danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-12 09:19:40 +01:00
Code Issues Projects Releases Wiki Activity
8,178 Commits 43 Branches 314 Tags 108 MiB
44f8d71e72
Commit Graph

3896 Commits

Author SHA1 Message Date
orklah
0e17a3354f
add stubs for standard iterators (#4725) 
* add stubs for standard iterators

* Apply suggestions from code review cc @weirdan

Co-authored-by: Bruce Weirdan <weirdan@gmail.com>

* complete stub + delete code made redundant by stubs + fix some syntax in stubs

* fix parse error

Co-authored-by: Bruce Weirdan <weirdan@gmail.com>
 2021-01-07 10:07:07 -05:00
Adrien LUCAS
0f5886746f
Taint specialized calls even when not using a variable (#4940) 2021-01-06 14:14:52 -05:00
Matt Brown
7ffea7c425 Fix #4917 - allow array_reduce to be called with a single arg 2021-01-06 12:59:51 -05:00
orklah
665170eadb
add ArrayAccess to SimpleXmlElement (#4934) 
* add ArrayAccess to SimpleXmlElement

* add test
 2021-01-06 09:44:12 -05:00
orklah
f9fccb2b2d
implement DTO for plugins (#4881) 
* implement DTO for plugins

* introduce EventHandler + reintroduce legacy API for plugins
 2021-01-06 09:05:53 -05:00
orklah
bcc378bd20
handle concatenation with int parts (#4938) 2021-01-06 09:01:53 -05:00
Matthew Brown
13497b8d2b Break out parent and implemented class checks 2021-01-05 17:49:55 -05:00
orklah
c47230c690
Infer result of modulo 1 operation statically (#4926) 2021-01-03 16:56:04 +00:00
Lukas Bestle
2d17b744ce
SARIF report: Include help links (#4924) 2021-01-03 01:45:21 +00:00
Lukas Bestle
245a331be3
Full support for $this in @var annotations (#4922) 
Fixes #4916.
 2021-01-03 01:44:35 +00:00
Matthew Brown
2898e556e4 Fix test 2020-12-29 16:52:59 +00:00
Matthew Brown
7764a4ce6c Fix #4912 - detect mismatching property type 2020-12-29 16:37:03 +00:00
Matthew Brown
ddd99970a9 Fix #4901 - simplify mapping of template types within class 2020-12-29 12:24:33 +00:00
orklah
1d9987e0ed
fix phpdoc (#4905) 2020-12-29 11:42:41 +00:00
orklah
09fb141e49
Document lowercase-string when possible (#4904) 
* document lowercase-string

* fix missing strtolower
 2020-12-29 11:42:12 +00:00
orklah
3684ceff4c
Illegal offset (#4865) 
* Illegal offset access

* add tests

* fix tests
 2020-12-26 10:33:49 +00:00
Fran Moreno
fcd9dcb9b5
Allow by reference parameters in method docblock (#4873) 2020-12-21 17:11:34 +00:00
Bruce Weirdan
89ff4282df
Allow assertions on static class properties (#4833) 
* Minimal implementation for assertions on static properties

* Added inheritance tests

* Add support for `ClassName::$var`

* Import strpos() to keep phpcs happy

* Add support for conditional assertions on static properties
 2020-12-21 17:05:44 +00:00
Matt Brown
6eae582763 Prevent mixed array offset in array creation 
Fixes #4846
 2020-12-16 08:18:18 -05:00
Matt Brown
05e319a6ed Fix #4827 - don’t eradicate double after int check 2020-12-14 23:08:07 -05:00
Matt Brown
4b12cd9e18 Fix #4837 - bind correct static class when checking mixin types 2020-12-14 22:51:32 -05:00
Matt Brown
e43f2259ea Fix #4839 - undefined possibly set in by-reference should be treated as such 2020-12-14 16:57:48 -05:00
Matt Brown
fbaaf05f48 Fix psl inheritance stuff cc @azjezz 2020-12-13 16:58:03 -05:00
2e3s
d8d6811ed4
Memoize private inferred mutation-free methods (#4832) 2020-12-12 10:26:14 -05:00
Matt Brown
cc1c643168 Fix #4829 – don’t crash when yielding non-existent class 2020-12-11 10:04:28 -05:00
Matt Brown
a27c674cee Add test for #4825 2020-12-10 13:51:49 -05:00
Matt Brown
2a92025737 Union types if stmt already has one 2020-12-10 01:40:20 -05:00
Matt Brown
b7a7e2fb87 Fix get magic property checks 2020-12-10 01:29:07 -05:00
Matt Brown
37659445f0 Improve accuracy of optional example 2020-12-10 01:12:58 -05:00
Matt Brown
e6dad6e65f Be smarter when choosing inherited param types 
Ref #4803
 2020-12-10 00:15:37 -05:00
Matt Brown
beefa2aea3 Fix #4817 - allow optional inference 2020-12-09 19:32:56 -05:00
Matt Brown
9423324d65 Fix #4791 - only generate special has-array-key assertions for unknown key types 2020-12-08 19:45:47 -05:00
Matt Brown
524084a64c Tighten up rules arouund when mutation-free methods get memoised 2020-12-08 16:39:06 -05:00
Matt Brown
be3f30ff1d Fix #4812 - reconcile array assertion on template as type correctly 2020-12-08 14:17:37 -05:00
Matt Brown
1e0bcc1876 Fix #4803 - always derive method params the same way 2020-12-08 11:27:51 -05:00
Matt Brown
387ab14bda Use better stubs for Serializable and SoapClient 2020-12-08 11:27:51 -05:00
2e3s
e46c68b1e5
Overwrite memoized return type after sum-type candidate is calculated (#4805) 
* Overwrite memoized return type after sum-type candidate is calculated

