1
0
mirror of https://github.com/danog/psalm.git synced 2025-01-10 06:58:41 +01:00
Commit Graph

910 Commits

Author SHA1 Message Date
orklah
f8628ef68c fix errors 2021-10-02 10:01:05 +02:00
Bruce Weirdan
2e7e343ef8
Merge pull request #6423 from orklah/count-equal-0-negated-assertion 2021-10-02 00:53:03 +03:00
Bruce Weirdan
d232cc0d02
Merge pull request #6553 from orklah/exec-leak 2021-09-30 21:32:55 +03:00
orklah
02ef33c4ac
Merge pull request #6554 from simPod/use-a
Use correct English articles
2021-09-30 09:37:56 +02:00
Simon Podlipsky
4f5e30fd30
Use correct English articles 2021-09-30 09:19:08 +02:00
orklah
3133cd159a fix NPE 2021-09-29 22:30:38 +02:00
orklah
2a2e7c5e32 prevent object leaking that lead to changes in callmap 2021-09-29 22:27:34 +02:00
orklah
ab6efe49b2 fix CS 2021-09-26 23:41:26 +02:00
orklah
38dac34846 unnecessary null initialization 2021-09-26 23:34:32 +02:00
orklah
9170b0af8f replace list() 2021-09-26 23:34:32 +02:00
orklah
2315316b17 return types 2021-09-26 23:34:32 +02:00
orklah
72eab30a3a coalesce operator 2021-09-26 23:34:31 +02:00
orklah
c11b32d414 redundant variable check 2021-09-26 22:37:17 +02:00
orklah
ae1afd90c6 coalesce operator 2021-09-26 22:37:17 +02:00
orklah
a5aa824258 unnecessary local variable 2021-09-26 22:37:17 +02:00
orklah
afbda6d0f6
Merge pull request #6535 from orklah/SA
Improvements
2021-09-25 20:16:38 +02:00
orklah
a9b1248e9f unnecessary phpdoc is necessary 2021-09-25 17:13:58 +02:00
orklah
671a175deb unnecessary phpdoc 2021-09-25 17:08:51 +02:00
orklah
f0b0540563 unparsable types 2021-09-25 17:08:38 +02:00
orklah
3e6bf6f35f remove unused nullable on param types 2021-09-25 16:05:47 +02:00
orklah
a92fee8ae3 better combining 2021-09-25 11:21:06 +02:00
orklah
97e91e6bf0 code trimming 2021-09-25 02:34:21 +02:00
orklah
cc6ab8340b improve type when min = max and add test 2021-09-23 21:24:16 +02:00
orklah
a7fa63547e add tests, improve count behaviour on keyed arrays using integer range 2021-09-23 21:24:16 +02:00
741c9ee471
Fixes 2021-09-22 10:26:21 +02:00
f8a959c079
Fix silly bug 2021-09-21 14:11:33 +02:00
7e0b489efe
Merge remote-tracking branch 'origin/master' into if-this-is 2021-09-21 12:12:15 +02:00
Bruce Weirdan
cbcc38aab8
Merge pull request #6339 from niconoe-/allow-object-on-array_walk 2021-08-31 23:45:10 +03:00
Bruce Weirdan
103b2b7244
Warn about array_walk_recursive over objects 2021-08-31 23:18:20 +03:00
Bruce Weirdan
b370ce92aa
Report RawObjectIteration when array_walk is used on objects 2021-08-20 01:43:49 +03:00
Bruce Weirdan
9222b24ea1
Merge pull request #6321 from orklah/analyze-dynamic-classConstFetch 2021-08-20 01:06:56 +03:00
orklah
dbf3512b70 introduce $definite_class flag and use it to avoid using final keyword for simple inference 2021-08-19 23:19:59 +02:00
Barney Laurance
88276d7f1e Fix error message for call to internal method from root namespace 2021-08-17 18:54:57 +01:00
Bruce Weirdan
4cb9d8ceec
Merge pull request #6205 from orklah/typos
fix typos
2021-07-29 22:31:03 +03:00
orklah
d0fe1528b6 fix typos 2021-07-29 20:59:52 +02:00
Bruce Weirdan
7aa5564047
Merge pull request #6192 from orklah/array_replace_not_nullable
make array_replace and array_replace_recursive not nullable
2021-07-28 00:20:46 +03:00
orklah
d9df3211c5 make array_replace and array_replace_recursive not nullable 2021-07-27 23:02:41 +02:00
orklah
2259113727 fix wrong wording 2021-07-26 21:09:12 +02:00
orklah
52033f4b69 fix condition when scalar is allowed 2021-07-13 00:34:22 +02:00
orklah
1fc8982ca9 fix condition when bool is allowed 2021-07-13 00:19:13 +02:00
orklah
688367de38 Always emit InvalidArgument when the parameter is always false and not accepted 2021-07-13 00:06:36 +02:00
Bruce Weirdan
e93b37a225
Merge pull request #6060 from VincentLanglet/statement 2021-07-11 22:12:10 +03:00
Matthew Brown
acc7ee261c
Fix #6066 - introduce more robust system for capturing template constraints (#6072)
* Fix #6066 - add better system for capturing template constraints

