psalm

mirror of https://github.com/danog/psalm.git synced 2024-11-27 04:45:20 +01:00

Author	SHA1	Message	Date
rarila	97e6511fab	Set number of lines before and after namespace.	2021-12-15 04:58:32 +01:00
ralila	2a956498bf	Import instead of using fqn functions	2021-12-03 21:07:25 +01:00
ralila	711be643c6	Import instead of using fqn exceptions	2021-12-03 20:29:06 +01:00
orklah	3bc06a8eab	Taint can't transmit through numerics nor bool	2021-11-25 22:40:01 +01:00
orklah	39dc7608ef	ignore comments after taint-sink	2021-11-07 10:29:08 +01:00
orklah	3322801903	ignore comments after taint-sink	2021-11-07 10:17:25 +01:00
orklah	cd74f665dc	Merge pull request #6813 from orklah/intTaint don't register taints for numeric variables	2021-11-04 15:30:52 +01:00
orklah	e6dccaa07c	Merge pull request #6809 from orklah/binaryOpTaint don't taint the result of most binary operations	2021-11-04 13:18:07 +01:00
orklah	bf993452a8	Merge pull request #6810 from orklah/castArrayTaints Array cast pass taints	2021-11-04 13:17:20 +01:00
orklah	9fb74a4f28	exclude Plus on arrays too	2021-11-04 00:30:09 +01:00
orklah	3b01713257	don't taint the result of most binary operations	2021-11-04 00:30:09 +01:00
orklah	24137bdbad	Array cast pass taints	2021-11-04 00:29:36 +01:00
orklah	eca530d792	don't register taints for numeric variables	2021-11-04 00:29:07 +01:00
orklah	fbe305e5bb	detect taint in backticks	2021-11-04 00:28:40 +01:00
orklah	9d9dba156c	Merge pull request #6538 from orklah/taint-windows enable test on taint	2021-09-27 20:37:27 +02:00
orklah	caf4d57438	enable test on taint	2021-09-27 20:16:50 +02:00
Mark McEver	79340b4a6f	Prevent unnecessary filter_var() warnings	2021-09-27 18:46:01 +01:00
Mark McEver	76dade477d	Prevent unnecessary filter_var() warning	2021-09-27 18:34:58 +01:00
Matt Brown	667dcc2e49	No false-positives for tainting through array keys	2021-06-29 17:05:39 -04:00
Oliver Hader	38d3b15f8d	[BUGFIX] Specialize TaintSink in IncludeAnalyzer (#5986 ) * [TEST] Assert more details in TaintTest * [TEST] Add test for multiple tainted includes * [BUGFIX] Specialize TaintSink in IncludeAnalyzer Fixes: #5986	2021-06-23 08:27:03 -04:00
Matt Brown	47bf5ed567	Fix #5918 - add new issue to detect unquoted strings	2021-06-10 17:43:04 -04:00
Bruce Weirdan	6abce3525a	Enforce `use` sort (#5900 )	2021-06-07 22:55:21 -04:00
Oliver Hader	b259296457	[BUGFIX] Continue processing psalm-flow graph after first taint sink (#5832 ) Related: #5830	2021-05-26 16:04:22 -04:00
Oliver Hader	4898cd262e	[TASK] Enrich taint details for outputting core stubs (#5827 ) Affects `printf`, `print_r`, `var_dump`, `var_export`	2021-05-24 16:42:18 -04:00
Matt Brown	f41deeab0a	Taint through reset call	2021-03-28 13:14:35 -04:00
Matt Brown	10ccbdd8be	Add tainting for array keys Fixes #5470	2021-03-24 15:32:56 -04:00
Matt Brown	0f2a07a9a3	Fix #5137 – support @psalm-flow in methods	2021-01-31 22:40:48 -05:00
Adrien LUCAS	d1398f2b12	Avoid false positives for taint specialized calls even when not using a variable (#4948 )	2021-01-07 16:39:51 -05:00
