danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-16 19:36:59 +01:00
Code Issues Projects Releases Wiki Activity
8,129 Commits 43 Branches 314 Tags 108 MiB
6b53e79505
Commit Graph

633 Commits

Author SHA1 Message Date
Matt Brown
5f065d3d74 Turn template bound tuples into object 
Ref #4714
 2020-11-27 11:43:30 -05:00
Matt Brown
6de97e3779 Skip missing function params in taint analysis 2020-11-26 11:58:14 -05:00
Matt Brown
d40d63f180 Fix #4699 - treat isset like !== null when variable is defined 2020-11-25 14:04:55 -05:00
Matt Brown
17ceba5c06 Fix bug 2020-11-22 23:32:14 -05:00
Matt Brown
f164a45843 Fix bugs 2020-11-22 19:45:54 -05:00
Matt Brown
9a03a9a5d0 Move param taint sink addition after arguuments have been analysed 2020-11-22 19:39:40 -05:00
Matt Brown
b782dd4225 Make sure conditional escaping works for static methods too 2020-11-22 13:39:32 -05:00
Matt Brown
af008953a8 Fix #4661 - support conditional escaping for functions 2020-11-22 13:24:33 -05:00
Matt Brown
f0ae0e5cb4 Break aparat type combiner 2020-11-21 18:11:29 -05:00
Lukas Reschke
ffb0c4ae17
Implement variadic taint propagation (#4649) 
* Implement variadic taint propagation

* Lint code
 2020-11-21 17:41:40 -05:00
orklah
ae0486529e
Unused psalm-suppress (#4646) 2020-11-21 17:39:40 -05:00
Matt Brown
ce8938263e Fix #4636 - prevent crashes on aliased classes 2020-11-20 09:29:24 -05:00
Matt Brown
78d644d1a1 Change TaintedText to TaintedCallable 2020-11-19 19:01:19 -05:00
Matt Brown
4c315ec45c Closure calls aren’t sinks 2020-11-19 18:44:36 -05:00
Matt Brown
ff3fff56d4 Simplify assertion negations, centralising as much as possible 
Now the flag passed to scrapeAssertions just determines the errors emitted
 2020-11-19 14:32:49 -05:00
Matt Brown
95de6cf177 Allow immutable classes to be specialised through calls 2020-11-19 01:38:20 -05:00
Matt Brown
d60abaf858 Unfix fixes 2020-11-18 19:19:07 -05:00
Matt Brown
8dd229f6c0 Only ignore literal flows when tainting 2020-11-18 18:43:41 -05:00
Matt Brown
236292ff05 Fix #4600 - set attributes in a bunch of places 2020-11-18 12:44:59 -05:00
Matt Brown
3f7f959726 Fix #4599 - propagate taints to parent callers where necessary 2020-11-18 09:59:54 -05:00
Matt Brown
28dee4146a Fix tests 2020-11-17 17:53:46 -05:00
Matt Brown
adeaa33a64 Don’t propagate taints to child constructor args 2020-11-17 16:49:29 -05:00
Matt Brown
43af3b1a57 Break out TaintedInput issues into a lot of separate ones 2020-11-17 12:44:31 -05:00
Matt Brown
42802e11d1 Allow PHP major version to determine substr return type 2020-11-16 16:31:33 -05:00
Dusk
0fe3e1f83b
Allow named arguments to variadic functions (#4575) 
Closes #4563
 2020-11-16 15:49:27 -05:00
Matt Brown
5a62dc5c40 Fix #4540 - use correct method when simulating property setting 2020-11-12 23:56:29 -05:00
Matt Brown
556fb12966 Move mutation checks to more appropriate place 2020-11-12 23:54:50 -05:00
Matt Brown
2f7bf2a144 Bind lower bounds to upper bounds as well when no upper bound can be inferred 
Ref #4485
 2020-11-11 17:46:09 -05:00
Matt Brown
a8d7248c31 Fix #4524 - do better template param inheritance 2020-11-11 13:25:17 -05:00
Matt Brown
b731b53d5e Add debug stuff for code complexity 2020-11-10 12:49:42 -05:00
Matt Brown
e27cbfba57 Reduce size of data flow graph when analysing array assignments 2020-11-09 22:44:36 -05:00
Adrien LUCAS
4cb8e86737
Add a proxy capability to the flow annotation (#4495) 
* Add a `passthru` capability to the flow annotation

