danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-15 10:57:08 +01:00
Code Issues Projects Releases Wiki Activity
6,908 Commits 43 Branches 314 Tags 108 MiB
ab6df0a5d1
Commit Graph

5681 Commits

Author SHA1 Message Date
Brown
9837a60853 Fix #3675 - add taints to filter_var return 
Doesn’t yet take callback into account
 2020-06-25 13:24:26 -04:00
Brown
9e7650586b Fix bugs 2020-06-25 13:21:11 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
f458959af5 Add param type 2020-06-25 01:40:19 -04:00
Brown
d7f1bde6da Refactor taint acccess checks 2020-06-25 01:32:57 -04:00
Brown
b8ebed0b85 Add a bit more accuracy 2020-06-25 01:00:11 -04:00
Brown
e26922010a Improve accuracy of array nesting checks 2020-06-25 00:50:52 -04:00
Brown
b84cf74754 Fix #3668 - taint property types for magic properties without @property 2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a Fix #3670 - taint mixed foreach access 2020-06-24 19:16:30 -04:00
Brown
a6c7a48387 Add support for argument unpacking 
Ref #3670
 2020-06-24 18:43:15 -04:00
Tyson Andre
1670848267
Mark print() statement as the same sink type as echo (#3669) 2020-06-24 17:23:16 -04:00
Brown
de85e7c539 Fix blips 2020-06-24 13:19:14 -04:00
Brown
7a7cd91c24 Fix #3631 - better treatment for assignments in complex conditionals 2020-06-24 13:16:52 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Brown
c29b3744ec Change storage of out types 2020-06-24 11:51:31 -04:00
Brown
96d05ab06b Fix #3654 - use correct function id for namespaced functions 2020-06-23 16:53:11 -04:00
Brown
6a746b65ea Fix #3655 - taint encapsulated strings 2020-06-23 16:38:59 -04:00
Brown
13fc8a75fd Allow taints to flow where no return type exists 
Fixes #3652
 2020-06-23 15:52:19 -04:00
Brown
f46236ad71 Taint flows through preg_replace_callback 2020-06-23 15:28:31 -04:00
Brown
f72b609d42 Fix #3642 - detect missing property when name matches 2020-06-23 13:12:46 -04:00
Brown
4d6fc4d0ca Fix get_class($foo) === static::class checks 2020-06-23 13:11:19 -04:00
Brown
9b860214d5 Fix #3639 - allow coerced types to count when picking callmap options 2020-06-22 20:24:34 -04:00
Brown
1f86afece7 Revert "Fix #3631 - apply assertions to RHS of equality in conditional" 
This reverts commit 9c17795545.
 2020-06-22 20:01:27 -04:00
Brown
fc8212e207 Fix static call specialisation via annotation 2020-06-22 18:40:43 -04:00
Tyson Andre
bee10a2eb4
Add a --debug-emitted-issues flag (#3637) 
And support --debug-by-line in psalter and psalm-refactor.
Those were previously not supported in getopt()

