1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-12 17:27:28 +01:00
Commit Graph

412 Commits

Author SHA1 Message Date
cgocast
165df42e00 Apply code review remarks 2023-07-25 10:33:25 +02:00
cgocast
c754a0ea08 Remove TaintedSql sink for PDOStatement related methods 2023-07-25 09:22:49 +02:00
cgocast
719496b46e #10030 Add PDOStatement::bindValuebindValue() and PDOStatement::bindParam() as sources for TaintedSql 2023-07-21 15:27:47 +02:00
Andreas Braun
bea3090aff
Add generic stubs for MongoDB BSON classes 2023-07-13 08:42:06 +02:00
orklah
3e54feb9b4
Merge pull request #9964 from ygottschalk/fix/phpparser-deprecation-name-parts
Fix/phpparser deprecation name parts
2023-07-03 20:59:09 +02:00
kkmuffme
26eb870e47 fix mixed replace return types for arrays
* remove useless replace return type provider code that returned incorrect type for array replacements and was worse duplicate of existing stubs
* require preg patterns to be non-empty-strings as otherwise it will throw a PHP notice
* improve return type of array replacements to be more correct (not fully correct due to https://github.com/vimeo/psalm/issues/5994#issuecomment-1614601590)
2023-06-30 17:08:03 +02:00
Yannick Gottschalk
7aac142a44 Added stub for PhpParser\Node\Name 2023-06-28 03:13:42 +02:00
Yannick Gottschalk
f93d23899d Fix glob CallMap and stub to prevent crash on alpine (and possibly other systems) 2023-06-25 13:17:13 +02:00
kkmuffme
c5fee532f3 consistently ignore falsable return, remove unused suppress with new types 2023-06-24 18:11:15 +02:00
kkmuffme
7f0217d1e3 fix incorrect default stubs 2023-06-24 18:11:15 +02:00
robchett
5fc48bbb62 Add a stub file for Attributes defined by PHP 2023-06-17 12:26:56 +01:00
Sergei Morozov
9ac3e88c70
Unmark DateInterval::$invert as read-only
Despite the PHP documentation recommending that DateInterval properties
should be considered as read-only, there is no way to specify an
inverted interval via the constructor. Therefore, setting this property
on an existing object should not be considered an error.

