - taint parent-declared property 2020-11-18 13:34:47 -05:00
Matt Brown
39c508f9d1 Fix #4603 - fix arithmetic to prevent end column 0 2020-11-18 13:19:54 -05:00
Matt Brown
236292ff05 Fix #4600 - set attributes in a bunch of places 2020-11-18 12:44:59 -05:00
Lukas Reschke
ddbfbb28e6
Split LDAP into custom category (#4604) 
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
 2020-11-18 11:39:36 -05:00
Matt Brown
4bb84f7f0a Add more attributes to fake PhpParser generated expressions 
Ref #4600
 2020-11-18 10:16:41 -05:00
Matt Brown
3f7f959726 Fix #4599 - propagate taints to parent callers where necessary 2020-11-18 09:59:54 -05:00
Lukas Reschke
5ba4681c17
Add SSRF sinks (#4592) 2020-11-18 00:52:48 -05:00
Matt Brown
f3cde30b77 Only create vendor dir in config if it exists 2020-11-18 00:06:58 -05:00
Matt Brown
6e39c24a17 Don’t exit with 1 when running security analysis in GitHub Actions and generating a file 2020-11-17 22:49:25 -05:00
Matt Brown
28dee4146a Fix tests 2020-11-17 17:53:46 -05:00
Matt Brown
f6591e6d0f Use resolution that works in multithreaded mode 2020-11-17 17:24:46 -05:00
Matt Brown
2aa98bc5d0 Simplify tainted output a bit, removing duplicate paths 2020-11-17 17:17:18 -05:00
Matt Brown
adeaa33a64 Don’t propagate taints to child constructor args 2020-11-17 16:49:29 -05:00
Matt Brown
854a5b2ec5 Allow TaintedInput to suppress all emitted issues 2020-11-17 16:08:05 -05:00
Matt Brown
4e5111f1a8 Fix #4472 - if something flows into a byref var it’s used 2020-11-17 15:30:53 -05:00
Lukas Reschke
494ec40777
Add SARIF as report output (#4582) 
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
 2020-11-17 13:23:20 -05:00
Matt Brown
43af3b1a57 Break out TaintedInput issues into a lot of separate ones 2020-11-17 12:44:31 -05:00
Matt Brown
42802e11d1 Allow PHP major version to determine substr return type 2020-11-16 16:31:33 -05:00
Dusk
0fe3e1f83b
Allow named arguments to variadic functions (#4575) 
Closes #4563
 2020-11-16 15:49:27 -05:00
Thomas Mauro Vargiu
4e8fb9c37f
Fix #4549 Better intersection between parent types (#4560) 2020-11-15 20:29:49 -05:00
orklah
6f8b463860
Detect trying to access to a list with a negative offset (#4552) 2020-11-15 20:26:50 -05:00
Matt Brown
5b004a1d11 Fix #4558 - Don’t convert value-of to key-of template 2020-11-15 18:33:07 -05:00
Matt Brown
26b4cd1fb9 Fix #4529 - allow unsetting with complex array key 2020-11-14 08:57:25 -05:00
Matt Brown
f65868c023 Fix style 2020-11-13 16:43:36 -05:00
Matt Brown
d97c8b750a Add closure-use termination for byref flows 2020-11-13 13:37:27 -05:00
Matt Brown
e7e5904d2d Remove unused uses in Psalm’s codebase 2020-11-13 13:16:39 -05:00
Matt Brown
2e47ca51d5 Fix #4547 - mark unused uses 2020-11-13 13:13:29 -05:00
Matt Brown
57125c7106 Uses by ref should be assigned that way 2020-11-13 12:50:01 -05:00
Matt Brown
4c1cf37d52 Improve error message for UnusedVariable 2020-11-13 12:36:17 -05:00
Matt Brown
086237aab7 Fix #4544 - improve handling of get_class in match 2020-11-13 11:55:42 -05:00
Matt Brown
13b83e6132 Fix #4545 - allow intersections in more places 2020-11-13 09:43:30 -05:00
Matt Brown
5a62dc5c40 Fix #4540 - use correct method when simulating property setting 2020-11-12 23:56:29 -05:00
Matt Brown
556fb12966 Move mutation checks to more appropriate place 2020-11-12 23:54:50 -05:00
Matt Brown
ec9762ce61 Prevent the same interface, repopulated, from confusing matters 2020-11-12 15:52:13 -05:00
Matt Brown
58c47ab32c Fix build 2020-11-12 14:22:54 -05:00
Matt Brown
3dd185e395 Fix #4537 - use more rigorous inerhitance for return and param types 2020-11-12 13:54:27 -05:00
Matt Brown
929efcc1ac Use the same docblock as the source params, if possible 2020-11-12 09:14:40 -05:00
Matt Brown
b7551e712a Use better way to determine which signture to use 
Fixes #4524
 2020-11-11 19:22:23 -05:00
Matt Brown
2f7bf2a144 Bind lower bounds to upper bounds as well when no upper bound can be inferred 
Ref #4485
 2020-11-11 17:46:09 -05:00
Matt Brown
a8d7248c31 Fix #4524 - do better template param inheritance 2020-11-11 13:25:17 -05:00
Matt Brown
5ad1e80e99 Fix #4527 - improve interpolated string types 2020-11-11 00:38:26 -05:00
Matt Brown
5a5cbb2892 Increase nesting 2020-11-10 18:27:28 -05:00
Matt Brown
165e0db157 Fix style 2020-11-10 16:19:24 -05:00
Matt Brown
46ebca4497 Fix coalesce operation tainting 2020-11-10 14:36:36 -05:00
Matt Brown
a82a9558d2 Experiment with refactor 2020-11-10 12:50:17 -05:00
Matt Brown
b731b53d5e Add debug stuff for code complexity 2020-11-10 12:49:42 -05:00
Matt Brown
81babf2430 Clone to prevent incorrect references 2020-11-10 09:01:46 -05:00
Matt Brown
e27cbfba57 Reduce size of data flow graph when analysing array assignments 2020-11-09 22:44:36 -05:00
Adrien LUCAS
4cb8e86737
Add a proxy capability to the flow annotation (#4495) 
* Add a `passthru` capability to the flow annotation

