Matt Brown
|
6de97e3779
|
Skip missing function params in taint analysis
|
2020-11-26 11:58:14 -05:00 |
|
Matt Brown
|
b224970281
|
Fix generic ArrayAccess creation cc @orklah
|
2020-11-26 10:00:03 -05:00 |
|
orklah
|
f7cfdaabd7
|
Allow reconciling between object and iterable (#4706)
* Allow reconciling between object and iterable
* add tests
|
2020-11-26 09:25:49 -05:00 |
|
orklah
|
4bbb72329e
|
Fix PHPMAXINT offset (#4707)
|
2020-11-26 09:24:32 -05:00 |
|
Matt Brown
|
01ceaf7006
|
Fix style issues
|
2020-11-25 21:36:37 -05:00 |
|
Matt Brown
|
0c477da310
|
Fix test failures
|
2020-11-25 20:05:09 -05:00 |
|
Markus Staab
|
a174b4c415
|
Document more taint types (#4704)
* Document more taint types
Taken from the TaintKind enum
* Add more of a description
Co-authored-by: Matthew Brown <github@muglug.com>
|
2020-11-25 19:28:02 -05:00 |
|
LeSuisse
|
e32ed43253
|
Fix incorrect taint sink map for \rmdir (#4703)
Closes #4690
|
2020-11-25 16:45:53 -05:00 |
|
Markus Staab
|
8a0feaffa9
|
Declare PdoStatement->fetchObject($class_name) a taint sink (#4701)
* Declare PdoStatement
* Change to a callable sink
Co-authored-by: Matthew Brown <github@muglug.com>
|
2020-11-25 15:50:19 -05:00 |
|
orklah
|
58736924dd
|
fix wrong cast to int when string offset is a number > MAX INT (#4702)
|
2020-11-25 15:48:53 -05:00 |
|
Matt Brown
|
f3e0201a99
|
Treat $a ?? $b identically to isset($a) ? $a : $b
|
2020-11-25 14:34:05 -05:00 |
|
Matt Brown
|
d40d63f180
|
Fix #4699 - treat isset like !== null when variable is defined
|
2020-11-25 14:04:55 -05:00 |
|
Matt Brown
|
6aa052475a
|
Pass correct flags when referencing from finally
|
2020-11-25 14:04:55 -05:00 |
|
Markus Staab
|
d393b4a69d
|
Added PDOStatement->fetchObject() stub (#4693)
* Added PDOStatement->fetchObject() stub
* fix stub param
* fix Xdebug spelling
* Use extension_loaded check instead
Co-authored-by: Matthew Brown <github@muglug.com>
|
2020-11-25 12:08:04 -05:00 |
|
orklah
|
b6a3282589
|
Detect redundant cast (#4695)
* detect redundant cast
* fix redundant cast issues
* fix redundant cast in tests
|
2020-11-25 12:04:48 -05:00 |
|
Matthew Brown
|
1320081d27
|
Fix core return types
|
2020-11-25 11:49:51 -05:00 |
|
Matt Brown
|
39f26d9047
|
Remove suppressed issuue
|
2020-11-25 09:22:41 -05:00 |
|
Markus Staab
|
3dc311fd45
|
fixed exception message (#4692)
|
2020-11-24 16:04:34 -05:00 |
|
Matt Brown
|
f8ddc7e58a
|
Add slash
|
2020-11-24 15:07:15 -05:00 |
|
orklah
|
45c6189190
|
restore str_split as a list (#4694)
|
2020-11-24 15:01:46 -05:00 |
|
Matt Brown
|
e9c00b8395
|
Switch order to satisfy new refinement
|
2020-11-24 14:57:34 -05:00 |
|
Matt Brown
|
41af653bd4
|
Add support for some dependent types
|
2020-11-24 14:50:35 -05:00 |
|
Matt Brown
|
27b7de285e
|
Fix some stubs
|
2020-11-24 10:44:33 -05:00 |
|
Matt Brown
|
8ede667cad
|
Remove debugging error
|
2020-11-24 08:06:26 -05:00 |
|
orklah
|
2bf25d5f50
|
Emit an issue when returning a Stringable object when a string is expected (#4657)
* Emit an issue when returning a Stringable object when a string is expected
* Fix issue in Psalm codebase
|
2020-11-24 00:18:24 -05:00 |
|
Benjamin Morel
|
5748a4e25a
|
Fix PdoStatementReturnTypeProvider (#4683)
* Fix PdoStatementReturnTypeProvider
Methods returning scalars may return null as well.
