Brown
6419788a49
Remove false from template param as necessary
...
Fixes #3737
2020-07-03 01:07:50 -04:00
lhchavez
ba63ccb825
Improve \Psalm\Internal\Scanner\DocblockParser::parse() ( #3736 )
...
This change avoids calling `str_replace()` on the original docblock and
instead only operates on the parsed (and modified) lines. This now makes
it so that if there are substrings of the docblock that match a tag
match, it won't get prematurely removed, therefore avoiding mangling of
the parsed docblock's description.
Fixes : #3735
2020-07-02 17:55:57 -04:00
Brown
1745f5cafa
Fix too-long line
2020-07-02 15:32:13 -04:00
Brown
cb94764d22
Prevent false-positive for Exception::__toString overriding
2020-07-02 14:09:56 -04:00
Brown
0c582e9993
Fix #3685 - improve handling of if conditionals inside do
2020-07-02 13:59:59 -04:00
Brown
cf1a8ac5fc
Suppress taints in instance properties
2020-07-02 12:08:42 -04:00
Brown
67b2edc328
Allow more things to be suppressed with @psalm-suppress TaintedInput
2020-07-02 11:53:51 -04:00
Matthew Brown
fab07c58bd
Add slash
2020-07-02 01:32:40 -04:00
Brown
ea82cdc6ea
Fix #3726 - infer generic template from class-string
2020-07-02 01:11:46 -04:00
Brown
fa0f43f0cf
Skip failing test
2020-07-02 00:22:14 -04:00
Brown
ae7c5b095b
Fix #3712 - allow taints to be suppressed with @psalm-suppress
2020-07-01 23:23:45 -04:00
Tyson Andre
e3d59bf5d4
Support taint detection on Throwable::getTraceAsString() ( #3731 )
...
And `__toString()`, which uses getTraceAsString().
Fixes #3696
```php
function login($username, $password, $secret) {
throw new RuntimeException('login failure');
}
try {
login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
// This output includes unescaped 'pass' and SECRET
echo $e, "\n";
echo $e->getTraceAsString();
}
```
2020-07-01 21:27:40 -04:00
Brown
0f548c83ea
Fix redundant condition
2020-07-01 19:31:10 -04:00
Brown
6c62e46d15
Only emit one error for erroneous array_map string closure types
2020-07-01 19:18:01 -04:00
Brown
4d73b2501b
Allow multiple args passed to array_map
2020-07-01 19:11:49 -04:00
Brown
70ab4c18f4
Fix #3720 - allow literal unions in keys to map to object-like arrays
2020-07-01 18:57:19 -04:00
Olle Härstedt
d8e8ce428e
Add new annotation: @psalm-self-out ( #3650 )
...
* Add new config: sealAllMethods
* Add some more tests
* Fix codesniffer issue with preg_quote
* Fix missing method in test
* New tag @self-out (WIP)
* Add self_out_type to method storage
* Add some notes
* More work on self-out (WIP)
* More work on self-out (WIP)
* Use psalm-self-out instead of self-out
* Remove extra file
* Cleanup
* Wrap around try-catch - how to check if a method has/should have storage?
* New method hasStorage()
* Fix indentation
* Fix some errors
* Fix indentation
* Cast storage type to type
* Add proper use-statement in method storage
* Correct test class name
* Allow self_out to be null
* method_id can be string (why, when?)
Co-authored-by: Olle <noemail>
2020-07-01 18:10:24 -04:00
Tyson Andre
b0a3de47e8
Mark create_function() as a taint sink ( #3729 )
...
create_function() is a thin wrapper around eval().
Fixes #3723
2020-07-01 18:09:30 -04:00
Brown
e13da22292
Allow cloning interfaces
2020-07-01 11:14:31 -04:00
Brown
fca350c498
Prevent a few crashes with really bad code
2020-07-01 10:30:10 -04:00
Brown
6047b7b6cb
Fix #3719 - prevent crash when cloning missing class
2020-07-01 10:10:55 -04:00
Brown
cb0f65dd91
Skip taint tests in Windows
2020-07-01 09:49:52 -04:00
binarious
ff990e5f8f
docs(MoreSpecificImplementedParamType): less to more ( #3725 )
2020-07-01 09:01:58 -04:00
jarstelfox
ac5823095d
TemplateChecker: Ensure it's working again ( #3724 )
...