* Fix passthru-calls type

* Fix types and rename to proxy

* Allow to proxy a method

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-09 15:22:35 -05:00
Matt Brown
32d526bde9 Add descendant variables for closure uses 
Fixes #4522
 2020-11-09 15:20:28 -05:00
Matt Brown
e97a9c86eb Fix #4517 - track type contradiction issues in match expressions 2020-11-09 10:00:53 -05:00
Matt Brown
3aaa1d8447 Fix #4516 - treat exit() as the empty type 2020-11-09 08:44:03 -05:00
Matt Brown
683546e024 Fix #4519 - prevent crash with empty match 2020-11-09 08:36:59 -05:00
Matt Brown
8799e1a337 Break apart complex method 2020-11-09 00:58:45 -05:00
Matt Brown
6acd667e55 Fix #4509 - treat expression-derived constants as mixed 2020-11-08 15:36:38 -05:00
Matt Brown
ab2ab826d2 Add slashes 2020-11-08 14:34:09 -05:00
Matt Brown
0be4f2fedf Fix/ignore reflection bugs 2020-11-08 14:27:37 -05:00
Wouter J
58318282c5
Add support for PHP 8 union types (#4505) 2020-11-08 14:23:03 -05:00
Matt Brown
20e37d8cb6 Add a comment to show workings 2020-11-08 13:08:45 -05:00
Matt Brown
24c9702aa5 Remove unused imports 2020-11-08 12:31:21 -05:00
Matt Brown
6da0905478 Separate out good from the bad 2020-11-08 12:29:23 -05:00
Matt Brown
67f9853756 Preserve reconciled taints for all but non-string scalar types 2020-11-08 10:27:58 -05:00
Matt Brown
b635353cf4 Fix redundant thing 2020-11-08 10:18:32 -05:00
Matt Brown
dccf236d16 Fix #4503 - don’t ignore assertions on possibly-null mixed 2020-11-08 10:06:39 -05:00
Matt Brown
b8f5d16e9f Consolidate similar functionality 2020-11-07 00:58:20 -05:00
Matt Brown
bb5b5142d6 Add more info to mic drop code 2020-11-06 21:36:38 -05:00
Matt Brown
45b3dce631 Break apart IfElseAnalyzer 2020-11-06 21:01:17 -05:00
Matt Brown
3359e7699a Rename IfAnalyzer 2020-11-06 20:51:14 -05:00
Axel H
271e0d86be
Fix type inference when unpacking typed iterables (#4487) 
* Add test for unpacking typed iterables