* Fix tests
|
2020-11-23 18:41:12 -05:00 |
|
Matthew Brown
|
9823824608
|
Add example from @ludofleury's solution
|
2020-11-23 17:25:30 -05:00 |
|
Benjamin Morel
|
e938933ff3
|
Fix PDOStatement::fetchObject() return type (#4682)
|
2020-11-23 15:52:14 -05:00 |
|
Matt Brown
|
2c5f767098
|
Fix tests
|
2020-11-23 15:51:58 -05:00 |
|
Olivier Doucet
|
70a130f11e
|
add CodeClimate output format (#4387)
* add CodeClimate output format
* cosmetic fixes
* add CodeClimate output format
* cosmetic fixes
* phpcs fixes
|
2020-11-23 15:34:51 -05:00 |
|
orklah
|
b6cb9785ac
|
Prevent illegal array keys (#4660)
* Emit an issue when an array-key is not legal
* tests
|
2020-11-23 15:20:39 -05:00 |
|
Markus Staab
|
e5493f59cd
|
Mark finfo_open and finfo_file as impure (#4678)
* Mark finfo_open and finfo_file as impure
* fix CS
|
2020-11-23 15:19:50 -05:00 |
|
Matt Brown
|
b14a62338e
|
Fix test
|
2020-11-23 13:14:40 -05:00 |
|
erikjwaxx
|
25d8c6d21e
|
Narrow inference of $a <=> $b from "int" to "-1|0|1" (#4680)
* A <=> operator has a literal type of -1|0|1 and not simply int
* Test to verify inferred type of $a <=> $b is -1|0|1
|
2020-11-23 13:10:51 -05:00 |
|
Markus Staab
|
d151f1c36e
|
mark file_get_contents as impurce (#4679)
|
2020-11-23 11:33:30 -05:00 |
|
Markus Staab
|
387bfbd9e0
|
is_file and is_dir should be impure (#4676)
* `is_file` and `is_dir` should be impure
* newline
Co-authored-by: Matthew Brown <github@muglug.com>
|
2020-11-23 09:53:39 -05:00 |
|
Matt Brown
|
8325317e16
|
Fix #4674 - is_readable should be impure
|
2020-11-23 08:54:11 -05:00 |
|
Matt Brown
|
10c0bcc4e2
|
Fix #4674 - is_readable should be impure
|
2020-11-23 08:45:27 -05:00 |
|
Matt Brown
|
17ceba5c06
|
Fix bug
|
2020-11-22 23:32:14 -05:00 |
|
Matt Brown
|
f164a45843
|
Fix bugs
|
2020-11-22 19:45:54 -05:00 |
|
Matt Brown
|
9a03a9a5d0
|
Move param taint sink addition after arguuments have been analysed
|
2020-11-22 19:39:40 -05:00 |
|
Lukas Reschke
|
a36c1af846
|
Add more verbose description for TaintedHtml (#4668)
Ref https://github.com/vimeo/psalm/issues/4590
|
2020-11-22 19:14:48 -05:00 |
|
Matt Brown
|
853432a6aa
|
Fix tests
|
2020-11-22 16:24:33 -05:00 |
|
Matt Brown
|
6399707dd6
|
Prevent flows through TaintedInput-suppressed files
|
2020-11-22 16:04:57 -05:00 |
|
Matt Brown
|
b782dd4225
|
Make sure conditional escaping works for static methods too
|
2020-11-22 13:39:32 -05:00 |
|
Matt Brown
|
af008953a8
|
Fix #4661 - support conditional escaping for functions
|
2020-11-22 13:24:33 -05:00 |
|
Matt Brown
|
bd612c476c
|
Break apart large function
|
2020-11-22 13:24:33 -05:00 |
|
Lukas Reschke
|
7ac42551de
|
Add some more flows (#4659)
* Add some more flows
- Adds all relevant JSON flows https://www.php.net/manual/en/ref.json.php
- Adds all relevant misc flows https://www.php.net/manual/en/ref.misc.php
- Adds a small subset of URL flows https://www.php.net/manual/en/ref.url.php
* Update CoreGenericFunctions.phpstub
|
2020-11-22 12:09:55 -05:00 |
|
Matt Brown
|
2c77424e16
|
Fix #4656 - separate UnusedConstructor from UnusedMethod
|
2020-11-22 11:48:17 -05:00 |
|
orklah
|
97f0a78ac1
|
Only crash Psalm when the faulty file is in project (#4658)
|
2020-11-22 09:07:00 -05:00 |
|