See: https://www.php.net/manual/en/class.dateinterval.php
2023-06-11 16:43:51 -07:00
kkmuffme
1465ed7c23 fix CoreGenericFunctions.phpstub not falling back to callmap 2023-06-09 12:59:13 +02:00
kkmuffme
6e5fdac32e vprintf is pure too 2023-06-09 12:59:13 +02:00
kkmuffme
a0b87ad935 suppress PHP 7 issues and remove unspecific return type 2023-06-09 12:59:13 +02:00
kkmuffme
cf4536f646 fix incorrect return type of printf 2023-06-09 12:59:12 +02:00
Yannick Gottschalk
a130e2f06c Fixes #9820 2023-06-06 17:02:28 +02:00
Brian Dunne
4929bfb049 Add stubs for Intl ext constants, NumberFormatter 2023-05-31 17:07:43 -05:00
kkmuffme
51d3276c03 Fix https://github.com/vimeo/psalm/issues/9839 2023-05-30 21:34:10 +02:00
Kamil Tekiela
c2bbc6239a Update CoreGenericFunctions.phpstub 2023-05-29 16:16:49 +01:00
RobChett
bd0ba6ee95 Narrow the type of haystack when strpos != false 2023-05-21 10:35:19 +01:00
Grégoire Paris
a6016e3072
Ignore nullable return form SimpleXMLElement::addChild()
It seems unrealistic to require users to perform a null check every time
they call this method.
2023-05-04 21:07:44 +02:00
orklah
40d4e560bc
Merge pull request #9691 from robchett/date_gmdate_return_type
Add return type provider for date/gmdate
2023-04-21 11:33:02 +02:00
RobChett
1a1d9c9bf5 Add return type provider for date/gmdate 2023-04-21 08:12:49 +01:00
RobChett
38d39c27ce Add stub for DateInterval 2023-04-20 15:52:29 +01:00
tuqqu
d3a21acc24 Fix array_flip to preserve non-empty array type 2023-04-13 22:19:44 +02:00
Claudio Zizza
4ec735e696
fix: add missing constructor parameter to IteratorIterator
The second parameter exist since PHP 5.1 and wasn't present in the docs before.
Even reflection wasn't showing this parameter until 8.0.
2023-04-13 00:14:26 +02:00
orklah
94f32e9718
Merge pull request #9323 from othercorey/fix-array-unique
Fix array_unique callmap
2023-03-28 20:27:18 +02:00
Corey Taylor
730bc221e9 Re-add array_unique() stub which preserved array type 2023-03-28 04:09:50 -05:00
orklah
b908f4491f
Merge pull request #9547 from phansys/mysqli
[mysql] Add stubs for `mysqli`, `mysqli_result` and `mysqli_stmt` classes
2023-03-27 21:01:19 +02:00
Javier Spagnoletti
b65a038553 [mysql] Add stubs for mysqli, mysqli_stmt and mysqli_result classes 2023-03-21 06:10:02 -03:00
fluffycondor
f3e950bac7 str_* functions assert for non-empty-string 2023-03-17 17:58:44 +06:00
fluffycondor
cf86b16199 Code style 2023-03-17 16:46:00 +06:00
fluffycondor
c2dae0e43f Add php8 str_* functions signatures 2023-03-17 16:39:04 +06:00
fluffycondor
2c69e3cdcc
Add explanation
Co-authored-by: Bruce Weirdan <weirdan@gmail.com>
2023-03-16 12:37:14 +06:00
fluffycondor
0c3fa5b5d0 Add depth range
According to
https://www.php.net/manual/en/function.json-decode.php#:~:text=The%20value%20must%20be%20greater%20than%200%2C%20and%20less%20than%20or%20equal%20to%202147483647
2023-03-16 12:08:48 +06:00
fluffycondor
d11c7cdb8e Add JSON_THROW_ON_ERROR full support 2023-03-16 12:08:07 +06:00
Corey Taylor
39bb7b45a7 Fix return type of str_split() 2023-03-12 21:15:53 -05:00
fluffycondor
2abefb9618 Return a non-empty-string with JSON_THROW_ON_ERROR | JSON_UNESCAPED_UNICODE 2023-03-10 11:34:23 +06:00
Bruce Weirdan
468dd1be4c
PHP 8.2 attributes moved to 8.2 stub 2023-03-03 04:28:37 -04:00
Corey Taylor
615986ef10 Update pack() stub 2023-02-28 23:50:23 -06:00
Javier Spagnoletti
ab13ddf286 [ibm_db2] Improve return type inference for db2_autocommit() 2023-02-24 19:53:42 -03:00
Ulrich Eckhardt
4da0bede35 FFI Stubs: Extend FFI and FFI\CData definitions.
Both of these define "fuzzy" datatypes, which are mostly evaluated at runtime.
Currently, much of regular use of these will cause useless errors, so define
the stubs so that they simply support any kind of use that could happen.
2023-02-21 23:08:49 +01:00
Ulrich Eckhardt
056e1288eb FFI Stubs: Adjust FFI::new() stub. 2023-02-21 23:01:56 +01:00
Corey Taylor
3ddeecec1a Fix strpos stub return type 2023-02-16 13:34:39 -06:00
Bruce Weirdan
3693300b2d
Made WeakReference mutable
Fixes vimeo/psalm#6544
2023-02-14 19:30:28 -04:00
Kamil Tekiela
8eebebef62 Add curl stubs to prevent crashes 2023-02-13 16:39:40 +00:00
Corey Taylor
cdbd71ba8b Add DatePeriod::INCLUDE_END_DATE option 2023-02-03 13:37:45 -06:00
orklah
54cd529642
Merge pull request #9170 from mmcev106/filter-var-pure
Added @psalm-pure to filter_var()
2023-02-02 23:39:06 +01:00
Mark McEver
b5781c34e8 Fixed a case where the conditional taint, specialize, & flow features were not playing nicely together 2023-02-01 15:41:52 -06:00
Mark McEver
bb2cf1f30a Added @psalm-pure to filter_var() 2023-01-23 15:09:29 -06:00
orklah
a4d1b0691d
Merge pull request #9085 from BenMorel/newInstanceArgs
Fix ReflectionClass::newInstanceArgs() with named parameters
2023-01-19 23:08:21 +01:00
Jack Worman
787b9ae687 Fix dom_import_simplexml() 2023-01-18 18:31:54 -05:00
Benjamin Morel
951f0827a3 Infer getDefaultValueConstantName() type when isDefaultValueConstant() is true 2023-01-15 19:11:10 +01:00
orklah
f415ad56fc
Merge pull request #9073 from therealryanbonham/9066_fix_get_headers_signature
Update Call Maps and Signature for get_headers
2023-01-09 18:41:14 +01:00
Alies Lapatsin
63f328cb4c Unify syntax for redis.phpstub 2023-01-09 14:12:39 +01:00
Benjamin Morel
a669c89074 Fix ReflectionClass::newInstanceArgs() 2023-01-08 23:58:14 +01:00
therealryanbonham
e4e52da218
Merge branch 'master' into 9066_fix_get_headers_signature 2023-01-07 19:27:01 -05:00
orklah
d64023548c
Merge pull request #9067 from weirdan/backed-enum-cases
fix `I::cases()` where `interface I extends BackedEnum`
2023-01-07 21:05:35 +01:00
Ryan Bonham
cb204edcdd
Correct Stubs for PHP 7 and PHP 8 2023-01-07 12:38:49 -05:00
Ryan Bonham
0d360419b7
Update Call Maps and Signature for get_headers 2023-01-06 19:24:00 -05:00
Rudolph Gottesheim
18e8dd9da1 Narrow down the return type of DOMXPath::query() 2023-01-06 16:19:48 +01:00
Bruce Weirdan
afb8c8891b
fix I::cases() where interface I extends BackedEnum
Fixes vimeo/psalm#9065

