danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-11-26 20:34:47 +01:00
Code Issues Projects Releases Wiki Activity
8,060 Commits 43 Branches 314 Tags 108 MiB
a9235b6ee9
Commit Graph

100 Commits

Author SHA1 Message Date
Adrien LUCAS
f9cbc07fb7
Avoid false positives for taint specialized calls even when not using a variable (#4948) 2021-01-29 11:47:28 +01:00
Adrien LUCAS
63ddceaf8e
Taint specialized calls even when not using a variable (#4940) 2021-01-29 11:47:27 +01:00
Matt Brown
c4b1c63dd1
Taint all when conditional return is used 
Ref #4792
 2021-01-29 11:47:16 +01:00
Matt Brown
b21e138cc7
Allow nested specialisation 2021-01-29 11:47:15 +01:00
Matt Brown
309c13700d
Fix #4769 – don’t use unique ids for new generated nodes 2021-01-29 11:47:15 +01:00
Matt Brown
a0fee98962
Move param taint sink addition after arguuments have been analysed 2021-01-29 11:46:22 +01:00
Matt Brown
aa4be209fc
Make sure conditional escaping works for static methods too 2021-01-29 11:46:22 +01:00
Matt Brown
30ee5334a1
Fix #4661 - support conditional escaping for functions 2021-01-29 11:46:22 +01:00
Lukas Reschke
b2143f1da5
Implement variadic taint propagation (#4649) 
* Implement variadic taint propagation

* Lint code
 2021-01-29 11:46:19 +01:00
Lukas Reschke
4de2bf8f7f
Add psalm-flow for string functions from sscanf to wordwrap (#4591) 
* Add string functions from sscanf to wordwrap

This should conclude all string functions from https://www.php.net/manual/en/book.strings.php

Continuation of https://github.com/vimeo/psalm/pull/4576

Ref https://github.com/vimeo/psalm/issues/3636

* Add StrTrReturnTypeProvider

* Fix psalm error

* phpcs

* Line length

* Ignore false return on vsprintf

Co-authored-by: Matthew Brown <github@muglug.com>
 2021-01-29 11:46:19 +01:00
Matt Brown
02b1cc2288
Change TaintedText to TaintedCallable 2021-01-29 11:46:17 +01:00
Lukas Reschke
2ad5eee193
Add dedicated types for 'file', 'header' and 'cookie' (#4630) 
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
 2021-01-29 11:46:16 +01:00
Matt Brown
43187a0e19
Fix #4620 - reconciled literal strings cannot carry taints 2021-01-29 11:46:15 +01:00
Matt Brown
005f394d8e
Allow immutable classes to be specialised through calls 2021-01-29 11:46:15 +01:00
Matt Brown
c3658e2590
Fix #4605 - taint parent-declared property 2021-01-29 11:46:15 +01:00
Lukas Reschke
ce05165384
Split LDAP into custom category (#4604) 
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
 2021-01-29 11:46:14 +01:00
Matt Brown
3b8a76d520
Fix #4599 - propagate taints to parent callers where necessary 2021-01-29 11:46:14 +01:00
Lukas Reschke
99d094b5e0
Add SSRF sinks (#4592) 2021-01-29 11:46:14 +01:00
Matt Brown
5246841b12
Fix tests 2021-01-29 11:46:14 +01:00
Matt Brown
a4b56c9292
Simplify tainted output a bit, removing duplicate paths 2021-01-29 11:46:13 +01:00
Matt Brown
a7cc439db0
Don’t propagate taints to child constructor args 2021-01-29 11:46:13 +01:00
Matt Brown
2c69618347
Break out TaintedInput issues into a lot of separate ones 2021-01-29 11:46:13 +01:00
Lukas Reschke
ff55dba130
Add sinks for popen and proc_open (#4572) 
User input in those two functions could lead to a RCE.

popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
 2021-01-29 11:46:11 +01:00
Adrien LUCAS
9ab0ab9472
Add a proxy capability to the flow annotation (#4495) 
* Add a `passthru` capability to the flow annotation

* Fix passthru-calls type

* Fix types and rename to proxy

* Allow to proxy a method

Co-authored-by: Matthew Brown <github@muglug.com>
 2021-01-29 11:46:07 +01:00
Matt Brown
b68995582e
Preserve reconciled taints for all but non-string scalar types 2021-01-29 11:46:05 +01:00
Matt Brown
63953d5676
4.x - refactor unused variable detection 
This turns unused variable detection into an explicit control-flow problem, where before we had a more simplistic mark-and-sweep algorithm
 2021-01-29 11:39:44 +01:00
orklah
e3e5a55907
unused use statements (#4228) 2021-01-29 11:39:42 +01:00
Brown
dbe4b4c708
Localise taint analysis better 2021-01-29 11:39:40 +01:00
orklah
db45ff1ba4
More return types (#4173) 
* add native return types

* redundant phpdoc
 2021-01-29 11:38:57 +01:00
Bruce Weirdan
1cc4715740
Fix windows tests (#4040) 
* Fix windows tests by not mangling the expectations

* Use platform-dependent directory separator in expected messages

* fix CS
 2021-01-29 11:38:04 +01:00
Adrien LUCAS
d44130191b
Allow taint through strval sprintf (#3836) 
* Add psalm-flow to strval

* Unexpected behavior with implode
 2020-07-17 10:12:04 -04:00
Brown
67b2edc328 Allow more things to be suppressed with @psalm-suppress TaintedInput 2020-07-02 11:53:51 -04:00
Brown
ae7c5b095b Fix #3712 - allow taints to be suppressed with @psalm-suppress 2020-07-01 23:23:45 -04:00
Tyson Andre
e3d59bf5d4
Support taint detection on Throwable::getTraceAsString() (#3731) 
And `__toString()`, which uses getTraceAsString().

Fixes #3696

```php
function login($username, $password, $secret) {
    throw new RuntimeException('login failure');
}
try {
    login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
    // This output includes unescaped 'pass' and SECRET
    echo $e, "\n";
    echo $e->getTraceAsString();
}
```
 2020-07-01 21:27:40 -04:00
Tyson Andre
b0a3de47e8
Mark create_function() as a taint sink (#3729) 
create_function() is a thin wrapper around eval().
Fixes #3723
 2020-07-01 18:09:30 -04:00
Brown
cb0f65dd91 Skip taint tests in Windows 2020-07-01 09:49:52 -04:00
Brown
671009a70c Specialize constructor taints cc @TysonAndre 2020-06-29 21:08:43 -04:00
Brown
e56483bb54 Fix #3711 - generalize call of specialized class without specializations 2020-06-29 17:42:01 -04:00
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
45c21853e5 Fix #3709 - don’t crash on inherited __toString tainting 2020-06-29 12:11:11 -04:00
Matthew Brown
18f9e7487b
Remove string cast 
Cc @TysonAndre
 2020-06-29 09:54:07 -04:00
Brown
38977d797e Fix #3697 - cast types via implied __toString method 2020-06-29 09:13:19 -04:00
Brown
559b3d3471 Fix #3681 - taint exit like echo 2020-06-25 17:17:08 -04:00
Brown
07f7e5ccaf Reconciling should preserve taints 
Fixes #3680
 2020-06-25 17:04:18 -04:00
Brown
9837a60853 Fix #3675 - add taints to filter_var return 
Doesn’t yet take callback into account
 2020-06-25 13:24:26 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
b8ebed0b85 Add a bit more accuracy 2020-06-25 01:00:11 -04:00
Brown
e26922010a Improve accuracy of array nesting checks 2020-06-25 00:50:52 -04:00
Brown
b84cf74754 Fix #3668 - taint property types for magic properties without @property 2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a Fix #3670 - taint mixed foreach access 2020-06-24 19:16:30 -04:00