* Fix mismatched types

* Fix code style
 2020-12-08 09:35:11 -05:00
Matt Brown
91ee4aeca3 Fix #4797 - sanitise assertion output of template result 2020-12-07 19:11:56 -05:00
Matt Brown
8a76a43d8c Fix #4798 - improve conversion from type back to PhpParser node 2020-12-07 14:39:58 -05:00
Matt Brown
f5dd6e76f8 Fix #4802 - don’t clone context when analysing coalesce 2020-12-07 14:30:57 -05:00
Matt Brown
e702e472fc Support simple list assignment in foreach 
Ref #4741
 2020-12-06 19:14:52 -05:00
Matt Brown
dff2943096 Fix #4794 - invvalidate dependent types when their variables change 2020-12-06 18:16:22 -05:00
Matt Brown
9c0e9a3d7e Taint all when conditional return is used 
Ref #4792
 2020-12-06 11:24:48 -05:00
Matt Brown
4d1aae43f9 Fix #4778 - remove already-initialized properties when checking initialisation 2020-12-06 11:07:59 -05:00
Matt Brown
cec8d7138f Fix #4782 - don’t replace closure types with upper bounds when replacing class param types 2020-12-05 11:58:55 -05:00
Matt Brown
3f155792a7 Allow nested specialisation 2020-12-04 15:44:29 -05:00
Matt Brown
fd67d41120 Fix #4769 – don’t use unique ids for new generated nodes 2020-12-04 15:44:29 -05:00
Bruce Weirdan
c27cd3d472
Fix windows builds (#4775) 
* Choco now offers PHP 8 only

* Bump build deps to allow PHP 8 builds

* Bump slevomat

* Disable coverage to allow paratest

* Bump dummy project version to allow testing on PHP 8
 2020-12-04 15:11:14 -05:00
Matt Brown
4a0e2f543e Fix implicit void closure not getting recognised 2020-12-04 13:16:05 -05:00
Matt Brown
fb88145780 Fix #4767 - rescan directly-affected class-interface relationships 2020-12-04 01:19:51 -05:00
orklah
62d5ea83a1
Allow int casts if the type comes from calculation (#4768) 2020-12-03 23:15:07 -05:00
Matt Brown
0411049559 Mixed array access should mark vars as used just in case 2020-12-03 13:09:08 -05:00
Matt Brown
2feba22a00 Make more try vars potentially undefined 
Fixes #4764
 2020-12-03 11:44:10 -05:00
Matt Brown
51a92aa223 Fix interface property regression 2020-12-03 11:13:10 -05:00
Matt Brown
833f132cb3 Fix #4760 - prevent unpacked vars from breaking call when checking unitialised properties 2020-12-03 10:12:54 -05:00
Matt Brown
bef9ab37e6 Fix #4759 – don’t generate assertion when assigning to same-named variable 2020-12-03 09:42:26 -05:00
Matt Brown
6f916553a8 Ref #4753 - allow int literals to inform key type 2020-12-02 17:13:45 -05:00
Matt Brown
db8a3ab846 Fix #4751 - allow MethodSignatureMismatch to be overridable when info comes from docblock 2020-12-02 15:13:28 -05:00
Matt Brown
e2bb02e93c Don’t suggest a potential value that’s undefined 
Fixes #4754
 2020-12-02 14:49:30 -05:00
Matt Brown
b64eb6d716 Break out array_key_exists tests 2020-12-02 14:42:16 -05:00
Matt Brown
a2b20f094d Fix #4752 - add property base assertions too 2020-12-02 12:43:21 -05:00
Matt Brown
928fdda00f Don’t do new isset conversion on try-set vars 2020-12-02 01:47:49 -05:00
Matt Brown
7bd4d969a4 Ensure that strict empty handling always happens 2020-12-01 22:50:21 -05:00
Matt Brown
5a200ca442 Fix assertions on unions 2020-12-01 21:12:03 -05:00
Matt Brown
61e374f33b Fix null array access complaints 2020-12-01 20:10:48 -05:00
Matt Brown
e7f9ce6da0 Break out RedundantCast issues 2020-12-01 17:25:45 -05:00
orklah
f0c0ac0616
handle return flag for a try/catch/finally (#4746) 
* handle return flag for a try/catch/finally