Inheritance in stubs seems to be broken
2023-01-05 21:35:47 -04:00
Jaroslav Hanslík
65cf669bff
Fix ReflectionClass stub 2023-01-03 23:55:59 +01:00
orklah
e527c68706
Merge pull request #9051 from kukulich/patch-4
Fix `ReflectionClass::getTraitNames()` stub
2023-01-03 23:17:48 +01:00
orklah
f978594157
Merge pull request #9052 from kukulich/patch-5
Fix `ReflectionMethod::getModifiers()` stub
2023-01-03 23:17:09 +01:00
Jaroslav Hanslík
cbea438a23
Fix ReflectionFunctionAbstract::getExtensionName() stub 2023-01-03 22:16:58 +01:00
Jaroslav Hanslík
4f8f233e76
Fix ReflectionMethod::getModifiers() stub 2023-01-03 22:08:36 +01:00
Jaroslav Hanslík
2310c1361d
Fix ReflectionClass::getTraitNames() stub 2023-01-03 21:46:47 +01:00
orklah
3560ef7717
Merge pull request #9046 from kukulich/patch-1
Fix `ReflectionClass::getTraitAliases()` stub
2023-01-03 21:05:17 +01:00
orklah
7cde3c33d2
Merge pull request #9048 from kukulich/patch-3
Fix `ReflectionClass::getReflectionConstants()` stub
2023-01-03 21:04:49 +01:00
Jaroslav Hanslík
9ebefcef7d
Fix ReflectionClass::getReflectionConstants() stub 2023-01-03 18:20:08 +01:00
Jaroslav Hanslík
865a824818
Fix ReflectionClass::getModifiers() stub 2023-01-03 18:15:56 +01:00
Jaroslav Hanslík
415ef8fc75
Fix ReflectionClass::getTraitAliases() stub 2023-01-03 17:58:53 +01:00
orklah
790c30959d
Merge pull request #9016 from Ocramius/feature/#5039-more-refined-types-for-explode-core-function
Refined `explode()` types
2022-12-29 10:23:18 +01:00
Mark McEver
53c3f1ebb3 Prevent other DB escaping functions from escaping non-sql taints 2022-12-28 14:19:01 -06:00
Mark McEver
69f31dcd4a Prevent mysqli escaping functions from escaping non-sql taints 2022-12-28 13:39:01 -06:00
Marco Pivetta
c0c0116809 Using list{0: string, 1?: string} syntax for more precise array key types
Thanks to @orklah's feedback, the `explode()` return type is now much more precise too.

Ref: https://github.com/vimeo/psalm/pull/9016#discussion_r1058458616
2022-12-28 17:48:33 +01:00
Marco Pivetta
bfded43614 Ensure that explode($d, lowercase-string) produces list<lowercase-string> types
This specific distinction seems to be very important for Psalm, as `explode()` and
`lowercase-string` are used aggressively across the codebase.