Fixes #3634
 2020-06-22 18:16:47 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
7f05b3c530 Add $_REQUEST as a taint source 
Ref #3636
 2020-06-22 17:16:15 -04:00
Tyson Andre
f2f5606ca8
Document other supported --report file names (#3633) 2020-06-22 15:21:16 -04:00
Brown
9c17795545 Fix #3631 - apply assertions to RHS of equality in conditional 2020-06-22 15:16:16 -04:00
Brown
d46283075d Add --taint-analysis to command line help 2020-06-22 11:39:46 -04:00
Brown
81e2745cf1 Add more options 2020-06-22 11:24:38 -04:00
Brown
dddc159694 Add explicit path object 2020-06-22 02:10:03 -04:00
Brown
36f1630e03 Add more steps for clearer output 2020-06-22 01:08:58 -04:00
Brown
02e8313c39 Allow taintedness to propagate to some stubbed methods 2020-06-21 18:07:39 -04:00
Brown
fbe3433edd Use escape terminology 2020-06-21 11:43:08 -04:00
Brown
07adecc6eb Use correct method id when creating taints 2020-06-21 02:06:08 -04:00
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
cbd7ba8ed8 Fix return type 2020-06-20 23:34:39 -04:00
Brown
10e4e9ac65 Fix #3617 - prevent crash when constant class doesn’t exist 2020-06-20 23:30:36 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00
Brown
8edee96d8d Fix taint regression 2020-06-20 18:10:01 -04:00
Brown
80ed1daf33 Allow static method mixin to invoke instance method 2020-06-20 18:05:35 -04:00
Brown
2ccec821f8 Fix #3624 - inherit magic property annotations from traits 2020-06-20 16:53:17 -04:00
Brown
2c5c9e95e1 Don’t add two @return docblocks after @method 2020-06-20 15:30:47 -04:00
Brown
edbeec2c6a Fix @method annotation namespacing 2020-06-20 15:18:22 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash (#3612) 2020-06-19 18:02:39 -04:00
Brown
51202c75ea Add taint docs 2020-06-19 11:56:12 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods (#3615) 2020-06-19 11:51:08 -04:00
Brown
b1c836e5f3 Improve specialisation after call 2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
078b8b7b1a Fix #3618 - add way to load non-analyzed files 2020-06-19 00:13:09 -04:00
Brown
eecdc43ce7 Remove stray commas 2020-06-18 20:15:38 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4 Track taints from all tainted arrays 2020-06-18 13:45:58 -04:00
Brown
7d9a99a956 Fix #3609 - interpret strings as regular static calls 2020-06-18 11:56:08 -04:00
Brown
f609a01497 Move static property fetch analyzer to own class 2020-06-18 11:53:24 -04:00
Brown
98622783ec Allow lists to have their types refined 
Fixes #3605
 2020-06-18 10:01:16 -04:00
Bruce Weirdan
6fb63903c1
Infer better types for magic constants used in const initializers (#3602) 
Fixes vimeo/psalm#3464
 2020-06-18 09:48:51 -04:00
Brown
137647a1a0 Fix #3603 - better typed value comparisons for loose equality 2020-06-18 09:31:38 -04:00
Brown
21e567832f Add API method for adding custom taint sources 2020-06-18 00:16:19 -04:00
Brown
7fc1f50f54 Fix potential nullref 2020-06-17 16:40:35 -04:00
Brown
4870774ea4 Allow falsable issues on DateInterval::$days 2020-06-17 16:28:26 -04:00
Brown
0a8b9b56ab Fix #3600 - conditional return should be removed before comparison 2020-06-17 12:57:50 -04:00
Jaik Dean
02b15b83ff
Fix argument types for Redis::zRevRangeByScore() and Redis::zRevRangeByLex() (#3597) 2020-06-17 11:50:03 -04:00
Teemu Koskinen
bfae4af030
tidyNode->child will be null if the node does not have any children (#3599) 
https://github.com/php/php-src/blob/master/ext/tidy/tidy.c#L696
 2020-06-17 09:29:23 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
 2020-06-15 22:36:42 -04:00
Brown
03e9649d49 Fix tainting of function calls absent taintable params 2020-06-15 20:59:48 -04:00
Brown
56ef220e49 Fix bugs in taint specialisation 2020-06-15 18:34:56 -04:00
Brown
bbada7ba8d Ensure correct vars are used 2020-06-15 17:16:12 -04:00
