Matt Brown
|
763eff2e8b
|
Fix #4611 - flag invalid attribute arguments correctly
|
2021-01-29 11:46:21 +01:00 |
|
Matt Brown
|
dc9a2a48e9
|
Fix #4615 - ensure promoted properties are not treated as uninitialized
|
2021-01-29 11:46:21 +01:00 |
|
Matt Brown
|
2fff4eb5c1
|
Fix #4653 - prevent crash with recursive type in root namespace
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
56918001a8
|
Fix #4643 - use PHP8 union types when possible
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
169dbf2545
|
Add instanceof check
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
0565c47049
|
Remove unnecessary coercion
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
48a58c56e3
|
Don’t erase already-known literal ints
Fixes #4644
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
48fba8a6b9
|
Only run unused code analysis where necessary
|
2021-01-29 11:46:20 +01:00 |
|
Matt Brown
|
d43bb3923b
|
Break aparat type combiner
|
2021-01-29 11:46:20 +01:00 |
|
orklah
|
086bf2910f
|
return string in phpdoc for a literal class-string (#4652)
|
2021-01-29 11:46:20 +01:00 |
|
orklah
|
6fd28d188a
|
avoid formating useless type (#4651)
|
2021-01-29 11:46:20 +01:00 |
|
Lukas Reschke
|
b2143f1da5
|
Implement variadic taint propagation (#4649)
* Implement variadic taint propagation
* Lint code
|
2021-01-29 11:46:19 +01:00 |
|
orklah
|
83f5ee9db6
|
Unused psalm-suppress (#4646)
|
2021-01-29 11:46:19 +01:00 |
|
orklah
|
58ddeaafdf
|
use int|string in phpdoc format for array-key (#4645)
|
2021-01-29 11:46:19 +01:00 |
|
dq5studios
|
f9edf5d7e1
|
Fix whitespace in help output (#4642)
|
2021-01-29 11:46:19 +01:00 |
|
Lukas Reschke
|
4de2bf8f7f
|
Add psalm-flow for string functions from sscanf to wordwrap (#4591)
* Add string functions from sscanf to wordwrap
This should conclude all string functions from https://www.php.net/manual/en/book.strings.php
Continuation of https://github.com/vimeo/psalm/pull/4576
Ref https://github.com/vimeo/psalm/issues/3636
* Add StrTrReturnTypeProvider
* Fix psalm error
* phpcs
* Line length
* Ignore false return on vsprintf
Co-authored-by: Matthew Brown <github@muglug.com>
|
2021-01-29 11:46:19 +01:00 |
|
Matthew Brown
|
7edb8ef3f8
|
Fix taint description
|
2021-01-29 11:46:19 +01:00 |
|
Matt Brown
|
38d1dded4e
|
Fix test
|
2021-01-29 11:46:19 +01:00 |
|
Matt Brown
|
b539fdf70e
|
Allow Psalm to run in taint analysis mode without a config
|
2021-01-29 11:46:18 +01:00 |
|
Matt Brown
|
1bd087bd0d
|
Allow mixed in PHP 8 for manipulation
|
2021-01-29 11:46:18 +01:00 |
|
orklah
|
289a3b220b
|
allow static return type in PHP8 (#4641)
|
2021-01-29 11:46:18 +01:00 |
|
Matt Brown
|
fb1fce8723
|
Fix Phar platform check
Fixes #4640
|
2021-01-29 11:46:18 +01:00 |
|
Matt Brown
|
7f0ac653a1
|
First creation_function param isnÆt really a sink
|
2021-01-29 11:46:18 +01:00 |
|
Matt Brown
|
068907327d
|
Fix #4637 - prevent regression when negating function call with === false
|
2021-01-29 11:46:18 +01:00 |
|
Dalibor Karlović
|
ea089d9696
|
feature: allow plugin manager to work without config file (#4639)
|
2021-01-29 11:46:17 +01:00 |
|
Matt Brown
|
12e9a3d2ab
|
Fix #4636 - prevent crashes on aliased classes
|
2021-01-29 11:46:17 +01:00 |
|
Matthew Brown
|
2c14699ae4
|
Grammar
|
2021-01-29 11:46:17 +01:00 |
|
Matthew Brown
|
534b1d135a
|
Make Readme more punchy
|
2021-01-29 11:46:17 +01:00 |
|
Markus Staab
|
2c998aea7e
|
documented type in InternalTaintSinkMap (#4627)
|
2021-01-29 11:46:17 +01:00 |
|
Matt Brown
|
84348ec38d
|
Don’t taint foreach keys with array-fetch
We could use array-keyfetch or similar, but for now gives false-positives
|
2021-01-29 11:46:17 +01:00 |
|
orklah
|
5afbf5f831
|
return static instead of self when static context detected (#4632)
* return this instead of self when static context detected
* replace $this by static
|
2021-01-29 11:46:17 +01:00 |
|
Matt Brown
|
02b1cc2288
|
Change TaintedText to TaintedCallable
|
2021-01-29 11:46:17 +01:00 |
|
Matt Brown
|
5e3cfd3996
|
Closure calls aren’t sinks
|
2021-01-29 11:46:16 +01:00 |
|
Lukas Reschke
|
3fb73564f6
|
Advertise SARIF export in the documentation (#4633)
|
2021-01-29 11:46:16 +01:00 |
|
Lukas Reschke
|
2ad5eee193
|
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'
* Add documentation
* Add mapping for taint flows
* Add tests
* Fix test
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
81486cfb12
|
Return empty instead of throwing
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
685248225d
|
Fix formatting
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
0acb02a595
|
Be more refined
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
3b3239635b
|
Fix #4626 - array_key_exists should infer type for first arg where possible
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
7b4f0745f5
|
Simplify assertion negations, centralising as much as possible
Now the flag passed to scrapeAssertions just determines the errors emitted
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
6f9be03789
|
Revert "Fix #4624 - allow in_array to work with list arrays"
This reverts commit 08ae85a735 .
|
2021-01-29 11:46:16 +01:00 |
|
Matt Brown
|
191f305aec
|
Fix #4624 - allow in_array to work with list arrays
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
43187a0e19
|
Fix #4620 - reconciled literal strings cannot carry taints
|
2021-01-29 11:46:15 +01:00 |
|
Mikhail Snetkov
|
f969b01db4
|
Fix missing bracket in docs (#4614)
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
005f394d8e
|
Allow immutable classes to be specialised through calls
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
106ab936f9
|
Unfix fixes
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
cc17ebfa6a
|
Only ignore literal flows when tainting
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
c3658e2590
|
Fix #4605 - taint parent-declared property
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
e1c3959f5a
|
Fix #4603 - fix arithmetic to prevent end column 0
|
2021-01-29 11:46:15 +01:00 |
|
Matt Brown
|
a48f686695
|
Fix #4600 - set attributes in a bunch of places
|
2021-01-29 11:46:15 +01:00 |
|