* Fix type inference when unpacking typed iterables into arrays

* Fix possibly undefined array offset
 2020-11-06 17:24:01 -05:00
Matt Brown
9daa534656 Ensure we flush out re-assigned vars also referenced 
Fixes #4488
 2020-11-06 12:51:41 -05:00
Matt Brown
6b06ecec39 Fix #4491 - support assertions in new calls 2020-11-06 11:55:19 -05:00
Matt Brown
debedf2c96 Support pure-Closure annotation 2020-11-06 00:38:57 -05:00
Matthew Brown
1c66646e72
Fix formatting 2020-11-05 19:23:54 -05:00
Matt Brown
388e804ed8 Allow opt-in to strict return type checking 2020-11-05 18:20:04 -05:00
Matt Brown
d47d817843 Fix #4479 - use correct keys in message 2020-11-05 10:13:08 -05:00
Matt Brown
e9dd16f336 Fix #4481 - ReflectionProperty implements Reflector 2020-11-05 09:29:20 -05:00
Matt Brown
b3ff107c20 Add functions 2020-11-04 23:34:38 -05:00
Matt Brown
3bde327f1b Break up CommentAnalyzer 2020-11-04 23:25:08 -05:00
Matt Brown
f3c6d70a9b Use more accurate type for div of ints 2020-11-04 22:39:27 -05:00
Matt Brown
eacc05e73f Fix #2132 - get value of literal int division 2020-11-04 22:32:33 -05:00
Matt Brown
3e9c5d3600 Add support for @return never 2020-11-04 12:30:02 -05:00
Matt Brown
b5a3f45d52 Remove use of PHP 7.2 function 2020-11-04 11:02:34 -05:00
Matt Brown
590af31449 Improve output of Clause::__toString 2020-11-03 17:02:37 -05:00
Matt Brown
91d9dc3759 Fix overeager inference 2020-11-03 16:44:24 -05:00
Matt Brown
b35db3e523 Reorganise things a little 2020-11-03 16:15:54 -05:00
Matt Brown
16bfbd9224 Fix function 2020-11-02 00:54:12 -05:00
Matt Brown
3d4e77beb6 Fix int-mask-of expansion 2020-11-02 00:40:36 -05:00
Matt Brown
09228131d8 Use falsy value 2020-11-01 22:57:30 -05:00
Matt Brown
6922caf9f6 Fix #4466 use better differentiation for class_exists second param 2020-11-01 13:14:17 -05:00
Matt Brown
966b139504 Fix dupe semicolons 2020-11-01 11:42:09 -05:00
Matt Brown
024d93b7fd Fix #4467 - variables are only the same if they were set in the same location 2020-11-01 11:26:42 -05:00
Matt Brown
f0a30b9fd0 Invalidate child methods when signature changes 2020-11-01 09:46:21 -05:00
Matt Brown
667220408c Fix #4464 - bust cache when Psalm’s version changes, not just composer’s 2020-11-01 09:01:53 -05:00
Matt Brown
957a554c4b Support a bunch of attributes 2020-10-30 21:38:27 -04:00
Matt Brown
938cebc9f8 Use better inference for getAttributes return type 
Fixes #4367
 2020-10-30 17:37:16 -04:00
Matt Brown
cbd09adb2a Only load xdebug stub afterwards 
Ref #4459
 2020-10-30 15:11:40 -04:00
Matt Brown
67554dd017 Fix #4453 - sanitise @extends types before attempting to parse 2020-10-30 15:08:23 -04:00