* add tests for psalter
 2020-12-01 12:55:27 -05:00
Matt Brown
75a6d88773 Fix #4705 - clear documenting method ids when scanning stubs 2020-12-01 11:23:38 -05:00
Matt Brown
27d928b684 Add failing testcase for #4705 2020-12-01 10:26:45 -05:00
Matt Brown
7295e28e20 Fix #4743 - simplify assertions generated from array_key_exists check 2020-11-30 22:10:17 -05:00
orklah
a760a2418a
support shift and bitwise operations in constants (#4740) 2020-11-29 21:43:49 -05:00
orklah
b60c42adca
improve Atomic Types documentation (#4735) 
* improve Atomic Types documentation

* add doc

* add doc
 2020-11-29 21:41:36 -05:00
orklah
5222cadfb3
Check from_docblock property to emit the right issue (#4736) 2020-11-29 21:40:13 -05:00
Matt Brown
4d81682fdd Fix #4731 - expand out class-bound generic types when evaluating instance method 2020-11-29 21:36:50 -05:00
Matt Brown
86b6d6a506 Fix #4733 - don’t replace template types when they’re defined on the same class 2020-11-29 19:12:22 -05:00
Matt Brown
601c1d8cd0 Expand out constants in param types earlier 2020-11-29 19:07:35 -05:00
Matt Brown
58b306b6e3 Ensure class template types are mapped to static methods where necessary 
Ref #4733
 2020-11-29 17:40:52 -05:00
Matt Brown
15a5bd5e29 Simplify storage and retrieval of extended template params 2020-11-29 15:05:32 -05:00
Matthew Brown
60ac109c01
Add RedundantPropertyInitializationCheck (#4732) 
* Add RedundantPropertyInitializationCheck

* add documentation for RedundantPropertyInitializationCheck (#4734)

Co-authored-by: orklah <orklah@users.noreply.github.com>
 2020-11-29 11:57:20 -05:00
Matt Brown
14616b707a Remove unset thing 2020-11-29 09:38:58 -05:00
Matt Brown
0efd4ebd7d Detect some erroneous issets 2020-11-29 09:26:39 -05:00
Matt Brown
de1fa03f77 Fix template type selection 2020-11-28 09:53:11 -05:00
Bruce Weirdan
fc29d26879
Added test to enforce that all supported annotations are documented (#4723) 
* Added test to enforce that all supported annotations are documented

Well, at least mentioned.

Refs vimeo/psalm#3816

* Type things

* Make things pretty

* Only check @psalm- annotations, group

* Add documentation for `@psalm-require-extends` and `@psalm-require-implements`

* Dropped logicalOr that has become redundant

* Add explicit tag

* Document @psalm-template

* Add @psalm-template-covariant

* Document `@psalm-method`

* Add list of undocumented docblock annotations

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-27 21:48:16 -05:00
Matt Brown
53c5e52ef2 Fix #3017 - use correct keys when converting list to array 2020-11-27 20:05:16 -05:00
orklah
32bf18dff0
fix array_column with possibly_undefined keys (#4719) 2020-11-27 17:05:54 -05:00
orklah
f19cac6ecf
add annotation @psalm-param-out (#4717) 
* add annotation @psalm-param-out

* add tag in documentation
 2020-11-27 17:05:26 -05:00
Matt Brown
ffabce19c5 Add complex issue error 2020-11-27 17:02:37 -05:00
Matt Brown
5f065d3d74 Turn template bound tuples into object 
Ref #4714
 2020-11-27 11:43:30 -05:00
orklah
b60182c514
better fix for reconciling iterable and object (#4712) 2020-11-27 09:10:55 -05:00
Matt Brown
b224970281 Fix generic ArrayAccess creation cc @orklah 2020-11-26 10:00:03 -05:00
orklah
f7cfdaabd7
Allow reconciling between object and iterable (#4706) 
* Allow reconciling between object and iterable

