Brown
dd25b81d3a
Fix #3670 - taint mixed foreach access
2020-06-24 19:16:30 -04:00
Brown
f72b609d42
Fix #3642 - detect missing property when name matches
2020-06-23 13:12:46 -04:00
Brown
7f05b3c530
Add $_REQUEST as a taint source
...
Ref #3636
2020-06-22 17:16:15 -04:00
Brown
8f2e28c36b
Improve tainting of specializable classes
2020-06-19 01:22:51 -04:00
Brown
49f0592794
Improve tracking of array taints
2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4
Track taints from all tainted arrays
2020-06-18 13:45:58 -04:00
Brown
7d9a99a956
Fix #3609 - interpret strings as regular static calls
2020-06-18 11:56:08 -04:00
Brown
f609a01497
Move static property fetch analyzer to own class
2020-06-18 11:53:24 -04:00
Brown
db67be5965
Fix #3483 - analyse variable static property access properly
2020-05-29 09:28:34 -04:00
Brown
0ef00f5756
Fix #3460 - allow isset checks on static properties
2020-05-26 17:40:27 -04:00
Brown
953be61cf2
Allow limiting connected taint paths
2020-05-25 23:28:11 -04:00
Brown
7e7456c863
Make taint checks more thorough
2020-05-25 17:10:53 -04:00
Brown
118b700436
Simplify sink mapping for internal calls
2020-05-25 13:10:06 -04:00
Brown
3416e33348
Fix indentation
2020-05-25 01:23:28 -04:00
Brown
240b2f898c
Add some negative test cases for @mixin
...
Also fix #3452
2020-05-25 00:19:52 -04:00
Matthew Brown
1d17c02fba
Fix #3442 - support broader type after initial array assignment
2020-05-23 23:23:50 -04:00
Brown
63c3678ae5
Improve property location resolution
2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680
Add faster taint analysis
2020-05-22 12:33:29 -04:00
Brown
0b2da18f1e
Break up StatementsAnalyzer
2020-05-19 12:56:30 -04:00
Brown
5ee1487a01
Make ExpressionAnalyzer more beautiful
2020-05-18 15:13:27 -04:00
Brown
c212c03e40
Don’t stop analysing when encountering an UndefinedGlobalVariable
...
Fixes #3366
2020-05-14 22:51:51 -04:00
Brown
2af0a17d03
Fix #3236 - allow use-checking of more methods starting with __
2020-05-12 22:39:26 -04:00
Brown
8f2f2617d4
Improve refactor
2020-05-10 22:45:01 -04:00
Brown
5f4d162dd5
Break out type expander into separate class
2020-05-10 22:39:18 -04:00
Brown
48da7a4be8
Fix issues found with Vimeo’s code
2020-05-10 21:09:48 -04:00
Brown
28349c6423
Remove mixin_fqcln hack
2020-05-10 09:04:30 -04:00
Brown
bf5e178d16
Fix #3289 - treat property on non-generic type like actual value
2020-05-02 23:37:59 -04:00
Brown
d2d795018f
Fix #3138 - fix inherited property template type inference
2020-04-18 16:57:13 -04:00
Brown
73f8f963fa
Expand out class constants as early as possible
...
Fixes #3128
2020-04-12 20:38:36 -04:00
Brown
9d2957d339
Fix a few more edge-cases
2020-04-12 01:26:11 -04:00
Brown
db7447abd7
Make array coercion-to--mixed rules a little more lenient
2020-04-10 16:21:48 -04:00
Brown
3a4dd70403
Prevent MixedMethodCall from generated array offsetGet calls
2020-04-09 11:45:15 -04:00
Brown
bd92ec6cd3
Detect nested issues
2020-04-09 10:42:54 -04:00
Brown
bd2104c5ba
Merge with mixed in nested arrays
2020-04-09 09:27:21 -04:00
Brown
d868710b2b
Fix handling of built arrays
2020-04-08 16:11:11 -04:00
Brown
067104e170
Fix #3084 - keep track of upper and lower bounds of inferred template types
2020-04-07 00:13:56 -04:00
Brown
fca6585f6e
Be more lenient when inside isset
2020-04-04 11:15:13 -04:00
Matthew Brown
7fdccc0439
Fix #3014 - change constant class access rules
2020-03-29 09:47:29 -04:00
Matthew Brown
de6aee32d1
Fix #3035 - improve templating for property assignments
2020-03-28 17:18:21 -04:00
Matthew Brown
47c1470e3b
Refactor reference checks to use more appropriate properties
2020-03-28 16:30:56 -04:00
Brown
cc548a45fa
Improve detection of unused classes
2020-03-28 14:45:58 -04:00
Brown
971ae50bea
Do prep work for #3024 - improve handling of absent class references
2020-03-26 12:35:27 -04:00
Brown
a9b6c51748
Improve new $class to make it more static-y
2020-03-24 18:30:08 -04:00
Matthew Brown
c986cdf12e
Allow edge-case of by-reference assignment with unitiliazed property
...