Adrien LUCAS	0f5886746f	Taint specialized calls even when not using a variable (#4940 )	2021-01-06 14:14:52 -05:00
Matt Brown	9c0e9a3d7e	Taint all when conditional return is used Ref #4792	2020-12-06 11:24:48 -05:00
Matt Brown	3f155792a7	Allow nested specialisation	2020-12-04 15:44:29 -05:00
Matt Brown	fd67d41120	Fix #4769 – don’t use unique ids for new generated nodes	2020-12-04 15:44:29 -05:00
Matt Brown	9a03a9a5d0	Move param taint sink addition after arguuments have been analysed	2020-11-22 19:39:40 -05:00
Matt Brown	b782dd4225	Make sure conditional escaping works for static methods too	2020-11-22 13:39:32 -05:00
Matt Brown	af008953a8	Fix #4661 - support conditional escaping for functions	2020-11-22 13:24:33 -05:00
Lukas Reschke	ffb0c4ae17	Implement variadic taint propagation (#4649 ) * Implement variadic taint propagation * Lint code	2020-11-21 17:41:40 -05:00
Lukas Reschke	3943b55f8a	Add psalm-flow for string functions from sscanf to wordwrap (#4591 ) * Add string functions from sscanf to wordwrap This should conclude all string functions from https://www.php.net/manual/en/book.strings.php Continuation of https://github.com/vimeo/psalm/pull/4576 Ref https://github.com/vimeo/psalm/issues/3636 * Add StrTrReturnTypeProvider * Fix psalm error * phpcs * Line length * Ignore false return on vsprintf Co-authored-by: Matthew Brown <github@muglug.com>	2020-11-21 17:35:07 -05:00
Matt Brown	78d644d1a1	Change TaintedText to TaintedCallable	2020-11-19 19:01:19 -05:00
Lukas Reschke	78f4a0691c	Add dedicated types for 'file', 'header' and 'cookie' (#4630 ) * [WIP] Add dedicated sinks for 'file', 'header' and 'cookie' * Add documentation * Add mapping for taint flows * Add tests * Fix test	2020-11-19 17:47:29 -05:00
Matt Brown	7c02fa76d1	Fix #4620 - reconciled literal strings cannot carry taints	2020-11-19 09:06:25 -05:00
Matt Brown	95de6cf177	Allow immutable classes to be specialised through calls	2020-11-19 01:38:20 -05:00
Matt Brown	be275ae972	Fix #4605 - taint parent-declared property	2020-11-18 13:34:47 -05:00
Lukas Reschke	ddbfbb28e6	Split LDAP into custom category (#4604 ) - Adds ldap_escape as sanitizer - Defines the right parameters to ldap_search as sink - Wrote documentation - Added tests	2020-11-18 11:39:36 -05:00
Matt Brown	3f7f959726	Fix #4599 - propagate taints to parent callers where necessary	2020-11-18 09:59:54 -05:00
Lukas Reschke	5ba4681c17	Add SSRF sinks (#4592 )	2020-11-18 00:52:48 -05:00
Matt Brown	28dee4146a	Fix tests	2020-11-17 17:53:46 -05:00
Matt Brown	2aa98bc5d0	Simplify tainted output a bit, removing duplicate paths	2020-11-17 17:17:18 -05:00
Matt Brown	adeaa33a64	Don’t propagate taints to child constructor args	2020-11-17 16:49:29 -05:00
Matt Brown	43af3b1a57	Break out TaintedInput issues into a lot of separate ones	2020-11-17 12:44:31 -05:00
Lukas Reschke	09abcfb650	Add sinks for popen and proc_open (#4572 ) User input in those two functions could lead to a RCE. popen: https://www.php.net/manual/en/function.popen.php proc_open: https://www.php.net/manual/en/function.proc-open.php	2020-11-16 15:04:22 -05:00

1 2 3

127 Commits