* Fix comment
2021-07-11 12:03:21 -04:00
Vincent Langlet
3339ce1379 Use stmt instead of args 2021-07-11 11:22:13 +02:00
Matthew Brown
d883d73991 Fix template bound terminology
I had this flipped by mistake
2021-07-10 14:08:09 -04:00
Vincent Langlet
49ed7b045f Pass statement to MethodReturnTypeProviderEvent 2021-07-08 00:02:36 +02:00
Matt Brown
19cc4cb4ee Simplify lots of usage checks 2021-06-25 10:14:49 -04:00
Matt Brown
67d68a5dc0 Use more accurate variable name 2021-06-25 09:54:39 -04:00
Bruce Weirdan
6d4262edbd
Mark return values in as throw argument as used (#5989)
Fixes vimeo/psalm#5975
2021-06-25 09:11:27 -04:00
Matthew Brown
c2f7422e80
Prevent crash with non-UTF-8 string
Fixes #5945
2021-06-17 12:26:18 -04:00
Matt Brown
47bf5ed567 Fix #5918 - add new issue to detect unquoted strings 2021-06-10 17:43:04 -04:00
Matthew Brown
6d09418a23
Detect unused return values (#5917)
* Detect unused return values

* Allow static-returning instance methods (presumed to be fluent)

* Make $is_used the default for Codebase::methodExists
2021-06-10 14:18:15 -04:00
Bruce Weirdan
6abce3525a
Enforce use sort (#5900) 2021-06-07 22:55:21 -04:00
Matt Brown
f3fc112bae Fix #4523 - fix short-circuiting for properties and method calls 2021-06-01 16:06:12 -04:00
Bruce Weirdan
0c77ccc238
Check whether constructor is internal on new call (#5843)
Fixes vimeo/psalm#5841
2021-05-28 09:44:07 -04:00
Matt Brown
38c452ae58 Add example given in ticket and ensure that works too 2021-05-24 00:09:51 -04:00
Matt Brown
7354ec9903 Fix #5298 - improve handling of method that may write properties 2021-05-23 16:22:52 -04:00
Matt Brown
6a61298074 Fix #5810 - detect properties that are never read 2021-05-21 09:25:57 -04:00
Matt Brown
4f9067f5c8 Fix unused properties in Psalm’s own codebase 2021-05-21 09:15:23 -04:00
Matt Brown
4b17cc9a4b Fix #5809 - remove unnecessary issue suppression 2021-05-21 07:35:01 -04:00
Matt Brown
1195335078 Fix #5768 - call methods with proper params 2021-05-14 22:50:11 -04:00
Matt Brown
5f780e7ef7 Improve count inference 2021-05-14 20:12:28 -04:00
Matt Brown
c4aea7c82c Fix #5434 - prevent crash with class-string-map 2021-05-14 19:44:11 -04:00
Matthew Brown
cc7ff94f7c Prevent crash when method being called does not exist in reflection
Crash seen when running this test in PHP 7.4 because the method does not exist, but the call map includes it in 8.0
2021-05-13 12:40:39 -04:00
Matthew Brown
859b4a2caa Fix #5725 – don’t transform non-docblock types unnecessarily 2021-05-09 12:03:42 -04:00
Matthew Brown
832a190dd4
Support enums (#5699)
* Add initial enum preparation