Also, this change expands the baseline by a few entries, since some of the code locations
instide Psalm itself have un-checked list destructuring operations, as well as array
access calls on potentially undefined array keys produced by `explode()`, which were
previously just `list<string>`, and are now `array{0: string, 1?: string}`, which is
a bit more precise.
2022-12-28 17:26:25 +01:00
Marco Pivetta
04999b172a Refined explode() types
Fixes #5039

This patch removes the need for a custom function return type
provider for `explode()`, and instead replaces all that with a single
stub for the `explode()` function, which provides types for some of
the most common `$limit` input values.

With this change, the `$delimiter` is enforced to be a `non-empty-string`,
which will lead to downstream consumers having to adjust some code accordingly,
but that shouldn't affect the most common scenario of exploding a string
based with a constant `literal-string` delimiter, which most PHP devs tend to do.

This change didn't come with an accompanying test, since that would be a bit
wasteful, but it was verified locally with following script:

```php
<?php

$possible0  = explode(',', 'hello, world', -100);
$possible1  = explode(',', 'hello, world', -1);
$possible2  = explode(',', 'hello, world', 0);
$possible3  = explode(',', 'hello, world', 1);
$possible4  = explode(',', 'hello, world', 2);
$possible5  = explode(',', 'hello, world', 3);
$possible6  = explode(',', 'hello, world', 4);
try {
    $impossible1 = explode('', '', -1);
} catch (Throwable $impossible1) {}

$traced = [$possible0, $possible1, $possible2, $possible3, $possible4, $possible5, $possible6, $impossible1];

/** @psalm-trace $traced */

var_dump($traced);

return $traced;
```

Running psalm locally, this produces:

```
psalm on  feature/#5039-more-refined-types-for-explode-core-function [?] via 🐘 v8.1.13 via ❄️  impure (nix-shell)
❯ ./psalm --no-cache explode.php
Target PHP version: 7.4 (inferred from composer.json) Extensions enabled: dom, simplexml (unsupported extensions: ctype, json, libxml, mbstring, tokenizer)
Scanning files...
Analyzing files...

░

To whom it may concern: Psalm cannot detect unused classes, methods and properties
when analyzing individual files and folders. Run on the full project to enable
complete unused code detection.

ERROR: InvalidArgument - explode.php:11:28 - Argument 1 of explode expects non-empty-string, but '' provided (see https://psalm.dev/004)
    $impossible1 = explode('', '', -1);

ERROR: PossiblyUndefinedGlobalVariable - explode.php:14:96 - Possibly undefined global variable $impossible1 defined in try block (see https://psalm.dev/126)
$traced = [$possible0, $possible1, $possible2, $possible3, $possible4, $possible5, $possible6, $impossible1];

ERROR: ForbiddenCode - explode.php:18:1 - Unsafe var_dump (see https://psalm.dev/002)
/** @psalm-trace $traced */

var_dump($traced);

ERROR: Trace - explode.php:18:1 - $traced: list{0: array<never, never>, 1: non-empty-list<string>, 2: list{string}, 3: list{string}, 4: array{0: string, 1?: string}, 5: array{0: string, 1?: string, 2?: string}, 6: non-empty-list<string>, 7?: Throwable|non-empty-list<string>} (see https://psalm.dev/224)
/** @psalm-trace $traced */

var_dump($traced);

------------------------------
4 errors found
------------------------------

Checks took 6.31 seconds and used 265.386MB of memory
Psalm was unable to infer types in the codebase
```

The actual runtime behavior on PHP 8.x: https://3v4l.org/0NKlW

```
array(8) {
  [0]=>
  array(0) {
  }
  [1]=>
  array(1) {
    [0]=>
    string(5) "hello"
  }
  [2]=>
  array(1) {
    [0]=>
    string(12) "hello, world"
  }
  [3]=>
  array(1) {
    [0]=>
    string(12) "hello, world"
  }
  [4]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [5]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [6]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [7]=>
  object(ValueError)#1 (7) {
    ["message":protected]=>
    string(51) "explode(): Argument #1 ($separator) cannot be empty"
    ["string":"Error":private]=>
    string(0) ""
    ["code":protected]=>
    int(0)
    ["file":protected]=>
    string(9) "/in/0NKlW"
    ["line":protected]=>
    int(11)
    ["trace":"Error":private]=>
    array(1) {
      [0]=>
      array(4) {
        ["file"]=>
        string(9) "/in/0NKlW"
        ["line"]=>
        int(11)
        ["function"]=>
        string(7) "explode"
        ["args"]=>
        array(3) {
          [0]=>
          string(0) ""
          [1]=>
          string(0) ""
          [2]=>
          int(-1)
        }
      }
    }
    ["previous":"Error":private]=>
    NULL
  }
}
```

