1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-16 19:36:59 +01:00
Commit Graph

335 Commits

Author SHA1 Message Date
Brown
67b2edc328 Allow more things to be suppressed with @psalm-suppress TaintedInput 2020-07-02 11:53:51 -04:00
Brown
ae7c5b095b Fix #3712 - allow taints to be suppressed with @psalm-suppress 2020-07-01 23:23:45 -04:00
Brown
70ab4c18f4 Fix #3720 - allow literal unions in keys to map to object-like arrays 2020-07-01 18:57:19 -04:00
Brown
b84cf74754 Fix #3668 - taint property types for magic properties without @property 2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a Fix #3670 - taint mixed foreach access 2020-06-24 19:16:30 -04:00
Brown
f72b609d42 Fix #3642 - detect missing property when name matches 2020-06-23 13:12:46 -04:00
Brown
7f05b3c530 Add $_REQUEST as a taint source
Ref #3636
2020-06-22 17:16:15 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4 Track taints from all tainted arrays 2020-06-18 13:45:58 -04:00
Brown
7d9a99a956 Fix #3609 - interpret strings as regular static calls 2020-06-18 11:56:08 -04:00
Brown
f609a01497 Move static property fetch analyzer to own class 2020-06-18 11:53:24 -04:00
Brown
db67be5965 Fix #3483 - analyse variable static property access properly 2020-05-29 09:28:34 -04:00
Brown
0ef00f5756 Fix #3460 - allow isset checks on static properties 2020-05-26 17:40:27 -04:00
Brown
953be61cf2 Allow limiting connected taint paths 2020-05-25 23:28:11 -04:00
Brown
7e7456c863 Make taint checks more thorough 2020-05-25 17:10:53 -04:00
Brown
118b700436 Simplify sink mapping for internal calls 2020-05-25 13:10:06 -04:00
Brown
3416e33348 Fix indentation 2020-05-25 01:23:28 -04:00
Brown
240b2f898c Add some negative test cases for @mixin
Also fix #3452
2020-05-25 00:19:52 -04:00
Matthew Brown
1d17c02fba Fix #3442 - support broader type after initial array assignment 2020-05-23 23:23:50 -04:00
Brown
63c3678ae5 Improve property location resolution 2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680 Add faster taint analysis 2020-05-22 12:33:29 -04:00
Brown
0b2da18f1e Break up StatementsAnalyzer 2020-05-19 12:56:30 -04:00
Brown
5ee1487a01 Make ExpressionAnalyzer more beautiful 2020-05-18 15:13:27 -04:00
Brown
c212c03e40 Don’t stop analysing when encountering an UndefinedGlobalVariable
Fixes #3366
2020-05-14 22:51:51 -04:00
Brown
2af0a17d03 Fix #3236 - allow use-checking of more methods starting with __ 2020-05-12 22:39:26 -04:00
Brown
8f2f2617d4 Improve refactor 2020-05-10 22:45:01 -04:00
Brown
5f4d162dd5 Break out type expander into separate class 2020-05-10 22:39:18 -04:00
Brown
48da7a4be8 Fix issues found with Vimeo’s code 2020-05-10 21:09:48 -04:00
Brown
28349c6423 Remove mixin_fqcln hack 2020-05-10 09:04:30 -04:00
Brown
bf5e178d16 Fix #3289 - treat property on non-generic type like actual value 2020-05-02 23:37:59 -04:00
Brown
d2d795018f Fix #3138 - fix inherited property template type inference 2020-04-18 16:57:13 -04:00
Brown
73f8f963fa Expand out class constants as early as possible
Fixes #3128
2020-04-12 20:38:36 -04:00
Brown
9d2957d339 Fix a few more edge-cases 2020-04-12 01:26:11 -04:00
Brown
db7447abd7 Make array coercion-to--mixed rules a little more lenient 2020-04-10 16:21:48 -04:00
Brown
3a4dd70403 Prevent MixedMethodCall from generated array offsetGet calls 2020-04-09 11:45:15 -04:00
Brown
bd92ec6cd3 Detect nested issues 2020-04-09 10:42:54 -04:00
Brown
bd2104c5ba Merge with mixed in nested arrays 2020-04-09 09:27:21 -04:00
Brown
d868710b2b Fix handling of built arrays 2020-04-08 16:11:11 -04:00
Brown
067104e170 Fix #3084 - keep track of upper and lower bounds of inferred template types 2020-04-07 00:13:56 -04:00
Brown
fca6585f6e Be more lenient when inside isset 2020-04-04 11:15:13 -04:00
Matthew Brown
7fdccc0439 Fix #3014 - change constant class access rules 2020-03-29 09:47:29 -04:00
Matthew Brown
de6aee32d1 Fix #3035 - improve templating for property assignments 2020-03-28 17:18:21 -04:00
Matthew Brown