* Support cases method

* Ignore bad use error

cc @weirdan

* Fix type
2021-05-03 17:54:09 -04:00
Bruce Weirdan
105c6f3a1c
Remove (and prevent) unused uses (#5704)
* Updates `slevomat/coding-standard`
* Removes unused uses
* Prevents unused uses
* Fixes a number of symbol case mismatches
2021-05-03 17:22:15 -04:00
Matt Brown
0f5b117534 Migrate ClassLikeName options to object 2021-04-30 15:01:33 -04:00
Matt Brown
2fa55d147a Allow parent class to call child protected method 2021-04-25 12:44:53 -04:00
Matt Brown
419114e1f0 Fix #5662 — prevent crash when reporting mixed issue on virtual arg 2021-04-23 15:34:35 -04:00
Matthew Brown
e505cd58b4
Add use 2021-04-12 23:52:50 -04:00
Matt Brown
b7f122425f Use proper variable 2021-04-10 21:48:50 -04:00
Matt Brown
012dafad79 Fix #5383 - prevent unsound use of new static for generics 2021-04-10 13:16:19 -04:00
AndrolGenhald
870c433dc2
Check oldest ancestor for protected method visibility (fixes #5595) (#5597) 2021-04-07 22:01:41 -04:00
Matt Brown
a469c82653 Fix #5587 - detect final class calls when routed through parent 2021-04-06 12:35:09 -04:00
Matt Brown
517b2030c9 Fix #5545 - throwing uses method 2021-04-04 21:17:12 -04:00
Matt Brown
150dd00060 Fix #5540 - function is used inside throw expression 2021-03-31 10:03:25 -04:00
Matt Brown
9a714b759e Fix #5496 - ensure params extended in properties are properly fleshed out 2021-03-28 23:10:38 -04:00
Matt Brown
93743d1465 Also add better message for MixedArgumentTypeCoercion 2021-03-28 11:32:38 -04:00
Saif Eddin Gmati
9f74676524
allow dismissing return value of pure functions with by-reference arguments (#5463) 2021-03-25 09:05:59 -04:00
Jean-Nicolas
30f64b79de
Checks the intersection type if the magic method does not exist (#5473) 2021-03-24 15:34:05 -04:00
Matt Brown
efa9b136d3 Fix linting issues 2021-03-23 19:42:56 -04:00
Saif Eddin Gmati
477ae33cd6
allow dismissing return value of no-return pure functions (#5461) 2021-03-23 19:34:12 -04:00
Matt Brown
a96645d2e3 Fix many uses of offsets 2021-03-23 01:30:51 -04:00
Matt Brown
bf578d1024 Fix potential crash when calling magic setter 2021-03-22 23:08:38 -04:00
AndrolGenhald
de5a031088
Improve @no-named-arguments support and variadics. (#5455)
* Improve @no-named-arguments support and variadics.

Handling of argument unpacking and variadics still needs a pretty big makeover, but this is a good start.

Fixes #5420
Improves #5453 (iterable works, array still causes issues)

* Remove unneeded imports.
2021-03-22 19:58:22 -04:00
Sergey Yakimov
fb94db9b1f
Add proper handling of unpacked arguments with string keys (#5446)
* Add proper handling of unpacked arguments with string keys

* Fix undefined array key error

* Fix missed named arguments handling

* Fix false-positive on variadic parameter

* Add tests
2021-03-22 09:08:05 -04:00
Matt Brown
b73223f9c1 Add use statements 2021-03-20 22:17:22 -04:00
Matt Brown
44c6d3035b Add more mixed origin information 2021-03-20 21:45:38 -04:00
Samuel Mortenson
4aabb411a8
Added event to prevent tainting. (#5398)
* Added event to prevent tainting.

* Remove optional codebase parameter.

* Removed falsy check for codebase.

* Use two separate hooks for adding and removing taints

* Add slashes

* Update add/remove taint test name.

* Cleaned up SafeArrayKeyChecker example plugin.

* Added more AddRemoveTaintsEvent calls to codebase.

* Fix type check error with $added_taints param.

