danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-16 19:36:59 +01:00
Code Issues Projects Releases Wiki Activity
7,419 Commits 43 Branches 314 Tags 108 MiB
7195275993
Commit Graph

520 Commits

Author SHA1 Message Date
Brown
cff976049d Remove unused vars 2020-06-29 13:24:05 -04:00
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
b54b832838 Break out method call tainting 2020-06-29 00:14:49 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
a6c7a48387 Add support for argument unpacking 
Ref #3670
 2020-06-24 18:43:15 -04:00
Brown
7a7cd91c24 Fix #3631 - better treatment for assignments in complex conditionals 2020-06-24 13:16:52 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Brown
c29b3744ec Change storage of out types 2020-06-24 11:51:31 -04:00
Brown
13fc8a75fd Allow taints to flow where no return type exists 
Fixes #3652
 2020-06-23 15:52:19 -04:00
Brown
1f86afece7 Revert "Fix #3631 - apply assertions to RHS of equality in conditional" 
This reverts commit 9c17795545.
 2020-06-22 20:01:27 -04:00
Brown
fc8212e207 Fix static call specialisation via annotation 2020-06-22 18:40:43 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
9c17795545 Fix #3631 - apply assertions to RHS of equality in conditional 2020-06-22 15:16:16 -04:00
Brown
36f1630e03 Add more steps for clearer output 2020-06-22 01:08:58 -04:00
Brown
02e8313c39 Allow taintedness to propagate to some stubbed methods 2020-06-21 18:07:39 -04:00
Brown
07adecc6eb Use correct method id when creating taints 2020-06-21 02:06:08 -04:00
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00
Brown
8edee96d8d Fix taint regression 2020-06-20 18:10:01 -04:00
Brown
80ed1daf33 Allow static method mixin to invoke instance method 2020-06-20 18:05:35 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash (#3612) 2020-06-19 18:02:39 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods (#3615) 2020-06-19 11:51:08 -04:00
Brown
b1c836e5f3 Improve specialisation after call 2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
eecdc43ce7 Remove stray commas 2020-06-18 20:15:38 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
f609a01497 Move static property fetch analyzer to own class 2020-06-18 11:53:24 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
 2020-06-15 22:36:42 -04:00
Brown
03e9649d49 Fix tainting of function calls absent taintable params 2020-06-15 20:59:48 -04:00
Brown
8c5a434dc8 Allow updating array by reference 2020-06-15 14:45:08 -04:00
Matthew Brown
081a284759 Fix #3567 - remember which variables a callable sets byref in use 2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650 Fix #3551 - count method can be impure 2020-06-14 11:06:53 -04:00
Brown
9bfe50b20a Always analyse cast expressions 
Fixes #3577
 2020-06-12 17:25:46 -04:00
Brown
5617e9d7c9 Fix array_values call 2020-06-09 19:06:08 -04:00
Brown
286a8f911a Add support for static mixin calls 
Fixes #3552
 2020-06-09 18:39:52 -04:00
Matthew Brown
91e76f7173 Fix #3536 - Make method return type provider aware of original called method 2020-06-06 23:35:08 -04:00
Matthew Brown
0ac739fd48 Fix #3534 - allow magic method call on mixin 2020-06-06 23:28:32 -04:00
Matthew Brown
74a34f066c Don’t check classes if literal strings are allowed 
Fixes #3538
 2020-06-06 19:31:42 -04:00
Brown
cf92361338 Fix #3522 - only use property pass-through when it’s visible 2020-06-04 16:15:07 -04:00
Brown
a4aa44494f Fix #3519 - prevent empty callable string 2020-06-04 15:40:53 -04:00
El Azimov
bed5a74065
Add wildcard support for class constants in template. (#3489) 
Co-authored-by: El Azimov <el.azimov@rocks>
 2020-05-30 16:55:18 -04:00
feek
5330dcbd7a
fix: pass along final (#3471) 2020-05-28 01:59:24 -04:00
Brown
3c60609c21 Support better mixin handling 2020-05-27 11:12:09 -04:00
Brown
769ac5c052 Fix #3458 - scope templated mixin accurately 2020-05-26 23:32:07 -04:00
Brown
d04e21ee5a Define mixin declaring classname 2020-05-26 23:32:07 -04:00
