danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-14 02:07:37 +01:00
Code Issues Projects Releases Wiki Activity
7,865 Commits 43 Branches 314 Tags 108 MiB
a4ac52aea4
Commit Graph

6171 Commits

Author SHA1 Message Date
Matt Brown
de1fa03f77 Fix template type selection 2020-11-28 09:53:11 -05:00
orklah
e2030b4a1e
fix #3282 (#4724) 2020-11-28 09:03:03 -05:00
Matt Brown
4af7e818b2 Simplify ArrayFetchAnalyzer::getArrayAccessTypeGivenOffset 
Ref #4714
 2020-11-27 23:36:47 -05:00
Bruce Weirdan
fc29d26879
Added test to enforce that all supported annotations are documented (#4723) 
* Added test to enforce that all supported annotations are documented

Well, at least mentioned.

Refs vimeo/psalm#3816

* Type things

* Make things pretty

* Only check @psalm- annotations, group

* Add documentation for `@psalm-require-extends` and `@psalm-require-implements`

* Dropped logicalOr that has become redundant

* Add explicit tag

* Document @psalm-template

* Add @psalm-template-covariant

* Document `@psalm-method`

* Add list of undocumented docblock annotations

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-27 21:48:16 -05:00
Matt Brown
53c5e52ef2 Fix #3017 - use correct keys when converting list to array 2020-11-27 20:05:16 -05:00
Matt Brown
b717356f95 Simplify more things 2020-11-27 17:48:39 -05:00
Matt Brown
2626f008be Only show possibly unused params on methods that don’t extend others 2020-11-27 17:17:03 -05:00
orklah
32bf18dff0
fix array_column with possibly_undefined keys (#4719) 2020-11-27 17:05:54 -05:00
orklah
f19cac6ecf
add annotation @psalm-param-out (#4717) 
* add annotation @psalm-param-out

* add tag in documentation
 2020-11-27 17:05:26 -05:00
Matt Brown
ffabce19c5 Add complex issue error 2020-11-27 17:02:37 -05:00
Matt Brown
73cd07a01f Simplify FunctionCallAnalyzer 
Ref #4714
 2020-11-27 16:34:27 -05:00
Matt Brown
6db8132b4c Simplify call analysers a bit 
Ref #4714
 2020-11-27 16:31:10 -05:00
Matt Brown
5dd4912a99 Simplify ArrayAnalyzer 
Ref #4714
 2020-11-27 14:19:55 -05:00
Matt Brown
1ce45516db Don’t alter behaviour 2020-11-27 11:47:12 -05:00
Matt Brown
5f065d3d74 Turn template bound tuples into object 
Ref #4714
 2020-11-27 11:43:30 -05:00
orklah
b60182c514
better fix for reconciling iterable and object (#4712) 2020-11-27 09:10:55 -05:00
Matt Brown
bf696bf82e Add complexity function name echoing 2020-11-27 05:28:55 -05:00
orklah
74c07bbc08
Allow <false|T as object> to be falsy (#4711) 2020-11-26 16:47:44 -05:00
Matt Brown
6de97e3779 Skip missing function params in taint analysis 2020-11-26 11:58:14 -05:00
Matt Brown
b224970281 Fix generic ArrayAccess creation cc @orklah 2020-11-26 10:00:03 -05:00
orklah
f7cfdaabd7
Allow reconciling between object and iterable (#4706) 
* Allow reconciling between object and iterable

* add tests
 2020-11-26 09:25:49 -05:00
orklah
4bbb72329e
Fix PHPMAXINT offset (#4707) 2020-11-26 09:24:32 -05:00
Matt Brown
01ceaf7006 Fix style issues 2020-11-25 21:36:37 -05:00
Matt Brown
0c477da310 Fix test failures 2020-11-25 20:05:09 -05:00
orklah
58736924dd
fix wrong cast to int when string offset is a number > MAX INT (#4702) 2020-11-25 15:48:53 -05:00
Matt Brown
f3e0201a99 Treat $a ?? $b identically to isset($a) ? $a : $b 2020-11-25 14:34:05 -05:00
Matt Brown
d40d63f180 Fix #4699 - treat isset like !== null when variable is defined 2020-11-25 14:04:55 -05:00
Matt Brown
6aa052475a Pass correct flags when referencing from finally 2020-11-25 14:04:55 -05:00
Markus Staab
d393b4a69d
Added PDOStatement->fetchObject() stub (#4693) 
* Added PDOStatement->fetchObject() stub

* fix stub param

* fix Xdebug spelling

* Use extension_loaded check instead

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-25 12:08:04 -05:00
orklah
b6a3282589
Detect redundant cast (#4695) 
* detect redundant cast