* Added AddRemoveTaintsEvent to remaining classes.

* Fix post-merge error.

* Add comma

* Remove $int_offset that never existed

Co-authored-by: Matt Brown <github@muglug.com>
2021-03-19 22:41:41 -04:00
Matt Brown
42d3bceb4e Use more accurate return type 2021-03-18 15:19:29 -04:00
Matt Brown
b7a68edd0b Simplify complex methods 2021-03-18 15:09:03 -04:00
Matt Brown
d19088bb10 Add better origins for calls 2021-03-17 19:37:21 -04:00
Matt Brown
b549989ba7 Prevent overwriting storage type during analysis 2021-03-13 14:12:55 -05:00
Bruce Weirdan
71a0457284
Emit ImplicitToStringCast in more places (#5344)
* Emit ImplicitToStringCast in more places

Fixes vimeo/psalm#5320

`to_string_cast` is set on successful comparison, thus it needs to
always bubble up (it will be ignored in UnionTypeComparator if some part
does not match).

* Fix implicit casts

* Fix handling of string method references in self-out context
2021-03-11 00:07:39 -05:00
Matt Brown
96e0743892 Fix #5325 – remove all memoised methods when calling a method with property mutations 2021-03-05 00:39:25 -05:00
Matt Brown
bca09d74ad Fix style issues 2021-02-25 21:24:18 -05:00
Matt Brown
474ebf912e Fix #5229 - new SomeTemplatedClass should expand out params even if none passed 2021-02-25 21:20:05 -05:00
Matt Brown
d4841993b2 Fix #5279 - don’t convert get_class($templated) into dependent type 2021-02-25 18:43:04 -05:00
Matt Brown
b2c35834ff Remove mistakenly-duplicated code for get_* functions 2021-02-25 18:40:05 -05:00
Matt Brown
7958ef6889 Decomplicate method 2021-02-24 00:03:55 -05:00
Matt Brown
cafbdb6831 Fix #5264 - use accurate static type when calling parent method in trait 2021-02-23 20:48:22 -05:00
Matt Brown
78577fd624 Fix #5257 - allow object::foo() call 2021-02-23 17:31:14 -05:00
elnoro
e1d6f2f491
Fixed 4788 (#5263) 2021-02-22 09:21:28 -05:00
Matt Brown
6ba899e34e Only replace static type once 2021-02-22 00:25:13 -05:00
Matt Brown
3106635953 Fix inference of conditional types when wildcard constant given 2021-02-20 12:21:52 -05:00
orklah
5191dac3fa
Introduce Virtual Nodes in order to differentiate real nodes in plugins (#5222) 2021-02-15 16:18:41 -05:00
Matt Brown
bd6efd7cf2 Improve completion for namespaced classes
cc @joehoyle - this mainly allows us to get a correct list when the user starts typing Foo (without the new before it) inside a namespace
2021-02-14 23:25:13 -05:00
Matt Brown
6fb7423c68 Fix #5211 - prevent infinite loop in template inference 2021-02-13 16:16:58 -05:00
Matt Brown
044602a244 Fix #5196 - fix type before assigning default property values 2021-02-11 09:38:04 -05:00
Matt Brown
ccdb29abfa Improve handling of property-mutating calls 2021-02-10 12:09:21 -05:00
Matt Brown
2b9d307cab Fix #5184 - remove this vars from parent context where possible 2021-02-09 10:23:22 -05:00
Matt Brown
8b5e0fc754 Fix #5172 - prevent calling function with implicitly-broader type 2021-02-07 11:07:22 -05:00
orklah
343d020408
improve psalter capacities for anonymous class extending real classes (#5146) 2021-02-04 09:59:38 -05:00
Matt Brown
7dbdc8c59e Fix #5144 - prevent exception during taint analysis 2021-02-02 14:16:15 -05:00
Matt Brown
0f2a07a9a3 Fix #5137 – support @psalm-flow in methods 2021-01-31 22:40:48 -05:00
Matt Brown
359a0166e3 Fix #4631 - prevent reusing named params 2021-01-27 22:53:55 -05:00
Matt Brown
4807d38507 Fix using std library functions 2021-01-27 22:28:33 -05:00
Matt Brown
76269658ca Fix #5107 - treat function-bound templated parameters the same
Previously they were treated differently depending on whether or not they were inside a method
2021-01-26 22:43:42 -05:00
Matt Brown
6f30399189 Fix #5070 – fix static return type inference in static methods 2021-01-22 09:58:09 -05:00
Matthew Brown
28d2795e59 Fix #5078 - when unpacking with missing array item, Use the param’s default type if param has one 2021-01-22 00:20:51 -05:00
Marco Pivetta
a53cc23809
#4997 added more precise type inference for count() returning 0 or positive-int on known arrays (#4999)
* #4997 added more precise stub for `count()` returning `0` or `positive-int` on known types

