Matt Brown
|
7f0ac653a1
|
First creation_function param isnÆt really a sink
|
2021-01-29 11:46:18 +01:00 |
|
Markus Staab
|
2c998aea7e
|
documented type in InternalTaintSinkMap (#4627)
|
2021-01-29 11:46:17 +01:00 |
|
Lukas Reschke
|
2ad5eee193
|
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'
* Add documentation
* Add mapping for taint flows
* Add tests
* Fix test
|
2021-01-29 11:46:16 +01:00 |
|
Lukas Reschke
|
ce05165384
|
Split LDAP into custom category (#4604)
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
|
2021-01-29 11:46:14 +01:00 |
|
Lukas Reschke
|
99d094b5e0
|
Add SSRF sinks (#4592)
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
2c69618347
|
Break out TaintedInput issues into a lot of separate ones
|
2021-01-29 11:46:13 +01:00 |
|
Benjamin Morel
|
4cd6a2b532
|
DateTimeInterface::getTimeZone() can return false (#4579)
Fixes #4515
|
2021-01-29 11:46:12 +01:00 |
|
Benjamin Morel
|
8d37f16616
|
mysqli::$insert_id can be a string (#4577)
|
2021-01-29 11:46:12 +01:00 |
|
Tyson Andre
|
e06350b1ad
|
Fix curl_multi_getcontent signature (#4580)
|
2021-01-29 11:46:12 +01:00 |
|
Lukas Reschke
|
ff55dba130
|
Add sinks for popen and proc_open (#4572)
User input in those two functions could lead to a RCE.
popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
|
2021-01-29 11:46:11 +01:00 |
|
orklah
|
88a075456d
|
Add undocumented properties in SoapFault (#4510)
|
2021-01-29 11:46:06 +01:00 |
|
Matt Brown
|
0f022c711d
|
Remove use of PHP 7.2 function
|
2021-01-29 11:45:02 +01:00 |
|
Philip Hofstetter
|
61a24c5577
|
improve mb_strtolower return type (#4469)
this fixes #4455
|
2021-01-29 11:45:02 +01:00 |
|
Matt Brown
|
a495e067ca
|
Protect more calls
|
2021-01-29 11:44:34 +01:00 |
|
Matt Brown
|
f9adf24d6d
|
Use lists everywhere for args
|
2021-01-29 11:44:34 +01:00 |
|
Matt Brown
|
7df404bfb5
|
Fix #4374 - prevent paradox and allow Psalm to understand more assignments in conditionals
|
2021-01-29 11:41:13 +01:00 |
|
Matt Brown
|
3a95ab9885
|
getShortName does not return a class-string
|
2021-01-29 11:41:12 +01:00 |
|
Matt Brown
|
1a4292b992
|
4.x - fix callmap regressions
|
2021-01-29 11:39:52 +01:00 |
|
Matt Brown
|
88284c2b3d
|
4.x - add support for PHP 8 callmap
|
2021-01-29 11:39:51 +01:00 |
|
Matt Brown
|
36ed769b9f
|
Add more fixes
|
2021-01-29 11:39:51 +01:00 |
|
Matt Brown
|
df98750963
|
Fix order
|
2021-01-29 11:39:51 +01:00 |
|
Matt Brown
|
3558a66a12
|
Add changes from PHPStan‘s functionmap
|
2021-01-29 11:39:51 +01:00 |
|
Matt Brown
|
a531c2e450
|
Move static code out of src
|
2021-01-29 11:39:51 +01:00 |
|