* add tests
 2020-11-26 09:25:49 -05:00
orklah
4bbb72329e
Fix PHPMAXINT offset (#4707) 2020-11-26 09:24:32 -05:00
Matt Brown
0c477da310 Fix test failures 2020-11-25 20:05:09 -05:00
Matt Brown
f3e0201a99 Treat $a ?? $b identically to isset($a) ? $a : $b 2020-11-25 14:34:05 -05:00
Matt Brown
d40d63f180 Fix #4699 - treat isset like !== null when variable is defined 2020-11-25 14:04:55 -05:00
orklah
b6a3282589
Detect redundant cast (#4695) 
* detect redundant cast

* fix redundant cast issues

* fix redundant cast in tests
 2020-11-25 12:04:48 -05:00
Matt Brown
41af653bd4 Add support for some dependent types 2020-11-24 14:50:35 -05:00
Benjamin Morel
5748a4e25a
Fix PdoStatementReturnTypeProvider (#4683) 
* Fix PdoStatementReturnTypeProvider

Methods returning scalars may return null as well.

* Fix tests
 2020-11-23 18:41:12 -05:00
Matt Brown
2c5f767098 Fix tests 2020-11-23 15:51:58 -05:00
orklah
b6cb9785ac
Prevent illegal array keys (#4660) 
* Emit an issue when an array-key is not legal

* tests
 2020-11-23 15:20:39 -05:00
Matt Brown
b14a62338e Fix test 2020-11-23 13:14:40 -05:00
erikjwaxx
25d8c6d21e
Narrow inference of $a <=> $b from "int" to "-1|0|1" (#4680) 
* A <=> operator has a literal type of -1|0|1 and not simply int

* Test to verify inferred type of $a <=> $b is -1|0|1
 2020-11-23 13:10:51 -05:00
Matt Brown
9a03a9a5d0 Move param taint sink addition after arguuments have been analysed 2020-11-22 19:39:40 -05:00
Matt Brown
b782dd4225 Make sure conditional escaping works for static methods too 2020-11-22 13:39:32 -05:00
Matt Brown
af008953a8 Fix #4661 - support conditional escaping for functions 2020-11-22 13:24:33 -05:00
Matt Brown
60b3086b9a Fix #4609 - add more attribute rules 2020-11-22 01:15:52 -05:00
Matt Brown
66d574b82e Fix #4475 - verify that used attributes actual use the Attribute attribute 2020-11-22 00:52:56 -05:00
Matt Brown
11825a2cc2 Fix #4611 - flag invalid attribute arguments correctly 2020-11-22 00:44:44 -05:00
Matt Brown
6b1112e6ea Fix #4653 - prevent crash with recursive type in root namespace 2020-11-22 00:26:14 -05:00
Matt Brown
baca927aab Fix #4643 - use PHP8 union types when possible 2020-11-21 22:50:56 -05:00
Matt Brown
df2ec48018 Don’t erase already-known literal ints 
Fixes #4644
 2020-11-21 18:26:13 -05:00
Matt Brown
3728837ef9 Only run unused code analysis where necessary 2020-11-21 18:25:18 -05:00
Matt Brown
f0ae0e5cb4 Break aparat type combiner 2020-11-21 18:11:29 -05:00
Lukas Reschke
ffb0c4ae17
Implement variadic taint propagation (#4649) 
* Implement variadic taint propagation

* Lint code
 2020-11-21 17:41:40 -05:00
orklah
509a937d1b
use int|string in phpdoc format for array-key (#4645) 2020-11-21 17:38:40 -05:00
Lukas Reschke
3943b55f8a
Add psalm-flow for string functions from sscanf to wordwrap (#4591) 
* Add string functions from sscanf to wordwrap

This should conclude all string functions from https://www.php.net/manual/en/book.strings.php