Brown
3da3d61270 Fix #3434 by removing extraneous call to simplifyType 2020-05-26 17:55:54 -04:00
Brown
ecb179c784 Migrate min/max function calls back to CallMap 2020-05-26 12:28:56 -04:00
Brown
953be61cf2 Allow limiting connected taint paths 2020-05-25 23:28:11 -04:00
Brown
7e7456c863 Make taint checks more thorough 2020-05-25 17:10:53 -04:00
Brown
2e6fc24867 Template callmap methods too 
Fixes #3453
 2020-05-25 14:21:06 -04:00
Brown
118b700436 Simplify sink mapping for internal calls 2020-05-25 13:10:06 -04:00
Brown
be847472a2 Fix #3453 - allow conditional return types on instance methods 2020-05-25 09:39:30 -04:00
Brown
92a9a7efdf Handle flows into arguments a little better 2020-05-23 23:54:16 -04:00
Brown
fb3cb2c4d1 Only use plain return type if we’re not memoizing 2020-05-22 17:05:39 -04:00
Brown
4b1c3db760 Don’t memoize method call where we have a getter standin 
Fixes #3427
 2020-05-22 15:54:32 -04:00
Brown
8632cdb3cd Improve taint tracking during scanning phase 2020-05-22 12:33:48 -04:00
Brown
63c3678ae5 Improve property location resolution 2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680 Add faster taint analysis 2020-05-22 12:33:29 -04:00
Brown
a3214012a6 Only convert userland functions 2020-05-19 16:15:41 -04:00
Brown
4415e0f69c Fix special case calling callable param with string non-global function 
Fixes #3411
 2020-05-19 15:48:31 -04:00
Brown
0b2da18f1e Break up StatementsAnalyzer 2020-05-19 12:56:30 -04:00
Brown
8e5b330c5a Break apart CallAnalyzer 2020-05-18 22:57:00 -04:00
Brown
5b06c206e0 Move classes into deeper namespace 2020-05-18 22:52:33 -04:00
Brown
5ee1487a01 Make ExpressionAnalyzer more beautiful 2020-05-18 15:13:27 -04:00
Brown
111303d913 Add non-empty-lowercase-string type 2020-05-15 10:18:05 -04:00
Brown
2af0a17d03 Fix #3236 - allow use-checking of more methods starting with __ 2020-05-12 22:39:26 -04:00
Brown
0d5d7c8938 Add null check 2020-05-11 11:56:07 -04:00
Brown
291018034b Remove unnecessary PHP code 2020-05-11 11:36:50 -04:00
Brown
8f2f2617d4 Improve refactor 2020-05-10 22:45:01 -04:00
Brown
5f4d162dd5 Break out type expander into separate class 2020-05-10 22:39:18 -04:00
Brown
2d5c2a9dd1 Fix #3324 - prevent crash asserting on possibly-undefined variable 2020-05-08 14:21:10 -04:00
Brown
a089d8bd58 Fix #3296 - propagate final flag to static calls in return types 2020-05-03 20:42:06 -04:00
Brown
618a54ff41 Fix #3240 - check arguments when class cannot be found 2020-05-02 22:13:59 -04:00
Brown
29741cd76d Remove earlier now-unnecessary fix 2020-05-02 19:24:48 -04:00
Matthew Brown
da5e8a4324 Increase type coverage for projects that use assert after mixed 2020-05-02 14:55:30 -04:00
Brown
07e5250292 Fix #3273 - add support for func_num_args() in conditional type 2020-05-01 16:02:53 -04:00
Brown
5e76467378 Fix #3279 - make sure self/parent references in mixin use existing class 2020-05-01 11:23:02 -04:00
Brown
a402d4598b Define with single argument should not trigger a notice 
Fixes #3254
 2020-04-28 14:43:12 -04:00
Brown
95dbb93732 Fix #3237 - allow mixin to reference generic params 2020-04-27 09:10:24 -04:00
Brown
f91e94b64e Make sure to remember correct positions of @var references 2020-04-27 00:05:20 -04:00
Brown
d88c31f461 Support templated @mixin 2020-04-26 16:49:52 -04:00
Brown
52c0346b65 Fix #3213 - make sure static is bound from a static call with set class 2020-04-22 11:34:46 -04:00
Brown
edb07952fc Static call inside throw does not violate purity 2020-04-18 12:43:51 -04:00
Brown
5988149272 Prevent checking assertions on $this-> types, always accessible 2020-04-12 14:13:42 -04:00
Brown
c733d6d373 Only perform assertions where the property type is known 
cc @m0003r
 2020-04-12 12:56:33 -04:00
m0003r
77270dc9b7
Getters automagic (#3122) 
* When method is a plain getter: (1) correct method return type if property type is known (2) auto assert-if-true that corresponding property is not falsy