On PHP 7:

```
Warning: explode(): Empty delimiter in /in/0NKlW on line 11
array(8) {
  [0]=>
  array(0) {
  }
  [1]=>
  array(1) {
    [0]=>
    string(5) "hello"
  }
  [2]=>
  array(1) {
    [0]=>
    string(12) "hello, world"
  }
  [3]=>
  array(1) {
    [0]=>
    string(12) "hello, world"
  }
  [4]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [5]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [6]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [7]=>
  bool(false)
}
```
2022-12-28 17:11:40 +01:00
Jack Worman
8e5904d624 Fix get_object_vars on enums 2022-12-21 22:51:53 -06:00
Jack Worman
e7d4d697ac Reflection class stub updates 2022-12-18 14:35:41 -06:00
Vincent Langlet
50cf28fba1 Fix getParentClass stub 2022-12-18 19:36:13 +01:00
Vincent Langlet
9b5630bea4 Fix ReflectionClass stub 2022-12-18 19:07:41 +01:00
098d5020d0 array_merge_recursive 2022-12-18 14:52:44 +01:00
1dd062a810 Fix #2481 2022-12-18 14:50:51 +01:00
fluffycondor
9a22d682f5 Simplify conditional return 2022-12-18 17:15:24 +06:00
fluffycondor
987981b12a Make sprintf return non-empty-string when arguments non-empty-strings too 2022-12-18 16:53:19 +06:00
Alies Lapatsin
1115cfb980 Merge branch 'master' into php-ext-with-deprecation
# Conflicts:
#	src/Psalm/Config.php
2022-12-12 23:49:01 +01:00
Alies Lapatsin
16ab9f786b Unify a way how to load stubs for extentions 2022-12-10 17:02:47 +01:00
Marco Pivetta
ed2cde1b93 Mark Reflection(Method|Property)#setAccessible() as pure starting from PHP 8.1 onwards
This will highlight unused code.

Ref: https://github.com/php/php-src/pull/5412
Ref: https://wiki.php.net/rfc/make-reflection-setaccessible-no-op
Ref: https://github.com/php/php-src/pull/5411

Example https://3v4l.org/PNeeZ

```php
<?php

class Foo {
    private $bar = 'baz';
    private function taz() { return 'waz'; }
}

//var_dump((new ReflectionProperty(Foo::class, 'bar'))->getValue(new Foo));
//var_dump((new ReflectionMethod(Foo::class, 'taz'))->invoke(new Foo));
```

Produces (starting from PHP 8.1):

```
string(3) "baz"
string(3) "waz"
```
2022-12-07 14:22:15 +01:00
Marco Pivetta
93c5df6bfc Refine ReflectionUnionType and ReflectionIntersectionType for PHP 8.1 and PHP 8.2
* in PHP 8.0, `ReflectionUnionType` is composed on `ReflectionNamedType`s
* in PHP 8.1, `ReflectionIntersectionType` is composed of `ReflectionNamedType`s
* in PHP 8.2, `ReflectionUnionType` is composed of `ReflectionIntersectionType|ReflectionNamedType`s

Slight variations for each PHP version.

As per local testing, this doesn't work yet.

## Local testing setup:
I did some digging to make sure that the stubs work as expected.

Here's what I did to validate this patch locally (since I don't think it can really be fully automated)

## Create a dummy file to verify used symbols

```php
<?php

namespace Testing;

/** @return \ReflectionClass<\stdClass> */
function getAClass(): \ReflectionClass { throw new \Exception('irrelevant'); }
function getAnUnionType(): \ReflectionUnionType { throw new \Exception('irrelevant'); }
function getAnIntersectionType(): \ReflectionIntersectionType { throw new \Exception('irrelevant'); }

// verifying that `getName()` is stubbed in all versions: this should always be a `class-string<\stdClass>`
$name = getAClass()->getName();
// union types should appear starting with PHP 8.0. Starting with PHP 8.2, they allow for intersections.
$unionTypes = getAnUnionType()->getTypes();
// intersection types should appear starting with PHP 8.1
$intersectionTypes = getAnIntersectionType()->getTypes();

$results = [$name, $unionTypes, $intersectionTypes];

/** @psalm-trace $results */ // tracing this will show us the differences between versions
return $results;
```