Fixes #3003
2020-03-21 19:23:32 -04:00
Matthew Brown
bfb919d26a
Break out methods into their own classes
2020-03-11 23:04:52 -04:00
Brown
a0da7356e9
Fix #2935 - make handling of templated properties much less hacky
2020-03-09 09:59:02 -04:00
Matthew Brown
51bfc7c619
Only emit mixed issues for MissingClassPropertyType
...
Fixes #2388
2020-03-06 07:57:00 -05:00
Matthew Brown
88c4088bc2
Prevent self/static refs outside classes
...
Fixes #2895
2020-03-01 17:25:55 -05:00
Matthew Brown
1abece4f7c
Use more accurate types
2020-02-23 17:03:27 -05:00
Matthew Brown
6ad3d039df
Prevent more array<mixed,...> creation
2020-02-22 12:12:40 -05:00
Matthew Brown
db17c85dd6
Fix #2787 - make accessing undefined objectlike key an error
2020-02-22 00:29:59 -05:00
Matthew Brown
aea33824e6
Fix #1555 - allow phantom class constants
2020-02-18 19:46:05 -05:00
Brown
6e8088776d
Use better return type for SimpleXMLElement::offsetGet
2020-02-18 10:58:56 -05:00
Matthew Brown
653353709a
Use MethodIdentifier object instead of string
2020-02-14 20:54:26 -05:00
Brown
b87161785d
Be even more permissive
2020-02-13 17:58:15 -05:00
Brown
1c42875179
Support lowercase-string and warn about unnecessary calls to strtolower
2020-02-13 16:38:58 -05:00
Brown
f141f7c526
Improve --diff checks by including trait-using classes in dependents
2020-02-11 16:39:33 -05:00
Matthew Brown
8d7fb2b415
Add config flag to support properties without a magic getter
2020-02-02 14:23:38 -05:00
Brown
3b6f53a356
Revert "Fix #2724 - make sure behaviour is not dependent on array type"
...
This reverts commit 1df03b0ff2
.
2020-01-31 17:25:15 -05:00
Brown
1df03b0ff2
Fix #2724 - make sure behaviour is not dependent on array type
2020-01-31 16:46:05 -05:00
Matthew Brown
5eb2ebc508
Add more type-system protections for bad array args
2020-01-29 23:41:17 -05:00
Matthew Brown
5c3ec7a531
Fix #2696 - make sure static property references are prevented in pure functions
2020-01-27 22:55:20 -05:00
Matthew Brown
471d7610f0
Fix #2644 - improve type inference of autoloaded constants
2020-01-17 09:52:43 -05:00
Matthew Brown
4e85967184
Fix tests
2020-01-05 21:58:18 -05:00
Matthew Brown
867511d7fd
Use more specific error magic properties
2020-01-05 21:07:26 -05:00
Matthew Brown
2fb5a9d326
Few small improvements
2020-01-05 18:37:07 -05:00
Matthew Brown
d4ef5c2a4a
Fix read flags
2020-01-05 17:20:09 -05:00
Matthew Brown
9fa2db1b6c
Move Union::getTypes to Union::getAtomicTypes
2020-01-04 12:20:26 -05:00
Matthew Brown
55c2f7faa2
Fix #2508 - don’t replace templated types with generic ones inside own function
2019-12-28 18:38:02 -05:00
Matthew Brown
068afa09d3
Add very basic implementation for class-string-map
...
Fixes #1969
2019-12-27 12:49:28 -05:00
Brown
b3cf9d3958
Catch circular references in constants
...
Fixes #2453
2019-12-10 16:16:44 -05:00
Matthew Brown
69e6624b16
Fix #2436 - fix templating of property types inside templated functions
2019-12-08 19:25:40 -05:00
Matthew Brown
83b10bb9af
Fix #2426 , or at least some of it
2019-12-08 00:49:34 -05:00
Tyson Andre
6b2c1401c8
Workaround for uncaught InvalidArgumentException ( #2420 )
...
Fixes #2419
2019-12-04 23:16:51 -05:00
Brown
e1dd22ef6c
Allow static::class to be used in array assertions
2019-12-04 12:23:26 -05:00
Brown
821f3528d2
Fix #701 - indicate issues fixable with Psalter
2019-12-02 15:24:01 -05:00
Matthew Brown
6a98108deb
Apply @ShiraNai7’s fix for null const values
2019-11-29 10:12:46 -05:00
Pavel Batečko
dc78e9c57b
Update password function types for PHP 7.4 ( #2396 )
...