* do not use getter automagic if getter is overridden somewhere
 2020-04-12 08:40:24 -04:00
m0003r
4d1be3f0c4
Allow plain assertions (@psalm-assert) about $this (fixes #3105) (#3108) 
* Allow plain assertions (@psalm-assert) about $this (fixes #3105)

* Fix multiple assertion combining

* Fix multiple assertion combining for $this again

* Add test for multiple assertion combining for $this again
 2020-04-09 08:15:07 -04:00
Brown
067104e170 Fix #3084 - keep track of upper and lower bounds of inferred template types 2020-04-07 00:13:56 -04:00
Matthew Brown
194f02507d Allow conditional types to reference class constants 2020-03-29 13:37:37 -04:00
Matthew Brown
5ad55ae693 Fix type inference on simple conditional function calls 2020-03-29 10:42:57 -04:00
Matthew Brown
e85d22f004 Fix #3033 - allow __invoke on unions with non-objects 2020-03-28 23:41:05 -04:00
Matthew Brown
47c1470e3b Refactor reference checks to use more appropriate properties 2020-03-28 16:30:56 -04:00
Brown
cc548a45fa Improve detection of unused classes 2020-03-28 14:45:58 -04:00
Brown
5cb1538448 Don’t add unnecessary taints 2020-03-27 19:09:15 -04:00
Brown
971ae50bea Do prep work for #3024 - improve handling of absent class references 2020-03-26 12:35:27 -04:00
Matthew Brown
f94ab22a5f Be better about strict inference 2020-03-25 09:18:49 -04:00
Brown
a9b6c51748 Improve new $class to make it more static-y 2020-03-24 18:30:08 -04:00
Brown
ec34a16291 Warn about invalid static returns 2020-03-24 18:00:20 -04:00
Brown
a7245b4459 Fix bugs 2020-03-23 13:29:00 -04:00
Matthew Brown
27a0651b6c Fix #3009 - make sure return type is set when returning early 2020-03-23 13:25:55 -04:00
Matthew Brown
ce9eef9ed7 Improve returning 2020-03-23 13:25:55 -04:00
Matthew Brown
eeed5ecccc Only prevent AbstractMethodCall on direct calls 
Fixes #3007
 2020-03-23 07:40:30 -04:00
Matthew Brown
951b943c38 Fix #2981 - check that class exists before making it a phantom 2020-03-17 15:04:50 -04:00
Matthew Brown
a4add37293 Check for variadic functions 2020-03-16 11:46:44 -04:00
Matthew Brown
3ebb5a1142 Fix #1843 - ignore intersection TooManyArguments issues 2020-03-15 14:01:33 -04:00
Matthew Brown
0022de1f13 Fix #946 - allow too many arguments when one of union agrees 2020-03-15 13:44:00 -04:00
Matthew Brown
0aca01faea Improve fix to #2805 2020-03-14 01:09:12 -04:00
Matthew Brown
5210f9b69b Fix #2966 - register constructor use for new $templated_class 2020-03-12 11:42:01 -04:00
Matthew Brown
c6a5781e78 Break apart FunctionCallAnalyzer::analyze method 2020-03-12 11:05:50 -04:00
Matthew Brown
96fbcd5a64 Break out more methods 2020-03-11 23:38:49 -04:00
Matthew Brown
329c9afdf5 Actually remove method 2020-03-11 23:20:19 -04:00
Matthew Brown
973703e396 Break out template param collection 2020-03-11 23:15:15 -04:00
Matthew Brown
9732697e45 Break out method call purity checks 2020-03-11 23:09:09 -04:00
Matthew Brown
bfb919d26a Break out methods into their own classes 2020-03-11 23:04:52 -04:00
Matthew Brown
8f28f41399 Improve magic checks 2020-03-11 18:42:41 -04:00
Matthew Brown
950260a041 No erroneous UndefinedMethod when accessing sealed class 2020-03-11 18:27:07 -04:00
Matthew Brown
43d9361395 Break out more methods 2020-03-11 13:35:33 -04:00
Matthew Brown
89f6866893 Fix magic property test 2020-03-11 12:45:30 -04:00
Matthew Brown
50cddb5350 Break out purity checks 2020-03-11 12:24:25 -04:00