47c1470e3b Refactor reference checks to use more appropriate properties 2020-03-28 16:30:56 -04:00
Brown
cc548a45fa Improve detection of unused classes 2020-03-28 14:45:58 -04:00
Brown
971ae50bea Do prep work for #3024 - improve handling of absent class references 2020-03-26 12:35:27 -04:00
Brown
a9b6c51748 Improve new $class to make it more static-y 2020-03-24 18:30:08 -04:00
Matthew Brown
c986cdf12e Allow edge-case of by-reference assignment with unitiliazed property
Fixes #3003
2020-03-21 19:23:32 -04:00
Matthew Brown
bfb919d26a Break out methods into their own classes 2020-03-11 23:04:52 -04:00
Brown
a0da7356e9 Fix #2935 - make handling of templated properties much less hacky 2020-03-09 09:59:02 -04:00
Matthew Brown
51bfc7c619 Only emit mixed issues for MissingClassPropertyType
Fixes #2388
2020-03-06 07:57:00 -05:00
Matthew Brown
88c4088bc2 Prevent self/static refs outside classes
Fixes #2895
2020-03-01 17:25:55 -05:00
Matthew Brown
1abece4f7c Use more accurate types 2020-02-23 17:03:27 -05:00
Matthew Brown
6ad3d039df Prevent more array<mixed,...> creation 2020-02-22 12:12:40 -05:00
Matthew Brown
db17c85dd6 Fix #2787 - make accessing undefined objectlike key an error 2020-02-22 00:29:59 -05:00
Matthew Brown
aea33824e6 Fix #1555 - allow phantom class constants 2020-02-18 19:46:05 -05:00
Brown
6e8088776d Use better return type for SimpleXMLElement::offsetGet 2020-02-18 10:58:56 -05:00
Matthew Brown
653353709a Use MethodIdentifier object instead of string 2020-02-14 20:54:26 -05:00
Brown
b87161785d Be even more permissive 2020-02-13 17:58:15 -05:00
Brown
1c42875179 Support lowercase-string and warn about unnecessary calls to strtolower 2020-02-13 16:38:58 -05:00
Brown
f141f7c526 Improve --diff checks by including trait-using classes in dependents 2020-02-11 16:39:33 -05:00
Matthew Brown
8d7fb2b415 Add config flag to support properties without a magic getter 2020-02-02 14:23:38 -05:00
Brown
3b6f53a356 Revert "Fix #2724 - make sure behaviour is not dependent on array type"
This reverts commit 1df03b0ff2.
2020-01-31 17:25:15 -05:00
Brown
1df03b0ff2 Fix #2724 - make sure behaviour is not dependent on array type 2020-01-31 16:46:05 -05:00
Matthew Brown
5eb2ebc508 Add more type-system protections for bad array args 2020-01-29 23:41:17 -05:00
Matthew Brown
5c3ec7a531 Fix #2696 - make sure static property references are prevented in pure functions 2020-01-27 22:55:20 -05:00
Matthew Brown
471d7610f0 Fix #2644 - improve type inference of autoloaded constants 2020-01-17 09:52:43 -05:00
Matthew Brown
4e85967184 Fix tests 2020-01-05 21:58:18 -05:00
Matthew Brown
867511d7fd Use more specific error magic properties 2020-01-05 21:07:26 -05:00
Matthew Brown
2fb5a9d326 Few small improvements 2020-01-05 18:37:07 -05:00
Matthew Brown
d4ef5c2a4a Fix read flags 2020-01-05 17:20:09 -05:00
Matthew Brown
9fa2db1b6c Move Union::getTypes to Union::getAtomicTypes 2020-01-04 12:20:26 -05:00
Matthew Brown
55c2f7faa2 Fix #2508 - don’t replace templated types with generic ones inside own function 2019-12-28 18:38:02 -05:00
Matthew Brown
068afa09d3 Add very basic implementation for class-string-map
Fixes #1969
2019-12-27 12:49:28 -05:00
Brown
b3cf9d3958 Catch circular references in constants
Fixes #2453
2019-12-10 16:16:44 -05:00
Matthew Brown
69e6624b16 Fix #2436 - fix templating of property types inside templated functions 2019-12-08 19:25:40 -05:00
Matthew Brown
83b10bb9af Fix #2426, or at least some of it 2019-12-08 00:49:34 -05:00
Tyson Andre
6b2c1401c8 Workaround for uncaught InvalidArgumentException (#2420)
Fixes #2419
2019-12-04 23:16:51 -05:00
Brown
e1dd22ef6c Allow static::class to be used in array assertions 2019-12-04 12:23:26 -05:00
Brown
821f3528d2 Fix #701 - indicate issues fixable with Psalter 2019-12-02 15:24:01 -05:00
Matthew Brown
6a98108deb Apply @ShiraNai7’s fix for null const values 2019-11-29 10:12:46 -05:00
Pavel Batečko
dc78e9c57b Update password function types for PHP 7.4 (#2396)
* Support NULL predefined constants