* Fix passthru-calls type

* Fix types and rename to proxy

* Allow to proxy a method

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-09 15:22:35 -05:00
Matt Brown
8799e1a337 Break apart complex method 2020-11-09 00:58:45 -05:00
Matt Brown
0be4f2fedf Fix/ignore reflection bugs 2020-11-08 14:27:37 -05:00
Matt Brown
20e37d8cb6 Add a comment to show workings 2020-11-08 13:08:45 -05:00
Matt Brown
24c9702aa5 Remove unused imports 2020-11-08 12:31:21 -05:00
Matt Brown
6da0905478 Separate out good from the bad 2020-11-08 12:29:23 -05:00
Matt Brown
b8f5d16e9f Consolidate similar functionality 2020-11-07 00:58:20 -05:00
Matt Brown
6b06ecec39 Fix #4491 - support assertions in new calls 2020-11-06 11:55:19 -05:00
Matt Brown
3e9c5d3600 Add support for @return never 2020-11-04 12:30:02 -05:00
Matt Brown
b5a3f45d52 Remove use of PHP 7.2 function 2020-11-04 11:02:34 -05:00
Matt Brown
91d9dc3759 Fix overeager inference 2020-11-03 16:44:24 -05:00
Matt Brown
b35db3e523 Reorganise things a little 2020-11-03 16:15:54 -05:00
Matt Brown
09228131d8 Use falsy value 2020-11-01 22:57:30 -05:00
Matt Brown
966b139504 Fix dupe semicolons 2020-11-01 11:42:09 -05:00
Matt Brown
024d93b7fd Fix #4467 - variables are only the same if they were set in the same location 2020-11-01 11:26:42 -05:00
Joe Hoyle
4bb675ea72
Pass CodeLocation to FunctionParamsProviderInterface interface (#4444) 
Currently the `getFunctionParams()` method of the `FunctionParamsProviderInterface` is never passed the CodeLocation of the analyzed function call. As this is in-scope in the only call site, we can pass the CodeLocation. This means the `getFunctionParams()` is able to issue it's own Issues (which required the code location to attached the Issue to)
 2020-10-29 19:53:21 -04:00
Matt Brown
4aef96bbac Use lists everywhere for args 2020-10-28 12:45:26 -04:00
Matt Brown
462f8ba32b Fix #4397 - allow offsetGet on inside isset 2020-10-25 22:16:43 -04:00
Matt Brown
18f3a3721f Fix #4414 - allow multiple @psalm-assert-if-true on same var 2020-10-25 10:49:39 -04:00
Matt Brown
fe294a4dc0 Don’t overwrite true flag 2020-10-18 01:24:36 -04:00
Matt Brown
3c29ffd0b7 Ignore just-coerced vars 2020-10-17 23:35:24 -04:00
orklah
ceaaa39ec3
improve phpdoc (#4352) 2020-10-17 12:36:44 -04:00
orklah
ffe7874906
Misc improvements (#4314) 
* extract the operation out of the loop when possible

* remove unnecessary interfaces when already inherited in parent

* simplify expressions

* avoid using alias functions

* redundant phpdoc

* unused imports
 2020-10-15 13:23:35 -04:00
Matt Brown
da257a0fa5 Break apart InstancePropertyFetchAnalyzer and others 2020-10-15 09:21:44 -04:00
Matt Brown
b2382cdf18 Use correct count 2020-10-14 18:56:49 -04:00
Matt Brown
4488d5fb1f Use more accurate arguments count 2020-10-14 18:51:15 -04:00
Matt Brown
724b25b918 Change control_flow_graph to data_flow_graph 2020-10-13 17:28:12 -04:00
Matt Brown
516141a380 Rename ControlFlowGraph to more appropriate DataFlowGraph 2020-10-13 16:49:03 -04:00
orklah
10f2966dcb
return types (#4311) 
* return types