* #4997 updated `count()` to support `\SimpleXmlElement` and `\ResourceBundle` counting, as well as handling hardcoded 2-element-arrays cases

This patch:

 * adds support for `count(\SimpleXmlElement)` (https://www.php.net/manual/en/simplexmlelement.count.php)
 * adds support for `count(\ResourceBundle)` (https://www.php.net/manual/en/resourcebundle.count.php)
 * removes usage of global constants from stub (not supported - see https://www.php.net/manual/en/function.count.php)
 * adds support for identifying fixed-element-count arrays, for example `count(callable&array)`, which is always `2`

* #4997 adapted `FunctionCallReturnTypeFetcher` to infer `TPositiveInt` for `count(TNonEmptyArray)` and `count(TNonEmptyList)`

* The `FunctionCallReturnTypeFetcher` is responsible for defining the precise type of a `\count(T)`
expression when given a `T`, so we baked the whole type resolution for `positive-int`, `0` and
`positive-int|0` directly in there.

While this complicates things, it is also true that it is not possible right now (for the stubs)
to provide the level of detail around `count()` that is required by the type inference system
for such a complex function with so many different semantics.
2021-01-13 09:48:38 -05:00
Adrien LUCAS
493c57eedf
Trigger dispatch even when only legacy hooks (#4962) 2021-01-08 19:51:26 -05:00
Adrien LUCAS
d1398f2b12
Avoid false positives for taint specialized calls even when not using a variable (#4948) 2021-01-07 16:39:51 -05:00
orklah
0e17a3354f
add stubs for standard iterators (#4725)
* add stubs for standard iterators

* Apply suggestions from code review cc @weirdan

Co-authored-by: Bruce Weirdan <weirdan@gmail.com>

* complete stub + delete code made redundant by stubs + fix some syntax in stubs

* fix parse error

Co-authored-by: Bruce Weirdan <weirdan@gmail.com>
2021-01-07 10:07:07 -05:00
Adrien LUCAS
0f5886746f
Taint specialized calls even when not using a variable (#4940) 2021-01-06 14:14:52 -05:00
orklah
f9fccb2b2d
implement DTO for plugins (#4881)
* implement DTO for plugins

* introduce EventHandler + reintroduce legacy API for plugins
2021-01-06 09:05:53 -05:00
Matthew Brown
3fd47f9e10 Add comments to AtomicMethodCallAnalyzer and suppress ComplexMethod 2021-01-05 19:03:50 -05:00
Matthew Brown
e4b1a4fa55 Uncomment erroneously-commented return 2021-01-05 17:49:17 -05:00
Matthew Brown
ddd99970a9 Fix #4901 - simplify mapping of template types within class 2020-12-29 12:24:33 +00:00
2e3s
d8d6811ed4
Memoize private inferred mutation-free methods (#4832) 2020-12-12 10:26:14 -05:00
Matt Brown
524084a64c Tighten up rules arouund when mutation-free methods get memoised 2020-12-08 16:39:06 -05:00
2e3s
e46c68b1e5
Overwrite memoized return type after sum-type candidate is calculated (#4805)
* Overwrite memoized return type after sum-type candidate is calculated