Brown
05cb39814c Improve performance of long switch checks 2020-06-15 16:23:19 -04:00
Brown
8c5a434dc8 Allow updating array by reference 2020-06-15 14:45:08 -04:00
Matthew Brown
8da80870e3 Optimise check 2020-06-14 22:07:04 -04:00
Matthew Brown
9a5089cc7e Wrap template as types for more explicit results 
Ref #3583
 2020-06-14 21:47:23 -04:00
Matthew Brown
081a284759 Fix #3567 - remember which variables a callable sets byref in use 2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650 Fix #3551 - count method can be impure 2020-06-14 11:06:53 -04:00
Matthew Brown
683bde9540 Fix #3573 - allow UnnecessaryVarAnnotation to be suppressed 2020-06-13 16:48:10 -04:00
Matthew Brown
19ba53f28c Fix too-long line 2020-06-13 16:45:54 -04:00
Matthew Brown
427f470806 Fix #3586 - ensure templated trait params more accurate 2020-06-13 16:37:39 -04:00
Matthew Brown
58a8cafaf2 Fix #3588 - a really long literal string is non-empty 2020-06-13 16:08:51 -04:00
Matthew Brown
edb2b4c5ef Get type of requires 2020-06-13 15:48:12 -04:00
Gabriel Ostrolucký
8ca7a88c41
Mark fgetcsv impure (#3582) 
fgetcsv standalone is used to skip current row for consecutive reads
 2020-06-13 00:32:00 -04:00
Andrei Petre
3497ca07b6
Extending final class is prohibited #3037 (#3576) 2020-06-13 00:29:59 -04:00
Bruce Weirdan
a99f92ae3a
Fix vimeo/psalm#3572 (#3575) 
session_decode has side effects
 2020-06-13 00:28:56 -04:00
Brown
9bfe50b20a Always analyse cast expressions 
Fixes #3577
 2020-06-12 17:25:46 -04:00
Brown
211f014356 Fix #3571 - make callable():void valid for callable():?Foo 2020-06-12 14:26:31 -04:00
Brown
45ea5d0bfe Add a couple more shortcuts for common pattern 
Fixes #3563
 2020-06-12 11:18:34 -04:00
Brown
9ca6c868b7 Fix #3563 - add workaround for == true 2020-06-12 10:58:44 -04:00
Tim van Dijen
7fa48f3508
Fix return type for preg_grep (#3565) 2020-06-11 11:59:14 -04:00
Brown
f67b61f6cc Fix reconciliation of template param to literal string 
Fixes #3510
 2020-06-11 11:58:31 -04:00
Brown
16189782ab Inherit whether methods are sealed from parent 
Ref #3561
 2020-06-11 11:28:41 -04:00
Brown
ec0a4c7c96 Require ReflectionMethod get a class-string 2020-06-11 11:07:57 -04:00
Jáchym Toušek
c6611cfcd1
Update ext-ds stubs (#3559) 2020-06-10 17:27:39 -04:00
Gregor Harlan
235093ecc4
Add PharData::offsetGet/offsetExists to CallMap (#3557) 2020-06-10 17:26:22 -04:00
Brown
5617e9d7c9 Fix array_values call 2020-06-09 19:06:08 -04:00
Brown
286a8f911a Add support for static mixin calls 
Fixes #3552
 2020-06-09 18:39:52 -04:00
Andrei Petre
2eb0d34696
Fix #3521 - Add --set-baseline filename to --config file if present (#3547) 2020-06-09 09:18:52 -04:00
Joe Hoyle
b9311f62fb
Support global functions in getSymbolInformation and getSymbolLocation (#3477) 
* Support global functions in getSymbolInformation and getSymbolLocation

Currently codebase-wide defined function are not found in `Codebase::getSymbolLocation` or `Codebase::getSymbolInformation`. This means hovers via the LSP on functions not in the current file, or "go to definition" do not work for non-locally defined functions.

It looks to me that this might have been an oversight, as methods do support this.

For stubbed functions, "go to definition" will open the stub file, which is also quite hadny.

* No need to catch expections, they are already in a try block.

* Add empty checks returning null

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-06-08 11:20:54 -04:00
Brown
a6c0991073 Fix #3532 - expand type alias types recursively 2020-06-07 12:01:04 -04:00
Matthew Brown
91e76f7173 Fix #3536 - Make method return type provider aware of original called method 2020-06-06 23:35:08 -04:00
Matthew Brown
0ac739fd48 Fix #3534 - allow magic method call on mixin 2020-06-06 23:28:32 -04:00