* Fix #2395 - update password_hash() and password_needs_rehash() types for PHP 7.4

* Change $fq_const_name check so it still uses isset
2019-11-29 09:30:01 -05:00
Matthew Brown
4052e6dfac Allow isset to check for property initialisation
Ref #2382
2019-11-28 09:12:17 -05:00
Brown
f97a8f0d5b Use more accurate way to determine list size 2019-11-26 16:34:19 -05:00
Brown
0bcb7863f3 Use better system for storing inferred types and assertions 2019-11-25 11:44:54 -05:00
Matthew Brown
2369bac943 Preserve self refs where possible 2019-11-16 19:59:08 -05:00
Matthew Brown
7d7d4dd926 Fix style stuff 2019-11-15 21:47:53 -05:00
Brown
55bf6a2db3 Migrate static return types 2019-11-15 16:50:43 -05:00
Brown
96586f16c0 Fix phpcs issues 2019-11-11 10:11:42 -05:00
Brown
af5f83602e Break out more specific possibly defined offset errors 2019-11-11 09:59:56 -05:00
Matthew Brown
94d4b876ba Fix #2177 - mark variables in try block as potentially undefined 2019-11-09 12:25:30 -05:00
Brown
06b64a4a01 Detect erroneous use of empty check on bools 2019-11-06 16:14:46 -05:00
Matthew Brown
5910a362ea Improve report output of taint analysis 2019-10-19 17:59:10 -04:00
Matthew Brown
e5623e9257 Fix function call 2019-10-11 23:33:36 -04:00
Matthew Brown
4478d31593 Taint arrays in creation 2019-10-11 23:28:17 -04:00
Matthew Brown
03c39cbe7c Fix #2223 - make sure lists are handled in more places 2019-10-10 20:16:43 -04:00
Brown
b75720c32b Add more list types 2019-10-09 10:04:34 -04:00
Brown
2d4a7fbe3e Fix array fetch analysis offset 2019-10-08 19:01:00 -04:00
Brown
16c33d1565 Add support for list type
Fixes #2209
2019-10-08 18:44:46 -04:00
Brown
b0aaede9e1 Add support for checking integer array offsets 2019-10-04 11:08:08 -04:00
Matthew Brown
d85fbaec09 Add stricter checks after first isset 2019-10-03 21:34:56 -04:00
Brown
d225374d6d Fix #2156 - do better inference after isset 2019-10-01 19:31:08 -04:00
Brown
a81c3067ad Store the whole type 2019-10-01 17:09:32 -04:00
Matthew Brown
f8a2eae0e2 Fix #2186 - use expanded class name for aliased class 2019-09-30 22:15:48 -04:00
Brown
2c9a082b3e Fix #2172 - only complain about missing offset if it’s really missing 2019-09-25 19:02:49 -04:00
Brown
648dda67ed Fix Psalm issues 2019-09-25 13:12:29 -04:00
Brown
1a48be8e9c Fix #2165 - coerce null array offset to zero 2019-09-25 12:17:37 -04:00
Brown
c68dcf2f74 Don’t coerce false to null when coming from ignore-false type 2019-09-20 15:30:29 -04:00
Brown
be4894c8e0 Fix #2155 - coerce false to 0, true to 1 in array offset 2019-09-20 15:21:38 -04:00
Matthew Brown
9ad6c36d9b
Conditionally verify that array offsets exist (#2147)
* Check array offsets idea

