Matt Brown
|
601c1d8cd0
|
Expand out constants in param types earlier
|
2020-11-29 19:07:35 -05:00 |
|
Matt Brown
|
ea314cc1c0
|
Simplify calling of replacer methods
|
2020-11-29 16:27:00 -05:00 |
|
Matt Brown
|
4d22723525
|
Break out replacement of templated types with their inferred result
|
2020-11-29 16:16:16 -05:00 |
|
Matt Brown
|
6db8132b4c
|
Simplify call analysers a bit
Ref #4714
|
2020-11-27 16:31:10 -05:00 |
|
Matt Brown
|
5f065d3d74
|
Turn template bound tuples into object
Ref #4714
|
2020-11-27 11:43:30 -05:00 |
|
Matt Brown
|
9a03a9a5d0
|
Move param taint sink addition after arguuments have been analysed
|
2020-11-22 19:39:40 -05:00 |
|
orklah
|
ae0486529e
|
Unused psalm-suppress (#4646)
|
2020-11-21 17:39:40 -05:00 |
|
Matt Brown
|
8dd229f6c0
|
Only ignore literal flows when tainting
|
2020-11-18 18:43:41 -05:00 |
|
Matt Brown
|
236292ff05
|
Fix #4600 - set attributes in a bunch of places
|
2020-11-18 12:44:59 -05:00 |
|
Matt Brown
|
3f7f959726
|
Fix #4599 - propagate taints to parent callers where necessary
|
2020-11-18 09:59:54 -05:00 |
|
Matt Brown
|
28dee4146a
|
Fix tests
|
2020-11-17 17:53:46 -05:00 |
|
Matt Brown
|
adeaa33a64
|
Don’t propagate taints to child constructor args
|
2020-11-17 16:49:29 -05:00 |
|
Matt Brown
|
2f7bf2a144
|
Bind lower bounds to upper bounds as well when no upper bound can be inferred
Ref #4485
|
2020-11-11 17:46:09 -05:00 |
|
Matt Brown
|
b731b53d5e
|
Add debug stuff for code complexity
|
2020-11-10 12:49:42 -05:00 |
|
Matt Brown
|
e27cbfba57
|
Reduce size of data flow graph when analysing array assignments
|
2020-11-09 22:44:36 -05:00 |
|
Matt Brown
|
3e9c5d3600
|
Add support for @return never
|
2020-11-04 12:30:02 -05:00 |
|
Matt Brown
|
b5a3f45d52
|
Remove use of PHP 7.2 function
|
2020-11-04 11:02:34 -05:00 |
|
Matt Brown
|
09228131d8
|
Use falsy value
|
2020-11-01 22:57:30 -05:00 |
|
Matt Brown
|
966b139504
|
Fix dupe semicolons
|
2020-11-01 11:42:09 -05:00 |
|
Matt Brown
|
024d93b7fd
|
Fix #4467 - variables are only the same if they were set in the same location
|
2020-11-01 11:26:42 -05:00 |
|
Matt Brown
|
fe294a4dc0
|
Don’t overwrite true flag
|
2020-10-18 01:24:36 -04:00 |
|
Matt Brown
|
3c29ffd0b7
|
Ignore just-coerced vars
|
2020-10-17 23:35:24 -04:00 |
|
Matt Brown
|
4488d5fb1f
|
Use more accurate arguments count
|
2020-10-14 18:51:15 -04:00 |
|
Matt Brown
|
724b25b918
|
Change control_flow_graph to data_flow_graph
|
2020-10-13 17:28:12 -04:00 |
|
Matt Brown
|
516141a380
|
Rename ControlFlowGraph to more appropriate DataFlowGraph
|
2020-10-13 16:49:03 -04:00 |
|
Matt Brown
|
fcfa746ba8
|
Fix #4310 - prevent literal class check on union
|
2020-10-12 14:45:11 -04:00 |
|
Matt Brown
|
7195275993
|
Fix #4299 - only allow unpacking for the zeroeth-indexed element
|
2020-10-08 09:51:27 -04:00 |
|
Matt Brown
|
009b33b17d
|
Support @no-named-args when calling in PHP 8
|
2020-10-02 20:58:51 -04:00 |
|
Matt Brown
|
63a11bae15
|
4.x - Support named arguments
Ref #4089
|
2020-10-02 20:27:01 -04:00 |
|
Matt Brown
|
fc001cdf65
|
Treat func_get_args as using function params
|
2020-09-30 13:08:01 -04:00 |
|
Matt Brown
|
14efde286f
|
4.x - refactor unused variable detection
This turns unused variable detection into an explicit control-flow problem, where before we had a more simplistic mark-and-sweep algorithm
|
2020-09-30 12:28:13 -04:00 |
|
Brown
|
da65a4327f
|
Move taint graph functionality into its own object
|
2020-09-25 00:37:40 -04:00 |
|
orklah
|
83ca918824
|
preg_split can't take null in limit (#4236)
* preg_split can't take null in limit
* fix wrong type in preg_split
|
2020-09-22 13:46:37 -04:00 |
|
Brown
|
56cddd16bf
|
Rename TaintGraph to ControlFlowGraph because it’s about to do more
|
2020-09-20 23:59:52 -04:00 |
|
Brown
|
0f6a271858
|
Improve file-based suppression of taints
|
2020-09-20 19:37:25 -04:00 |
|
Brown
|
2968b3b065
|
Add to StatementsAnalyzer taint object instead of Context
|
2020-09-20 18:42:21 -04:00 |
|
Brown
|
abb9502921
|
Rename Taint object to TaintGraph
|
2020-09-20 18:27:02 -04:00 |
|
Brown
|
77e84b3817
|
Fix a few more things
|
2020-09-13 23:28:31 -04:00 |
|
Brown
|
249903e18a
|
Fix style issues
|
2020-09-13 21:45:07 -04:00 |
|
Brown
|
56bae3b587
|
Add check for strpos dictionaries
Ref #4070
|
2020-09-13 21:42:44 -04:00 |
|
orklah
|
da47588f91
|
replace return; by return null; in every non-void method, add return null; when mising, add return types, remove redundant phpdoc (#4176)
|
2020-09-13 16:39:06 -04:00 |
|
Brown
|
6ffe471525
|
Make new InvalidLiteralArgument issue for strpos refs
Ref #4070
|
2020-09-10 22:54:32 -04:00 |
|
Brown
|
aaede393d4
|
Fix #4070 - prevent literal strpos argument
|
2020-09-10 18:28:34 -04:00 |
|
Brown
|
fe4af8ff1a
|
Minor fixes
|
2020-09-07 17:22:43 -04:00 |
|
Matthew Brown
|
422271b2cf
|
Prevent variables named "haystack" from receiving literal strings
cc @staabm
|
2020-09-05 00:35:48 -04:00 |
|
Brown
|
4d82d3ddad
|
Fix #4128 - improve understanding of preg_match_all
|
2020-09-04 18:10:14 -04:00 |
|
orklah
|
f66d57f19d
|
add native return types (#4116)
* add native return types
* remove redundant phpdoc
|
2020-09-04 16:26:33 -04:00 |
|
orklah
|
73f6fcde48
|
Short list syntax (#4102)
* Short list syntax
* revert unrelated CS
|
2020-09-02 00:17:41 -04:00 |
|
Brown
|
92239add4d
|
Add some backwards-incompatible changes for 4.x
|
2020-08-30 11:44:14 -04:00 |
|
Brown
|
76bd5b6278
|
Refactor type comparison
|
2020-07-21 19:40:35 -04:00 |
|