Continuation of https://github.com/vimeo/psalm/pull/4576

Ref https://github.com/vimeo/psalm/issues/3636

* Add StrTrReturnTypeProvider

* Fix psalm error

* phpcs

* Line length

* Ignore false return on vsprintf

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-21 17:35:07 -05:00
Matt Brown
62b0ddd74d Fix test 2020-11-20 19:07:48 -05:00
Matt Brown
23ab0f1ddb Allow Psalm to run in taint analysis mode without a config 2020-11-20 19:02:44 -05:00
orklah
6b72599ec5
allow static return type in PHP8 (#4641) 2020-11-20 18:46:35 -05:00
Matt Brown
1cead18760 Fix #4637 - prevent regression when negating function call with === false 2020-11-20 09:56:53 -05:00
Dalibor Karlović
da632ca73a
feature: allow plugin manager to work without config file (#4639) 2020-11-20 09:54:14 -05:00
orklah
e04f219948
return static instead of self when static context detected (#4632) 
* return this instead of self when static context detected

* replace $this by static
 2020-11-19 19:02:25 -05:00
Matt Brown
78d644d1a1 Change TaintedText to TaintedCallable 2020-11-19 19:01:19 -05:00
Lukas Reschke
78f4a0691c
Add dedicated types for 'file', 'header' and 'cookie' (#4630) 
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
 2020-11-19 17:47:29 -05:00
Matt Brown
de49892525 Fix #4626 - array_key_exists should infer type for first arg where possible 2020-11-19 15:40:27 -05:00
Matt Brown
ff3fff56d4 Simplify assertion negations, centralising as much as possible 
Now the flag passed to scrapeAssertions just determines the errors emitted
 2020-11-19 14:32:49 -05:00
Matt Brown
7803cc228b Revert "Fix #4624 - allow in_array to work with list arrays" 
This reverts commit 08ae85a735.
 2020-11-19 12:49:26 -05:00
Matt Brown
08ae85a735 Fix #4624 - allow in_array to work with list arrays 2020-11-19 09:26:41 -05:00
Matt Brown
7c02fa76d1 Fix #4620 - reconciled literal strings cannot carry taints 2020-11-19 09:06:25 -05:00
Matt Brown
95de6cf177 Allow immutable classes to be specialised through calls 2020-11-19 01:38:20 -05:00
Matt Brown
be275ae972 Fix #4605 - taint parent-declared property 2020-11-18 13:34:47 -05:00
Lukas Reschke
ddbfbb28e6
Split LDAP into custom category (#4604) 
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
 2020-11-18 11:39:36 -05:00
Matt Brown
3f7f959726 Fix #4599 - propagate taints to parent callers where necessary 2020-11-18 09:59:54 -05:00
Lukas Reschke
5ba4681c17
Add SSRF sinks (#4592) 2020-11-18 00:52:48 -05:00
Matt Brown
ab3961d9b3 Sanity check to ensure closure uses aren’t removed 2020-11-18 00:38:28 -05:00
Matt Brown
28dee4146a Fix tests 2020-11-17 17:53:46 -05:00
Matt Brown
2aa98bc5d0 Simplify tainted output a bit, removing duplicate paths 2020-11-17 17:17:18 -05:00
Matt Brown
adeaa33a64 Don’t propagate taints to child constructor args 2020-11-17 16:49:29 -05:00
Matt Brown
4e5111f1a8 Fix #4472 - if something flows into a byref var it’s used 2020-11-17 15:30:53 -05:00
Lukas Reschke
494ec40777
Add SARIF as report output (#4582) 
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
 2020-11-17 13:23:20 -05:00
Matt Brown
43af3b1a57 Break out TaintedInput issues into a lot of separate ones 2020-11-17 12:44:31 -05:00
Dusk
0fe3e1f83b
Allow named arguments to variadic functions (#4575) 
Closes #4563
 2020-11-16 15:49:27 -05:00
Lukas Reschke
09abcfb650
Add sinks for popen and proc_open (#4572) 
User input in those two functions could lead to a RCE.

popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
 2020-11-16 15:04:22 -05:00
orklah
6f8b463860
Detect trying to access to a list with a negative offset (#4552) 2020-11-15 20:26:50 -05:00
Matt Brown
26b4cd1fb9 Fix #4529 - allow unsetting with complex array key 2020-11-14 08:57:25 -05:00
Matt Brown
d97c8b750a Add closure-use termination for byref flows 2020-11-13 13:37:27 -05:00
Matt Brown
2e47ca51d5 Fix #4547 - mark unused uses 2020-11-13 13:13:29 -05:00
Matt Brown
57125c7106 Uses by ref should be assigned that way 2020-11-13 12:50:01 -05:00
Matt Brown
086237aab7 Fix #4544 - improve handling of get_class in match 2020-11-13 11:55:42 -05:00
Matt Brown
13b83e6132 Fix #4545 - allow intersections in more places 2020-11-13 09:43:30 -05:00