* fix redundant cast issues

* fix redundant cast in tests
 2020-11-25 12:04:48 -05:00
Matt Brown
39f26d9047 Remove suppressed issuue 2020-11-25 09:22:41 -05:00
Markus Staab
3dc311fd45
fixed exception message (#4692) 2020-11-24 16:04:34 -05:00
Matt Brown
f8ddc7e58a Add slash 2020-11-24 15:07:15 -05:00
Matt Brown
e9c00b8395 Switch order to satisfy new refinement 2020-11-24 14:57:34 -05:00
Matt Brown
41af653bd4 Add support for some dependent types 2020-11-24 14:50:35 -05:00
Matt Brown
8ede667cad Remove debugging error 2020-11-24 08:06:26 -05:00
orklah
2bf25d5f50
Emit an issue when returning a Stringable object when a string is expected (#4657) 
* Emit an issue when returning a Stringable object when a string is expected

* Fix issue in Psalm codebase
 2020-11-24 00:18:24 -05:00
Benjamin Morel
5748a4e25a
Fix PdoStatementReturnTypeProvider (#4683) 
* Fix PdoStatementReturnTypeProvider

Methods returning scalars may return null as well.

* Fix tests
 2020-11-23 18:41:12 -05:00
Olivier Doucet
70a130f11e
add CodeClimate output format (#4387) 
* add CodeClimate output format

* cosmetic fixes

* add CodeClimate output format

* cosmetic fixes

* phpcs fixes
 2020-11-23 15:34:51 -05:00
orklah
b6cb9785ac
Prevent illegal array keys (#4660) 
* Emit an issue when an array-key is not legal

* tests
 2020-11-23 15:20:39 -05:00
Markus Staab
e5493f59cd
Mark finfo_open and finfo_file as impure (#4678) 
* Mark finfo_open and finfo_file as impure

* fix CS
 2020-11-23 15:19:50 -05:00
erikjwaxx
25d8c6d21e
Narrow inference of $a <=> $b from "int" to "-1|0|1" (#4680) 
* A <=> operator has a literal type of -1|0|1 and not simply int

* Test to verify inferred type of $a <=> $b is -1|0|1
 2020-11-23 13:10:51 -05:00
Markus Staab
d151f1c36e
mark file_get_contents as impurce (#4679) 2020-11-23 11:33:30 -05:00
Markus Staab
387bfbd9e0
is_file and is_dir should be impure (#4676) 
* `is_file` and `is_dir` should be impure

* newline

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-23 09:53:39 -05:00
Matt Brown
8325317e16 Fix #4674 - is_readable should be impure 2020-11-23 08:54:11 -05:00
Matt Brown
10c0bcc4e2 Fix #4674 - is_readable should be impure 2020-11-23 08:45:27 -05:00
Matt Brown
17ceba5c06 Fix bug 2020-11-22 23:32:14 -05:00
Matt Brown
f164a45843 Fix bugs 2020-11-22 19:45:54 -05:00
Matt Brown
9a03a9a5d0 Move param taint sink addition after arguuments have been analysed 2020-11-22 19:39:40 -05:00
Matt Brown
853432a6aa Fix tests 2020-11-22 16:24:33 -05:00
Matt Brown
6399707dd6 Prevent flows through TaintedInput-suppressed files 2020-11-22 16:04:57 -05:00
Matt Brown
b782dd4225 Make sure conditional escaping works for static methods too 2020-11-22 13:39:32 -05:00
Matt Brown
af008953a8 Fix #4661 - support conditional escaping for functions 2020-11-22 13:24:33 -05:00
Matt Brown
bd612c476c Break apart large function 2020-11-22 13:24:33 -05:00
Matt Brown
2c77424e16 Fix #4656 - separate UnusedConstructor from UnusedMethod 2020-11-22 11:48:17 -05:00
orklah
97f0a78ac1
Only crash Psalm when the faulty file is in project (#4658) 2020-11-22 09:07:00 -05:00
orklah
a3217265ce
null operations should return mixed results (#4655) 2020-11-22 09:06:03 -05:00
Matt Brown
0d0ed8be15 Fix slash 2020-11-22 09:04:44 -05:00
Matt Brown
60b3086b9a Fix #4609 - add more attribute rules 2020-11-22 01:15:52 -05:00
Matt Brown
66d574b82e Fix #4475 - verify that used attributes actual use the Attribute attribute 2020-11-22 00:52:56 -05:00
Matt Brown
11825a2cc2 Fix #4611 - flag invalid attribute arguments correctly 2020-11-22 00:44:44 -05:00
Matt Brown
1fc1cae1d5 Fix #4615 - ensure promoted properties are not treated as uninitialized 2020-11-22 00:32:02 -05:00
Matt Brown
6b1112e6ea Fix #4653 - prevent crash with recursive type in root namespace 2020-11-22 00:26:14 -05:00
Matt Brown
baca927aab Fix #4643 - use PHP8 union types when possible 2020-11-21 22:50:56 -05:00
Matt Brown
efafe2edd5 Add instanceof check 2020-11-21 20:15:13 -05:00
Matt Brown
19bb4aba56 Remove unnecessary coercion 2020-11-21 18:26:55 -05:00
Matt Brown
df2ec48018 Don’t erase already-known literal ints 
Fixes #4644
 2020-11-21 18:26:13 -05:00
Matt Brown
f0ae0e5cb4 Break aparat type combiner 2020-11-21 18:11:29 -05:00
orklah
f21f6f40e5
return string in phpdoc for a literal class-string (#4652) 2020-11-21 17:42:53 -05:00
orklah
98370b65d7
avoid formating useless type (#4651) 2020-11-21 17:42:26 -05:00
Lukas Reschke
ffb0c4ae17
Implement variadic taint propagation (#4649) 
* Implement variadic taint propagation

