orklah
|
597b7aa064
|
Prevent illegal array keys (#4660)
* Emit an issue when an array-key is not legal
* tests
|
2021-01-29 11:46:23 +01:00 |
|
Matt Brown
|
401573c696
|
Fix test
|
2021-01-29 11:46:23 +01:00 |
|
erikjwaxx
|
62ca9f42bc
|
Narrow inference of $a <=> $b from "int" to "-1|0|1" (#4680)
* A <=> operator has a literal type of -1|0|1 and not simply int
* Test to verify inferred type of $a <=> $b is -1|0|1
|
2021-01-29 11:46:23 +01:00 |
|
Matt Brown
|
a0fee98962
|
Move param taint sink addition after arguuments have been analysed
|
2021-01-29 11:46:22 +01:00 |
|
Matt Brown
|
aa4be209fc
|
Make sure conditional escaping works for static methods too
|
2021-01-29 11:46:22 +01:00 |
|
Matt Brown
|
30ee5334a1
|
Fix #4661 - support conditional escaping for functions
|
2021-01-29 11:46:22 +01:00 |
|
Matt Brown
|
676a0ed2d1
|
Fix #4609 - add more attribute rules
|
2021-01-29 11:46:21 +01:00 |
|
Matt Brown
|
14807326fe
|
Fix #4475 - verify that used attributes actual use the Attribute attribute
|
2021-01-29 11:46:21 +01:00 |
|
Matt Brown
|
763eff2e8b
|
Fix #4611 - flag invalid attribute arguments correctly
|
2021-01-29 11:46:21 +01:00 |
|
Matt Brown
|
2fff4eb5c1
|
Fix #4653 - prevent crash with recursive type in root namespace
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
56918001a8
|
Fix #4643 - use PHP8 union types when possible
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
48a58c56e3
|
Don’t erase already-known literal ints
Fixes #4644
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
48fba8a6b9
|
Only run unused code analysis where necessary
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
d43bb3923b
|
Break aparat type combiner
|
2021-01-29 11:46:20 +01:00 |
|
Lukas Reschke
|
b2143f1da5
|
Implement variadic taint propagation (#4649)
* Implement variadic taint propagation
* Lint code
|
2021-01-29 11:46:19 +01:00 |
|
orklah
|
58ddeaafdf
|
use int|string in phpdoc format for array-key (#4645)
|
2021-01-29 11:46:19 +01:00 |
|
Lukas Reschke
|
4de2bf8f7f
|
Add psalm-flow for string functions from sscanf to wordwrap (#4591)
* Add string functions from sscanf to wordwrap
This should conclude all string functions from https://www.php.net/manual/en/book.strings.php
Continuation of https://github.com/vimeo/psalm/pull/4576
Ref https://github.com/vimeo/psalm/issues/3636
* Add StrTrReturnTypeProvider
* Fix psalm error
* phpcs
* Line length
* Ignore false return on vsprintf
Co-authored-by: Matthew Brown <github@muglug.com>
|
2021-01-29 11:46:19 +01:00 |
|
Matt Brown
|
38d1dded4e
|
Fix test
|
2021-01-29 11:46:19 +01:00 |
|
Matt Brown
|
b539fdf70e
|
Allow Psalm to run in taint analysis mode without a config
|
2021-01-29 11:46:18 +01:00 |
|
orklah
|
289a3b220b
|
allow static return type in PHP8 (#4641)
|
2021-01-29 11:46:18 +01:00 |
|
Matt Brown
|
068907327d
|
Fix #4637 - prevent regression when negating function call with === false
|
2021-01-29 11:46:18 +01:00 |
|
Dalibor Karlović
|
ea089d9696
|
feature: allow plugin manager to work without config file (#4639)
|
2021-01-29 11:46:17 +01:00 |
|
orklah
|
5afbf5f831
|
return static instead of self when static context detected (#4632)
* return this instead of self when static context detected
* replace $this by static
|
2021-01-29 11:46:17 +01:00 |
|
Matt Brown
|
02b1cc2288
|
Change TaintedText to TaintedCallable
|
2021-01-29 11:46:17 +01:00 |
|
Lukas Reschke
|
2ad5eee193
|
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'
* Add documentation
* Add mapping for taint flows
* Add tests
* Fix test
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
3b3239635b
|
Fix #4626 - array_key_exists should infer type for first arg where possible
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
7b4f0745f5
|
Simplify assertion negations, centralising as much as possible
Now the flag passed to scrapeAssertions just determines the errors emitted
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
6f9be03789
|
Revert "Fix #4624 - allow in_array to work with list arrays"
This reverts commit 08ae85a735 .
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
191f305aec
|
Fix #4624 - allow in_array to work with list arrays
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
43187a0e19
|
Fix #4620 - reconciled literal strings cannot carry taints
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
005f394d8e
|
Allow immutable classes to be specialised through calls
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
c3658e2590
|
Fix #4605 - taint parent-declared property
|
2021-01-29 11:46:15 +01:00 |
|
Lukas Reschke
|
ce05165384
|
Split LDAP into custom category (#4604)
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
3b8a76d520
|
Fix #4599 - propagate taints to parent callers where necessary
|
2021-01-29 11:46:14 +01:00 |
|
Lukas Reschke
|
99d094b5e0
|
Add SSRF sinks (#4592)
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
3484976686
|
Sanity check to ensure closure uses aren’t removed
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
5246841b12
|
Fix tests
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
a4b56c9292
|
Simplify tainted output a bit, removing duplicate paths
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
a7cc439db0
|
Don’t propagate taints to child constructor args
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
0b14b6968e
|
Fix #4472 - if something flows into a byref var it’s used
|
2021-01-29 11:46:13 +01:00 |
|
Lukas Reschke
|
c42927c6e4
|
Add SARIF as report output (#4582)
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
|
2021-01-29 11:46:13 +01:00 |
|
Matt Brown
|
2c69618347
|
Break out TaintedInput issues into a lot of separate ones
|
2021-01-29 11:46:13 +01:00 |
|
Dusk
|
4e7bd1e39b
|
Allow named arguments to variadic functions (#4575)
Closes #4563
|
2021-01-29 11:46:11 +01:00 |
|
Lukas Reschke
|
ff55dba130
|
Add sinks for popen and proc_open (#4572)
User input in those two functions could lead to a RCE.
popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
|
2021-01-29 11:46:11 +01:00 |
|
orklah
|
2f368244a4
|
Detect trying to access to a list with a negative offset (#4552)
|
2021-01-29 11:46:11 +01:00 |
|
Matt Brown
|
4fff920952
|
Fix #4529 - allow unsetting with complex array key
|
2021-01-29 11:46:10 +01:00 |
|
Matt Brown
|
4a8c98257e
|
Add closure-use termination for byref flows
|
2021-01-29 11:46:10 +01:00 |
|
Matt Brown
|
ad840e4b7a
|
Fix #4547 - mark unused uses
|
2021-01-29 11:46:10 +01:00 |
|
Matt Brown
|
c1d57ba6a5
|
Uses by ref should be assigned that way
|
2021-01-29 11:46:10 +01:00 |
|
Matt Brown
|
5f01ea788a
|
Fix #4544 - improve handling of get_class in match
|
2021-01-29 11:46:10 +01:00 |
|