* TemplateChecker: Ensure it's working again
The template checker is erroring on my first template file due to storage missing on my pseudo method. I traced back to your original + noticed the optional param had been removed.
* TemplateChecker: Add missing use
2020-07-01 09:01:25 -04:00
Brown
4c368da75e
Fix #3721 - prevent crash on empty @method
2020-07-01 09:00:33 -04:00
Brown
cceacde01d
Hide fixable issues when running with taint analysis
...
Fixes #3722
2020-07-01 08:55:58 -04:00
Brown
17558a5c0e
Fix #3676 - add multiline output for TaintedInput issues
2020-06-30 13:17:51 -04:00
Brown
671009a70c
Specialize constructor taints cc @TysonAndre
2020-06-29 21:08:43 -04:00
Brown
7288dfc620
Fix #3715 - unserialize is a taint sink
2020-06-29 17:54:47 -04:00
Brown
7253e01000
Fix #3716 - prevent crash for Foo|? return type
2020-06-29 17:52:55 -04:00
Brown
e56483bb54
Fix #3711 - generalize call of specialized class without specializations
2020-06-29 17:42:01 -04:00
Brown
ab29ac0e51
Only cast in echo when tracking taints
2020-06-29 15:06:11 -04:00
Brown
cff976049d
Remove unused vars
2020-06-29 13:24:05 -04:00
Brown
f6e2e0a84a
Perform string casting for taints in ArgumentAnalyzer
2020-06-29 13:21:33 -04:00
Brown
1a582fa636
Change InvalidArgument to InvalidCast in test
2020-06-29 12:55:12 -04:00
Brown
45c21853e5
Fix #3709 - don’t crash on inherited __toString tainting
2020-06-29 12:11:11 -04:00
Matthew Brown
18f9e7487b
Remove string cast
...
Cc @TysonAndre
2020-06-29 09:54:07 -04:00
Brown
aab90fb74e
Fix Psalm errors
2020-06-29 09:29:19 -04:00
Brown
38977d797e
Fix #3697 - cast types via implied __toString method
2020-06-29 09:13:19 -04:00
Brown
b54b832838
Break out method call tainting
2020-06-29 00:14:49 -04:00
Barney Laurance
3f8aa64ee9
Treat methods of internal or psalm internal classes as internal ( #3698 )
...
When both the method and the class are annotated as psalm-internal,
but to different namespaces, we consider the method internal to
whichever namespace is longer, i.e. the smaller code module.
Issue reported at https://github.com/vimeo/psalm/issues/3457
2020-06-28 13:15:54 -04:00
Simon Podlipsky
0f727e7607
Add RdKafka\ProducerTopic::producev() to CallMap ( #3700 )
2020-06-28 13:15:11 -04:00
Brown
c95ebfeb21
Fix #3694 - allow two args for PDO::query
2020-06-26 18:26:06 -04:00
Fabien Villepinte
c42dadaf0d
Redis::getDbNum|getHost can return false ( #3673 ) ( #3693 )
2020-06-26 18:14:10 -04:00
Tyson Andre
3a9c7432e1
Add psalm-taint-specialize for preg_replace_callback ( #3683 )
...
Fixes https://psalm.dev/r/517c4a169e
2020-06-26 08:58:57 -04:00
Brown
bcd7478352
Reduce memory footprint a little
2020-06-25 19:12:30 -04:00
Brown
8404fa0750
Allow use of a different baseline
...
Ref #3672
2020-06-25 17:31:03 -04:00
Brown
559b3d3471
Fix #3681 - taint exit like echo
2020-06-25 17:17:08 -04:00
Brown
07f7e5ccaf
Reconciling should preserve taints
...
Fixes #3680
2020-06-25 17:04:18 -04:00
Brown
9837a60853
Fix #3675 - add taints to filter_var return
...
Doesn’t yet take callback into account
2020-06-25 13:24:26 -04:00