* Lint code
 2020-11-21 17:41:40 -05:00
orklah
ae0486529e
Unused psalm-suppress (#4646) 2020-11-21 17:39:40 -05:00
orklah
509a937d1b
use int|string in phpdoc format for array-key (#4645) 2020-11-21 17:38:40 -05:00
Lukas Reschke
3943b55f8a
Add psalm-flow for string functions from sscanf to wordwrap (#4591) 
* Add string functions from sscanf to wordwrap

This should conclude all string functions from https://www.php.net/manual/en/book.strings.php

Continuation of https://github.com/vimeo/psalm/pull/4576

Ref https://github.com/vimeo/psalm/issues/3636

* Add StrTrReturnTypeProvider

* Fix psalm error

* phpcs

* Line length

* Ignore false return on vsprintf

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-21 17:35:07 -05:00
Matt Brown
23ab0f1ddb Allow Psalm to run in taint analysis mode without a config 2020-11-20 19:02:44 -05:00
Matt Brown
67478949c2 Allow mixed in PHP 8 for manipulation 2020-11-20 18:53:48 -05:00
orklah
6b72599ec5
allow static return type in PHP8 (#4641) 2020-11-20 18:46:35 -05:00
Matt Brown
1cead18760 Fix #4637 - prevent regression when negating function call with === false 2020-11-20 09:56:53 -05:00
Dalibor Karlović
da632ca73a
feature: allow plugin manager to work without config file (#4639) 2020-11-20 09:54:14 -05:00
Matt Brown
ce8938263e Fix #4636 - prevent crashes on aliased classes 2020-11-20 09:29:24 -05:00
Matt Brown
c562e1dd52 Don’t taint foreach keys with array-fetch 
We could use array-keyfetch or similar, but for now gives false-positives
 2020-11-19 19:08:59 -05:00
orklah
e04f219948
return static instead of self when static context detected (#4632) 
* return this instead of self when static context detected

* replace $this by static
 2020-11-19 19:02:25 -05:00
Matt Brown
78d644d1a1 Change TaintedText to TaintedCallable 2020-11-19 19:01:19 -05:00
Matt Brown
4c315ec45c Closure calls aren’t sinks 2020-11-19 18:44:36 -05:00
Lukas Reschke
78f4a0691c
Add dedicated types for 'file', 'header' and 'cookie' (#4630) 
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
 2020-11-19 17:47:29 -05:00
Matt Brown
70c9fd97c7 Return empty instead of throwing 2020-11-19 16:25:53 -05:00
Matt Brown
ead63894a1 Fix formatting 2020-11-19 16:09:30 -05:00
Matt Brown
b5d4b59c33 Be more refined 2020-11-19 15:57:05 -05:00
Matt Brown
de49892525 Fix #4626 - array_key_exists should infer type for first arg where possible 2020-11-19 15:40:27 -05:00
Matt Brown
ff3fff56d4 Simplify assertion negations, centralising as much as possible 
Now the flag passed to scrapeAssertions just determines the errors emitted
 2020-11-19 14:32:49 -05:00
Matt Brown
7803cc228b Revert "Fix #4624 - allow in_array to work with list arrays" 
This reverts commit 08ae85a735.
 2020-11-19 12:49:26 -05:00
Matt Brown
08ae85a735 Fix #4624 - allow in_array to work with list arrays 2020-11-19 09:26:41 -05:00
Matt Brown
7c02fa76d1 Fix #4620 - reconciled literal strings cannot carry taints 2020-11-19 09:06:25 -05:00
Matt Brown
95de6cf177 Allow immutable classes to be specialised through calls 2020-11-19 01:38:20 -05:00
Matt Brown
d60abaf858 Unfix fixes 2020-11-18 19:19:07 -05:00
Matt Brown
8dd229f6c0 Only ignore literal flows when tainting 2020-11-18 18:43:41 -05:00
Matt Brown
be275ae972 Fix #4605 - taint parent-declared property 2020-11-18 13:34:47 -05:00
Matt Brown
39c508f9d1 Fix #4603 - fix arithmetic to prevent end column 0 2020-11-18 13:19:54 -05:00
Matt Brown
236292ff05 Fix #4600 - set attributes in a bunch of places 2020-11-18 12:44:59 -05:00
Lukas Reschke
ddbfbb28e6
Split LDAP into custom category (#4604) 
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
 2020-11-18 11:39:36 -05:00