* Clean up some issues

* Add a few light fixes

* Add docs
2019-09-18 14:21:06 -04:00
Matthew Brown
0b4981f01b Fix #1551 - do better at inferring class constant types 2019-09-14 14:26:31 -04:00
Matthew Brown
d941294a84 Move class const analysis 2019-09-14 13:12:54 -04:00
Matthew Brown
d27935d109 Improve accuracy around array addition 2019-09-08 10:23:12 -04:00
Brown
aba3659311 Add more specific key coercion rules when assigning to arrays 2019-08-27 15:12:25 -04:00
Brown
4db8ca6a1d Cleanup extra issues from recent fixes 2019-08-27 14:16:34 -04:00
Brown
3b865f6509 Fix #2048 - allow mixed array to be assigned specific string keys 2019-08-27 10:18:58 -04:00
Brown
fef61e996e Propagate possibly-null issues onto fetched properties 2019-08-23 13:27:38 -04:00
Matthew Brown
1b983babd0 Allow unset of potentially invalid array key type 2019-08-18 18:06:41 -04:00
Matthew Brown
62dff200d5 Fix redundant condition 2019-08-17 18:02:38 -04:00
Matthew Brown
b6dc8f547e Fix #2031 - still get class const return type after defined check 2019-08-17 18:01:24 -04:00
Brown
538abbc54c Fix #2020 - allow static::CONST_NAME to have non-mixed type in final class 2019-08-15 10:41:30 -04:00
Matthew Brown
600999a3a8 Add better typing 2019-08-14 00:47:57 -04:00
Brown
c3949e3194 Improve taint protection for exec-related commands 2019-08-13 19:18:50 -04:00
Matthew Brown
d5b026839c Add support for different taint types ref #1990 2019-08-12 23:16:05 -04:00
Brown
37d93141c4 Only register taints on known magic properties 2019-08-06 13:05:34 -04:00
Brown
0dc6b74fb4 Add taintedness to magic property fetches 2019-08-06 12:54:12 -04:00
Matthew Brown
8f6d432dd0 Add support for magic property comprehension 2019-08-05 23:19:22 -04:00
Matthew Brown
b2c0993cdc Add framework for taint analysis to Psalm
Ref #611
2019-08-04 10:37:36 -04:00
Matthew Brown
1ae9ea5fed Use object instead of by-ref params 2019-07-10 01:35:57 -04:00
Matthew Brown
d0f6f85dba Fix #1899 - detect dead code after array assignment 2019-07-04 16:38:31 -04:00
Brown
5c76b3c82d Fix #1888 - add go-to-variable 2019-07-01 18:48:33 -04:00
Matthew Brown
f5809ec24a Only add node references to explicit locations 2019-07-01 11:12:12 -04:00
Brown
62c37a84f2 Fix tokenising bug found while analysing Phan cc @TysonAndre 2019-06-28 12:29:39 -04:00
Brown
6b32565a9b Allow references to deprecated class inside the class 2019-06-27 13:36:39 -04:00
LeSuisse
f29826b958 Fully qualify constants and function calls (#1849)
This should give a small performance boost.
Part of #1837.

The change is enforced via phpcs and can be autofixed
with phpcbf.
2019-06-26 16:52:29 -04:00
Brown
5ed49c0c03 Fixed #1848 - allow static class strings to be compared 2019-06-26 15:11:16 -04:00
Matthew Brown
31c8a2e4d7 Add offsets to type tokenisation
Ref #1832
2019-06-22 23:30:40 -04:00
Brown
bdf54ae1fa Fix #1814 - warn about deprected ::class access 2019-06-19 12:42:51 -04:00
Brown
10613192c9 Fix #1803 - complain about DeprecatedClass when using its constants 2019-06-18 16:21:04 -04:00
Matthew Brown
f46ccf0a5d Strip text from end of @psalm-type 2019-06-16 12:39:07 -04:00
Matthew Brown
06e913e37b Fix #1791 - complain about missing class constants 2019-06-15 12:19:26 -04:00
Matthew Brown
b0678bdc74 Improve treatment of key-of
Ref #1698
2019-06-07 21:27:50 -04:00
Matthew Brown
0287adfd44 Fix const replacements when moving classes 2019-06-06 07:05:30 -04:00
Brown
3e15fa8bfe Fix bad namespacing 2019-06-05 11:15:52 -04:00
Brown
f309c755f8 Add ability to move classes 2019-06-05 08:50:24 -04:00
Brown
c7f35c263c Fix #1737 properly 2019-06-04 14:08:49 -04:00
Brown
67c9851b95 Fix Psalm bug, and add test to capture it 2019-06-04 13:43:11 -04:00
Brown
778b95d335 Add support for moving class constants 2019-06-04 11:14:49 -04:00
Matthew Brown
a9809ab28a Add property moving & renaming 2019-06-04 00:32:19 -04:00
Matthew Brown
2439a9f6a0 Allow instance method renaming, too 2019-06-02 12:02:39 -04:00