* Support NULL predefined constants
* Fix #2395 - update password_hash() and password_needs_rehash() types for PHP 7.4
* Change $fq_const_name check so it still uses isset
2019-11-29 09:30:01 -05:00
Matthew Brown
4052e6dfac
Allow isset to check for property initialisation
...
Ref #2382
2019-11-28 09:12:17 -05:00
Brown
f97a8f0d5b
Use more accurate way to determine list size
2019-11-26 16:34:19 -05:00
Brown
0bcb7863f3
Use better system for storing inferred types and assertions
2019-11-25 11:44:54 -05:00
Matthew Brown
2369bac943
Preserve self refs where possible
2019-11-16 19:59:08 -05:00
Matthew Brown
7d7d4dd926
Fix style stuff
2019-11-15 21:47:53 -05:00
Brown
55bf6a2db3
Migrate static return types
2019-11-15 16:50:43 -05:00
Brown
96586f16c0
Fix phpcs issues
2019-11-11 10:11:42 -05:00
Brown
af5f83602e
Break out more specific possibly defined offset errors
2019-11-11 09:59:56 -05:00
Matthew Brown
94d4b876ba
Fix #2177 - mark variables in try block as potentially undefined
2019-11-09 12:25:30 -05:00
Brown
06b64a4a01
Detect erroneous use of empty check on bools
2019-11-06 16:14:46 -05:00
Matthew Brown
5910a362ea
Improve report output of taint analysis
2019-10-19 17:59:10 -04:00
Matthew Brown
e5623e9257
Fix function call
2019-10-11 23:33:36 -04:00
Matthew Brown
4478d31593
Taint arrays in creation
2019-10-11 23:28:17 -04:00
Matthew Brown
03c39cbe7c
Fix #2223 - make sure lists are handled in more places
2019-10-10 20:16:43 -04:00
Brown
b75720c32b
Add more list types
2019-10-09 10:04:34 -04:00
Brown
2d4a7fbe3e
Fix array fetch analysis offset
2019-10-08 19:01:00 -04:00
Brown
16c33d1565
Add support for list type
...
Fixes #2209
2019-10-08 18:44:46 -04:00
Brown
b0aaede9e1
Add support for checking integer array offsets
2019-10-04 11:08:08 -04:00
Matthew Brown
d85fbaec09
Add stricter checks after first isset
2019-10-03 21:34:56 -04:00
Brown
d225374d6d
Fix #2156 - do better inference after isset
2019-10-01 19:31:08 -04:00
Brown
a81c3067ad
Store the whole type
2019-10-01 17:09:32 -04:00
Matthew Brown
f8a2eae0e2
Fix #2186 - use expanded class name for aliased class
2019-09-30 22:15:48 -04:00
Brown
2c9a082b3e
Fix #2172 - only complain about missing offset if it’s really missing
2019-09-25 19:02:49 -04:00
Brown
648dda67ed
Fix Psalm issues
2019-09-25 13:12:29 -04:00
Brown
1a48be8e9c
Fix #2165 - coerce null array offset to zero
2019-09-25 12:17:37 -04:00
Brown
c68dcf2f74
Don’t coerce false to null when coming from ignore-false type
2019-09-20 15:30:29 -04:00
Brown
be4894c8e0
Fix #2155 - coerce false to 0, true to 1 in array offset
2019-09-20 15:21:38 -04:00
Matthew Brown
9ad6c36d9b
Conditionally verify that array offsets exist ( #2147 )
...