Matthew Brown
ef64e6e8eb Improve abstract call handling 2020-03-11 10:36:39 -04:00
Matthew Brown
27598f508e Fix too-long line 2020-03-11 10:18:53 -04:00
Matthew Brown
0d62fbdf98 Detect erroneous abstract static method calls 2020-03-11 10:18:40 -04:00
Matthew Brown
d2950af636 Break apart MethodCallAnalyzer a bit 2020-03-11 09:38:09 -04:00
Brown
2a72990d62 Add back support for unused method checks 2020-03-09 18:55:35 -04:00
Brown
40a7a1156f Fix #2930 2020-03-09 09:45:35 -04:00
Matthew Brown
b999037263 Fix #2928 - properly expand out skipped template inheritance 2020-03-06 19:24:47 -05:00
Matthew Brown
766effb0db Improve accuracy of diff generation 2020-03-06 13:48:59 -05:00
Matthew Brown
10b807b4f6 Fix reference generation from methods in --diff mode 2020-03-06 13:02:34 -05:00
Matthew Brown
a2a507166d Fix #2923 - remove hack to fix a template issue 2020-03-06 09:42:23 -05:00
Matthew Brown
88c4088bc2 Prevent self/static refs outside classes 
Fixes #2895
 2020-03-01 17:25:55 -05:00
Matthew Brown
39d6800531 Remove default 2020-02-27 21:54:19 -05:00
Matthew Brown
c565afde64 Fix method call after method_exists check 2020-02-27 21:46:58 -05:00
Matthew Brown
1f19aed31b Fix support for replacing mocked types in own classes 2020-02-27 21:36:03 -05:00
Matthew Brown
eeb2858b30 Add additional fix for #2784 2020-02-27 08:56:39 -05:00
Brown
ea0a670230 Flesh out class constants in function call return type 
Fixes #2884
 2020-02-26 17:28:44 -05:00
Matthew Brown
1abece4f7c Use more accurate types 2020-02-23 17:03:27 -05:00
Matthew Brown
1c218c020e Fix #1684 - detect error in assertion on return type of direct call 2020-02-22 10:41:57 -05:00
Matthew Brown
4707b21227 Fix tests 2020-02-21 22:15:25 -05:00
Matthew Brown
aea33824e6 Fix #1555 - allow phantom class constants 2020-02-18 19:46:05 -05:00
Matthew Brown
653353709a Use MethodIdentifier object instead of string 2020-02-14 20:54:26 -05:00
Matthew Brown
422bd25f04
Maybe fix indentation 2020-02-13 19:33:47 -05:00
Matthew Brown
95e1bc0c48
Fix line breaks 2020-02-13 18:32:40 -05:00
Brown
1c42875179 Support lowercase-string and warn about unnecessary calls to strtolower 2020-02-13 16:38:58 -05:00
Philip Hofstetter
395cf587d3 add plugin hook to be called after every function call 
compared to AfterFunctionCallAnalysisInterface which gets only called
after a call to a function declared within the project, a plugin
implementing AfterEveryFunctionCallAnalysisInterface will get called for
every function call, including calls of PHP builtins.

On the other hand, this interface doesn't allow modification of the code
nor tweaking the return type, but it's still useful for accounting
purposes and for depreacting calls to PHP builtins

this fixes #2804
 2020-02-13 09:10:24 -05:00
Brown
f141f7c526 Improve --diff checks by including trait-using classes in dependents 2020-02-11 16:39:33 -05:00
Brown
89a0b101e4 Fix #2784 - no crash when get_class arg is mixed 2020-02-10 14:44:33 -05:00
Matthew Brown
3559fdd6b3 Fix #2742 - prevent paradoxes in assert calls 2020-02-09 11:42:41 -05:00
Matthew Brown
4de6f5c4ec Fix #2442 - using asserting after a MixedAssignment removes that error 2020-02-08 23:01:45 -05:00
Brown
d5f71bf529 Localise template checks to class being tested 2020-02-06 16:38:45 -05:00
Brown
54efbbe831 Fix bad assertion 2020-02-06 16:32:26 -05:00