1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-11 16:59:45 +01:00
Commit Graph

7914 Commits

Author SHA1 Message Date
Matt Brown
763eff2e8b
Fix #4611 - flag invalid attribute arguments correctly 2021-01-29 11:46:21 +01:00
Matt Brown
dc9a2a48e9
Fix #4615 - ensure promoted properties are not treated as uninitialized 2021-01-29 11:46:21 +01:00
Matt Brown
2fff4eb5c1
Fix #4653 - prevent crash with recursive type in root namespace 2021-01-29 11:46:20 +01:00
Matt Brown
56918001a8
Fix #4643 - use PHP8 union types when possible 2021-01-29 11:46:20 +01:00
Matt Brown
169dbf2545
Add instanceof check 2021-01-29 11:46:20 +01:00
Matt Brown
0565c47049
Remove unnecessary coercion 2021-01-29 11:46:20 +01:00
Matt Brown
48a58c56e3
Don’t erase already-known literal ints
Fixes #4644
2021-01-29 11:46:20 +01:00
Matt Brown
48fba8a6b9
Only run unused code analysis where necessary 2021-01-29 11:46:20 +01:00
Matt Brown
d43bb3923b
Break aparat type combiner 2021-01-29 11:46:20 +01:00
orklah
086bf2910f
return string in phpdoc for a literal class-string (#4652) 2021-01-29 11:46:20 +01:00
orklah
6fd28d188a
avoid formating useless type (#4651) 2021-01-29 11:46:20 +01:00
Lukas Reschke
b2143f1da5
Implement variadic taint propagation (#4649)
* Implement variadic taint propagation

* Lint code
2021-01-29 11:46:19 +01:00
orklah
83f5ee9db6
Unused psalm-suppress (#4646) 2021-01-29 11:46:19 +01:00
orklah
58ddeaafdf
use int|string in phpdoc format for array-key (#4645) 2021-01-29 11:46:19 +01:00
dq5studios
f9edf5d7e1
Fix whitespace in help output (#4642) 2021-01-29 11:46:19 +01:00
Lukas Reschke
4de2bf8f7f
Add psalm-flow for string functions from sscanf to wordwrap (#4591)
* Add string functions from sscanf to wordwrap

This should conclude all string functions from https://www.php.net/manual/en/book.strings.php

Continuation of https://github.com/vimeo/psalm/pull/4576

Ref https://github.com/vimeo/psalm/issues/3636

* Add StrTrReturnTypeProvider

* Fix psalm error

* phpcs

* Line length

* Ignore false return on vsprintf

Co-authored-by: Matthew Brown <github@muglug.com>
2021-01-29 11:46:19 +01:00
Matthew Brown
7edb8ef3f8
Fix taint description 2021-01-29 11:46:19 +01:00
Matt Brown
38d1dded4e
Fix test 2021-01-29 11:46:19 +01:00
Matt Brown
b539fdf70e
Allow Psalm to run in taint analysis mode without a config 2021-01-29 11:46:18 +01:00
Matt Brown
1bd087bd0d
Allow mixed in PHP 8 for manipulation 2021-01-29 11:46:18 +01:00
orklah
289a3b220b
allow static return type in PHP8 (#4641) 2021-01-29 11:46:18 +01:00
Matt Brown
fb1fce8723
Fix Phar platform check
Fixes #4640
2021-01-29 11:46:18 +01:00
Matt Brown
7f0ac653a1
First creation_function param isnÆt really a sink 2021-01-29 11:46:18 +01:00
Matt Brown
068907327d
Fix #4637 - prevent regression when negating function call with === false 2021-01-29 11:46:18 +01:00
Dalibor Karlović
ea089d9696
feature: allow plugin manager to work without config file (#4639) 2021-01-29 11:46:17 +01:00
Matt Brown
12e9a3d2ab
Fix #4636 - prevent crashes on aliased classes 2021-01-29 11:46:17 +01:00
Matthew Brown
2c14699ae4
Grammar 2021-01-29 11:46:17 +01:00
Matthew Brown
534b1d135a
Make Readme more punchy 2021-01-29 11:46:17 +01:00
Markus Staab
2c998aea7e
documented type in InternalTaintSinkMap (#4627) 2021-01-29 11:46:17 +01:00
Matt Brown
84348ec38d
Don’t taint foreach keys with array-fetch
We could use array-keyfetch or similar, but for now gives false-positives
2021-01-29 11:46:17 +01:00
orklah
5afbf5f831
return static instead of self when static context detected (#4632)
* return this instead of self when static context detected

* replace $this by static
2021-01-29 11:46:17 +01:00
Matt Brown
02b1cc2288
Change TaintedText to TaintedCallable 2021-01-29 11:46:17 +01:00
Matt Brown
5e3cfd3996
Closure calls aren’t sinks 2021-01-29 11:46:16 +01:00
Lukas Reschke
3fb73564f6
Advertise SARIF export in the documentation (#4633) 2021-01-29 11:46:16 +01:00
Lukas Reschke
2ad5eee193
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
2021-01-29 11:46:16 +01:00
Matt Brown
81486cfb12
Return empty instead of throwing 2021-01-29 11:46:16 +01:00
Matt Brown
685248225d
Fix formatting 2021-01-29 11:46:16 +01:00
Matt Brown
0acb02a595
Be more refined 2021-01-29 11:46:16 +01:00
Matt Brown
3b3239635b
Fix #4626 - array_key_exists should infer type for first arg where possible 2021-01-29 11:46:16 +01:00
Matt Brown
7b4f0745f5
Simplify assertion negations, centralising as much as possible
Now the flag passed to scrapeAssertions just determines the errors emitted
2021-01-29 11:46:16 +01:00
Matt Brown
6f9be03789
Revert "Fix #4624 - allow in_array to work with list arrays"
This reverts commit 08ae85a735.
2021-01-29 11:46:16 +01:00
Matt Brown
191f305aec
Fix #4624 - allow in_array to work with list arrays 2021-01-29 11:46:15 +01:00
Matt Brown
43187a0e19
Fix #4620 - reconciled literal strings cannot carry taints 2021-01-29 11:46:15 +01:00
Mikhail Snetkov
f969b01db4
Fix missing bracket in docs (#4614) 2021-01-29 11:46:15 +01:00
Matt Brown
005f394d8e
Allow immutable classes to be specialised through calls 2021-01-29 11:46:15 +01:00
Matt Brown
106ab936f9
Unfix fixes 2021-01-29 11:46:15 +01:00
Matt Brown
cc17ebfa6a
Only ignore literal flows when tainting 2021-01-29 11:46:15 +01:00
Matt Brown
c3658e2590
Fix #4605 - taint parent-declared property 2021-01-29 11:46:15 +01:00
Matt Brown
e1c3959f5a
Fix #4603 - fix arithmetic to prevent end column 0 2021-01-29 11:46:15 +01:00
Matt Brown
a48f686695
Fix #4600 - set attributes in a bunch of places 2021-01-29 11:46:15 +01:00