* Check array offsets idea
* Clean up some issues
* Add a few light fixes
* Add docs
2019-09-18 14:21:06 -04:00
Matthew Brown
0b4981f01b
Fix #1551 - do better at inferring class constant types
2019-09-14 14:26:31 -04:00
Matthew Brown
d941294a84
Move class const analysis
2019-09-14 13:12:54 -04:00
Matthew Brown
d27935d109
Improve accuracy around array addition
2019-09-08 10:23:12 -04:00
Brown
aba3659311
Add more specific key coercion rules when assigning to arrays
2019-08-27 15:12:25 -04:00
Brown
4db8ca6a1d
Cleanup extra issues from recent fixes
2019-08-27 14:16:34 -04:00
Brown
3b865f6509
Fix #2048 - allow mixed array to be assigned specific string keys
2019-08-27 10:18:58 -04:00
Brown
fef61e996e
Propagate possibly-null issues onto fetched properties
2019-08-23 13:27:38 -04:00
Matthew Brown
1b983babd0
Allow unset of potentially invalid array key type
2019-08-18 18:06:41 -04:00
Matthew Brown
62dff200d5
Fix redundant condition
2019-08-17 18:02:38 -04:00
Matthew Brown
b6dc8f547e
Fix #2031 - still get class const return type after defined check
2019-08-17 18:01:24 -04:00
Brown
538abbc54c
Fix #2020 - allow static::CONST_NAME to have non-mixed type in final class
2019-08-15 10:41:30 -04:00
Matthew Brown
600999a3a8
Add better typing
2019-08-14 00:47:57 -04:00
Brown
c3949e3194
Improve taint protection for exec-related commands
2019-08-13 19:18:50 -04:00
Matthew Brown
d5b026839c
Add support for different taint types ref #1990
2019-08-12 23:16:05 -04:00
Brown
37d93141c4
Only register taints on known magic properties
2019-08-06 13:05:34 -04:00
Brown
0dc6b74fb4
Add taintedness to magic property fetches
2019-08-06 12:54:12 -04:00
Matthew Brown
8f6d432dd0
Add support for magic property comprehension
2019-08-05 23:19:22 -04:00
Matthew Brown
b2c0993cdc
Add framework for taint analysis to Psalm
...
Ref #611
2019-08-04 10:37:36 -04:00
Matthew Brown
1ae9ea5fed
Use object instead of by-ref params
2019-07-10 01:35:57 -04:00
Matthew Brown
d0f6f85dba
Fix #1899 - detect dead code after array assignment
2019-07-04 16:38:31 -04:00
Brown
5c76b3c82d
Fix #1888 - add go-to-variable
2019-07-01 18:48:33 -04:00
Matthew Brown
f5809ec24a
Only add node references to explicit locations
2019-07-01 11:12:12 -04:00
Brown
62c37a84f2
Fix tokenising bug found while analysing Phan cc @TysonAndre
2019-06-28 12:29:39 -04:00
Brown
6b32565a9b
Allow references to deprecated class inside the class
2019-06-27 13:36:39 -04:00
LeSuisse
f29826b958
Fully qualify constants and function calls ( #1849 )
...
This should give a small performance boost.
Part of #1837 .
The change is enforced via phpcs and can be autofixed
with phpcbf.
2019-06-26 16:52:29 -04:00
Brown
5ed49c0c03
Fixed #1848 - allow static class strings to be compared
2019-06-26 15:11:16 -04:00
Matthew Brown
31c8a2e4d7
Add offsets to type tokenisation
...
Ref #1832
2019-06-22 23:30:40 -04:00
Brown
bdf54ae1fa
Fix #1814 - warn about deprected ::class access
2019-06-19 12:42:51 -04:00
Brown
10613192c9
Fix #1803 - complain about DeprecatedClass when using its constants
2019-06-18 16:21:04 -04:00
Matthew Brown
f46ccf0a5d
Strip text from end of @psalm-type
2019-06-16 12:39:07 -04:00
Matthew Brown
06e913e37b
Fix #1791 - complain about missing class constants
2019-06-15 12:19:26 -04:00
Matthew Brown
b0678bdc74
Improve treatment of key-of
...
Ref #1698
2019-06-07 21:27:50 -04:00
Matthew Brown
0287adfd44
Fix const replacements when moving classes
2019-06-06 07:05:30 -04:00
Brown
3e15fa8bfe
Fix bad namespacing
2019-06-05 11:15:52 -04:00
Brown
f309c755f8
Add ability to move classes
2019-06-05 08:50:24 -04:00
Brown
c7f35c263c
Fix #1737 properly
2019-06-04 14:08:49 -04:00
Brown
67c9851b95
Fix Psalm bug, and add test to capture it
2019-06-04 13:43:11 -04:00
Brown
778b95d335
Add support for moving class constants
2019-06-04 11:14:49 -04:00
Matthew Brown
a9809ab28a
Add property moving & renaming
2019-06-04 00:32:19 -04:00
Matthew Brown
2439a9f6a0
Allow instance method renaming, too
2019-06-02 12:02:39 -04:00
Matthew Brown
7e4de611bf
Migrate class references in static calls
2019-06-01 10:07:45 -04:00
Matthew Brown
a252fb84da
Fix namespaced method moving
2019-06-01 01:33:21 -04:00
Matthew Brown
cc89b9254d
Add initial ideas for moving static methods
...
Ref #1595
2019-06-01 00:56:54 -04:00
Matthew Brown
f5e4b9b45f
Fix #1713 - don’t crash when a property is unset
2019-05-31 19:49:24 -04:00