* Fix mismatched types

* Fix code style
2020-12-08 09:35:11 -05:00
Matthew Brown
d406d5b112
Fix typo 2020-12-07 01:32:18 -05:00
Matt Brown
e702e472fc Support simple list assignment in foreach
Ref #4741
2020-12-06 19:14:52 -05:00
Matt Brown
9c0e9a3d7e Taint all when conditional return is used
Ref #4792
2020-12-06 11:24:48 -05:00
Matt Brown
cec8d7138f Fix #4782 - don’t replace closure types with upper bounds when replacing class param types 2020-12-05 11:58:55 -05:00
Matt Brown
1bb8b73f99 Return earlier 2020-12-05 10:25:34 -05:00
Denis Smetannikov
11576951f6
Update ExistingAtomicStaticCallAnalyzer.php (#4761)
The invalid syntax for PHP 7.1+
2020-12-03 09:24:34 -05:00
Matt Brown
1feca322d5 Fix loading imported functions 2020-12-02 00:52:35 -05:00
Matt Brown
e7f9ce6da0 Break out RedundantCast issues 2020-12-01 17:25:45 -05:00
Matt Brown
f5494bc407 Fix typos caused by Macbook Pro’s bad keyboard 2020-12-01 14:14:09 -05:00
Matt Brown
3b1fa58413 Break apart method as much as possible 2020-11-30 14:07:18 -05:00
Matt Brown
2204728824 Break apart NewAnalyzer::analyze
Ref #4714
2020-11-30 13:24:24 -05:00
Matt Brown
4d81682fdd Fix #4731 - expand out class-bound generic types when evaluating instance method 2020-11-29 21:36:50 -05:00
Matt Brown
86b6d6a506 Fix #4733 - don’t replace template types when they’re defined on the same class 2020-11-29 19:12:22 -05:00
Matt Brown
601c1d8cd0 Expand out constants in param types earlier 2020-11-29 19:07:35 -05:00
Matt Brown
46b202731c Fix check 2020-11-29 18:28:32 -05:00
Matt Brown
58b306b6e3 Ensure class template types are mapped to static methods where necessary
Ref #4733
2020-11-29 17:40:52 -05:00
Matt Brown
ea314cc1c0 Simplify calling of replacer methods 2020-11-29 16:27:00 -05:00
Matt Brown
4d22723525 Break out replacement of templated types with their inferred result 2020-11-29 16:16:16 -05:00
Matt Brown
15a5bd5e29 Simplify storage and retrieval of extended template params 2020-11-29 15:05:32 -05:00
Matt Brown
0efd4ebd7d Detect some erroneous issets 2020-11-29 09:26:39 -05:00
Matthew Brown
fd53192ad2
Fix redundant mappings 2020-11-28 21:05:31 -05:00
Matt Brown
8adc0918ae Fix the bug 2020-11-28 09:55:40 -05:00
Matt Brown
de1fa03f77 Fix template type selection 2020-11-28 09:53:11 -05:00
Matt Brown
73cd07a01f Simplify FunctionCallAnalyzer
Ref #4714
2020-11-27 16:34:27 -05:00
Matt Brown
6db8132b4c Simplify call analysers a bit
Ref #4714
2020-11-27 16:31:10 -05:00
Matt Brown
5f065d3d74 Turn template bound tuples into object
Ref #4714
2020-11-27 11:43:30 -05:00
Matt Brown
6de97e3779 Skip missing function params in taint analysis 2020-11-26 11:58:14 -05:00
Matt Brown
d40d63f180 Fix #4699 - treat isset like !== null when variable is defined 2020-11-25 14:04:55 -05:00
Matt Brown
17ceba5c06 Fix bug 2020-11-22 23:32:14 -05:00
Matt Brown
f164a45843 Fix bugs 2020-11-22 19:45:54 -05:00
Matt Brown
9a03a9a5d0 Move param taint sink addition after arguuments have been analysed 2020-11-22 19:39:40 -05:00
Matt Brown
b782dd4225 Make sure conditional escaping works for static methods too 2020-11-22 13:39:32 -05:00
Matt Brown
af008953a8 Fix #4661 - support conditional escaping for functions 2020-11-22 13:24:33 -05:00
Matt Brown
f0ae0e5cb4 Break aparat type combiner 2020-11-21 18:11:29 -05:00
Lukas Reschke
ffb0c4ae17
Implement variadic taint propagation (#4649)
* Implement variadic taint propagation