## Run the script against various `vimeo/psalm` versions

```sh
docker run --rm -ti -v $(pwd):/app -w /app php:7.4 ./psalm --php-version=7.4 --no-cache reflection-test.php | grep Trace

docker run --rm -ti -v $(pwd):/app -w /app php:8.0 ./psalm --php-version=8.0 --no-cache reflection-test.php | grep Trace

docker run --rm -ti -v $(pwd):/app -w /app php:8.1 ./psalm --php-version=8.1 --no-cache reflection-test.php | grep Trace

docker run --rm -ti -v $(pwd):/app -w /app php:8.2.0RC7-cli ./psalm --php-version=8.2 --no-cache reflection-test.php | grep Trace

```

## Evaluate output

```
❯ docker run --rm -ti -v $(pwd):/app -w /app php:7.4 ./psalm --php-version=7.4 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, mixed, mixed} (see https://psalm.dev/224)

❯ docker run --rm -ti -v $(pwd):/app -w /app php:8.0 ./psalm --php-version=8.0 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, non-empty-list<ReflectionNamedType>, mixed} (see https://psalm.dev/224)

❯ docker run --rm -ti -v $(pwd):/app -w /app php:8.1 ./psalm --php-version=8.1 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, non-empty-list<ReflectionNamedType>, non-empty-list<ReflectionNamedType>} (see https://psalm.dev/224)

psalm on  feature/#8720-improve-types-and-purity-for-reflection-symbols [!?] via 🐘 v8.1.13 via ❄️  impure (nix-shell) took 4s
❯ docker run --rm -ti -v $(pwd):/app -w /app php:8.2.0RC7-cli ./psalm --php-version=8.2 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, non-empty-list<ReflectionNamedType>, non-empty-list<ReflectionNamedType>} (see https://psalm.dev/224)
```
2022-12-06 18:26:50 +01:00
Marco Pivetta
79a1a8b26c Removed templated parameters from ReflectionClass#isInstance()
These templates were leading to false positives: assuming
an `object` is given as input, the inferred return
type would always have been `true`, which is obviously
not valid.

Removing them is the healthier alternative, for now.

Ref: https://github.com/vimeo/psalm/pull/8722#discussion_r1027102713
2022-12-06 11:21:09 +01:00
Marco Pivetta
d9a0cc5311 Prevent usage of callable objects in ReflectionFunction::__construct()
As per @weirdan's feedback, we can prevent
the usage of `object` instances that
implement `__invoke()`, as well as `array`
callables, by declaring the ctor argument of
`ReflectionFunction` to be either a real `Closure`,
or a `callable-string`.

While this may not be 100% of scenarios, it is a
healthy way to identify errors in userland.

Ref: https://github.com/vimeo/psalm/pull/8722#discussion_r1027151421
2022-12-06 11:19:16 +01:00
Marco Pivetta
d5cccbade2 Marking ReflectionProperty#$name as string rather than non-empty-string
Because @weirdan is a party pooper (they poop at the parties)

Ref: https://www.youtube.com/watch?v=gjwofYhUJEM
Ref: https://github.com/vimeo/psalm/pull/8722#discussion_r1027151708
2022-12-06 11:12:01 +01:00
Marco Pivetta
322cff6f43 Declaring more precise types and purity boundaries on ext-reflection symbols in .phpstub files
Also:

 * added PHP 8.2 stubs
 * refined types to make impossible scenarios more clear (like `ReflectionIntersectionType#allowsNull()`)

This is a first attempt at refining these types: the structure of these stubs is quite confusing to me,
so I don't know if this approach is correct, and if the stubs are merged together, or if entire symbols
need to be completely re-declared for each PHP version.
2022-12-06 11:08:30 +01:00
Mark McEver
9764803c55 Allowed taints to pass through urlencode() 2022-12-05 17:25:36 -06:00
Matthew Brown
8d36bdc3ed
Make array shapes strict by default (#8701)
* Make array shapes strict by default

* Fix PSL tests
2022-11-11 20:14:21 -05:00
68a5511057 Merge remote-tracking branch 'origin/4.x' into HEAD 2022-11-08 10:25:04 +01:00
Marco Pivetta
5e9b921fc6 Making json_encode() always produce a non-empty-string, when successful
`json_encode()` never produces `''` as a value: that would be invalid JSON anyway
2022-11-07 20:42:47 +01:00