1
0
mirror of https://github.com/danog/psalm.git synced 2024-11-26 20:34:47 +01:00
Commit Graph

23 Commits

Author SHA1 Message Date
Matt Brown
7f0ac653a1
First creation_function param isnÆt really a sink 2021-01-29 11:46:18 +01:00
Markus Staab
2c998aea7e
documented type in InternalTaintSinkMap (#4627) 2021-01-29 11:46:17 +01:00
Lukas Reschke
2ad5eee193
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
2021-01-29 11:46:16 +01:00
Lukas Reschke
ce05165384
Split LDAP into custom category (#4604)
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
2021-01-29 11:46:14 +01:00
Lukas Reschke
99d094b5e0
Add SSRF sinks (#4592) 2021-01-29 11:46:14 +01:00
Matt Brown
2c69618347
Break out TaintedInput issues into a lot of separate ones 2021-01-29 11:46:13 +01:00
Benjamin Morel
4cd6a2b532
DateTimeInterface::getTimeZone() can return false (#4579)
Fixes #4515
2021-01-29 11:46:12 +01:00
Benjamin Morel
8d37f16616
mysqli::$insert_id can be a string (#4577) 2021-01-29 11:46:12 +01:00
Tyson Andre
e06350b1ad
Fix curl_multi_getcontent signature (#4580) 2021-01-29 11:46:12 +01:00
Lukas Reschke
ff55dba130
Add sinks for popen and proc_open (#4572)
User input in those two functions could lead to a RCE.

popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
2021-01-29 11:46:11 +01:00
orklah
88a075456d
Add undocumented properties in SoapFault (#4510) 2021-01-29 11:46:06 +01:00
Matt Brown
0f022c711d
Remove use of PHP 7.2 function 2021-01-29 11:45:02 +01:00
Philip Hofstetter
61a24c5577
improve mb_strtolower return type (#4469)
this fixes #4455
2021-01-29 11:45:02 +01:00
Matt Brown
a495e067ca
Protect more calls 2021-01-29 11:44:34 +01:00
Matt Brown
f9adf24d6d
Use lists everywhere for args 2021-01-29 11:44:34 +01:00
Matt Brown
7df404bfb5
Fix #4374 - prevent paradox and allow Psalm to understand more assignments in conditionals 2021-01-29 11:41:13 +01:00
Matt Brown
3a95ab9885
getShortName does not return a class-string 2021-01-29 11:41:12 +01:00
Matt Brown
1a4292b992
4.x - fix callmap regressions 2021-01-29 11:39:52 +01:00
Matt Brown
88284c2b3d
4.x - add support for PHP 8 callmap 2021-01-29 11:39:51 +01:00
Matt Brown
36ed769b9f
Add more fixes 2021-01-29 11:39:51 +01:00
Matt Brown
df98750963
Fix order 2021-01-29 11:39:51 +01:00
Matt Brown
3558a66a12
Add changes from PHPStan‘s functionmap 2021-01-29 11:39:51 +01:00
Matt Brown
a531c2e450
Move static code out of src 2021-01-29 11:39:51 +01:00