* Lint code
2020-11-21 17:41:40 -05:00
orklah
ae0486529e
Unused psalm-suppress (#4646) 2020-11-21 17:39:40 -05:00
Matt Brown
ce8938263e Fix #4636 - prevent crashes on aliased classes 2020-11-20 09:29:24 -05:00
Matt Brown
78d644d1a1 Change TaintedText to TaintedCallable 2020-11-19 19:01:19 -05:00
Matt Brown
4c315ec45c Closure calls aren’t sinks 2020-11-19 18:44:36 -05:00
Matt Brown
ff3fff56d4 Simplify assertion negations, centralising as much as possible
Now the flag passed to scrapeAssertions just determines the errors emitted
2020-11-19 14:32:49 -05:00
Matt Brown
95de6cf177 Allow immutable classes to be specialised through calls 2020-11-19 01:38:20 -05:00
Matt Brown
d60abaf858 Unfix fixes 2020-11-18 19:19:07 -05:00
Matt Brown
8dd229f6c0 Only ignore literal flows when tainting 2020-11-18 18:43:41 -05:00
Matt Brown
236292ff05 Fix #4600 - set attributes in a bunch of places 2020-11-18 12:44:59 -05:00
Matt Brown
3f7f959726 Fix #4599 - propagate taints to parent callers where necessary 2020-11-18 09:59:54 -05:00
Matt Brown
28dee4146a Fix tests 2020-11-17 17:53:46 -05:00
Matt Brown
adeaa33a64 Don’t propagate taints to child constructor args 2020-11-17 16:49:29 -05:00
Matt Brown
43af3b1a57 Break out TaintedInput issues into a lot of separate ones 2020-11-17 12:44:31 -05:00
Matt Brown
42802e11d1 Allow PHP major version to determine substr return type 2020-11-16 16:31:33 -05:00
Dusk
0fe3e1f83b
Allow named arguments to variadic functions (#4575)
Closes #4563
2020-11-16 15:49:27 -05:00
Matt Brown
5a62dc5c40 Fix #4540 - use correct method when simulating property setting 2020-11-12 23:56:29 -05:00
Matt Brown
556fb12966 Move mutation checks to more appropriate place 2020-11-12 23:54:50 -05:00
Matt Brown
2f7bf2a144 Bind lower bounds to upper bounds as well when no upper bound can be inferred
Ref #4485
2020-11-11 17:46:09 -05:00
Matt Brown
a8d7248c31 Fix #4524 - do better template param inheritance 2020-11-11 13:25:17 -05:00
Matt Brown
b731b53d5e Add debug stuff for code complexity 2020-11-10 12:49:42 -05:00
Matt Brown
e27cbfba57 Reduce size of data flow graph when analysing array assignments 2020-11-09 22:44:36 -05:00
Adrien LUCAS
4cb8e86737
Add a proxy capability to the flow annotation (#4495)
* Add a `passthru` capability to the flow annotation

* Fix passthru-calls type

* Fix types and rename to proxy

* Allow to proxy a method

Co-authored-by: Matthew Brown <github@muglug.com>
2020-11-09 15:22:35 -05:00
Matt Brown
8799e1a337 Break apart complex method 2020-11-09 00:58:45 -05:00
Matt Brown
0be4f2fedf Fix/ignore reflection bugs 2020-11-08 14:27:37 -05:00
Matt Brown
20e37d8cb6 Add a comment to show workings 2020-11-08 13:08:45 -05:00
Matt Brown
24c9702aa5 Remove unused imports 2020-11-08 12:31:21 -05:00
Matt Brown
6da0905478 Separate out good from the bad 2020-11-08 12:29:23 -05:00
Matt Brown
b8f5d16e9f Consolidate similar functionality 2020-11-07 00:58:20 -05:00
Matt Brown
6b06ecec39 Fix #4491 - support assertions in new calls 2020-11-06 11:55:19 -05:00
Matt Brown
3e9c5d3600 Add support for @return never 2020-11-04 12:30:02 -05:00
Matt Brown
b5a3f45d52 Remove use of PHP 7.2 function 2020-11-04 11:02:34 -05:00
Matt Brown
91d9dc3759 Fix overeager inference 2020-11-03 16:44:24 -05:00