* remove willReturn for void methods
 2020-10-12 15:02:52 -04:00
Matt Brown
fcfa746ba8 Fix #4310 - prevent literal class check on union 2020-10-12 14:45:11 -04:00
Matt Brown
d16c0de872 Add slash 2020-10-12 14:32:44 -04:00
Matt Brown
464795d86c Fix #4309 - improve reuse of callmap callable inference 2020-10-12 13:46:43 -04:00
Matt Brown
7195275993 Fix #4299 - only allow unpacking for the zeroeth-indexed element 2020-10-08 09:51:27 -04:00
Matt Brown
c2108e89db Warn about impossible/redundant conditions in RHS of || 2020-10-07 17:04:01 -04:00
Matt Brown
377dc8da8f 4.x - change/remove some default config values 2020-10-05 10:08:41 -04:00
Matt Brown
ea47548dd0 4.x - Prevent AfterFunctionCallAnalysisInterface from rewriting return types 2020-10-04 23:39:20 -04:00
Matt Brown
939297484c 4.x - rename TFn to TClosure 2020-10-04 23:32:01 -04:00
Matt Brown
6a91c2f70e Fix @no-named-arguments more 2020-10-02 21:09:37 -04:00
Matt Brown
009b33b17d Support @no-named-args when calling in PHP 8 2020-10-02 20:58:51 -04:00
Matt Brown
5a94043a7f Unbreak gettype support 2020-10-02 20:33:35 -04:00
Matt Brown
63a11bae15 4.x - Support named arguments 
Ref #4089
 2020-10-02 20:27:01 -04:00
Matt Brown
5bcd1bbb75 4.x - add support for get_debug_type function 
Ref #4089
 2020-10-02 19:15:47 -04:00
Matt Brown
74934ffdbb 4.x - rename GetClassT to TDependentGetClass 2020-10-02 18:47:23 -04:00
Matt Brown
c9e47450a7 Fix #4266 - prevent OOM when analysing closure unioned with invokable class 2020-10-02 00:47:42 -04:00
Matt Brown
fc001cdf65 Treat func_get_args as using function params 2020-09-30 13:08:01 -04:00
Matt Brown
14efde286f 4.x - refactor unused variable detection 
This turns unused variable detection into an explicit control-flow problem, where before we had a more simplistic mark-and-sweep algorithm
 2020-09-30 12:28:13 -04:00
Brown
19f88a2e31 Add improvements from unused variable checks 2020-09-28 00:45:02 -04:00
Brown
da65a4327f Move taint graph functionality into its own object 2020-09-25 00:37:40 -04:00
orklah
83ca918824
preg_split can't take null in limit (#4236) 
* preg_split can't take null in limit

* fix wrong type in preg_split
 2020-09-22 13:46:37 -04:00
Brown
56cddd16bf Rename TaintGraph to ControlFlowGraph because it’s about to do more 2020-09-20 23:59:52 -04:00
Brown
0f6a271858 Improve file-based suppression of taints 2020-09-20 19:37:25 -04:00
Brown
5c23a3d7b3 Localise taint analysis better 2020-09-20 19:26:49 -04:00
Brown
2968b3b065 Add to StatementsAnalyzer taint object instead of Context 2020-09-20 18:42:21 -04:00
Brown
abb9502921 Rename Taint object to TaintGraph 2020-09-20 18:27:02 -04:00
orklah
191495328a
Fix errors in return types (#4189) 
* FunctionLikeAnalyzer::verifyReturnType returns void

* ArrayFunctionArgumentsAnalyzer::checkArgumentsMatch returns void

* AssertionFinder::scrapeAssertions can't return null
 2020-09-16 17:35:55 -04:00
Brown
dda013dc2e Only refine for matching closure union members 
Ref #4136
 2020-09-15 09:40:27 -04:00
Brown
77e84b3817 Fix a few more things 2020-09-13 23:28:31 -04:00
Brown
249903e18a Fix style issues 2020-09-13 21:45:07 -04:00
Brown
56bae3b587 Add check for strpos dictionaries 
Ref #4070
 2020-09-13 21:42:44 -04:00
orklah
da47588f91
replace return; by return null; in every non-void method, add return null; when mising, add return types, remove redundant phpdoc (#4176) 2020-09-13 16:39:06 -04:00
orklah
ead107fa9e
More return types (#4173) 
* add native return types

* redundant phpdoc
 2020-09-12 11:24:05 -04:00
Brown
6ffe471525 Make new InvalidLiteralArgument issue for strpos refs 
Ref #4070
 2020-09-10 22:54:32 -04:00
Brown
eda426a594 Improve unique issue solution 2020-09-10 22:54:30 -04:00
Brown
aaede393d4 Fix #4070 - prevent literal strpos argument 2020-09-10 18:28:34 -04:00
Brown
fe4af8ff1a Minor fixes 2020-09-07 17:22:43 -04:00
Brown
8737abf3b8 Fix real projects bug 2020-09-07 15:14:14 -04:00
Brown
88e0811cdd Fix #4136 - allow union type properly 2020-09-07 14:08:56 -04:00
Brown
d174fc6f3f Improve fix 2020-09-07 13:19:37 -04:00
Brown
afce416bfb Fix #4136 - allow inference of callabe type param in union of callables 2020-09-07 12:56:47 -04:00